Data Processing

This page describes how Focuslyne ("we", "us", or "our") processes personal data in connection with the Focuslyne scheduling and booking platform offered under the trading name Focuslyne. It is aimed at professionals who use Focuslyne and at anyone seeking transparency about how client and invitee data may be handled through the product.

Our registered address is Lisbon, Portugal. For data processing enquiries, contact info@focuslyne.com.

This page is provided for transparency about how Focuslyne processes personal data in connection with the service. It does not by itself create a separate Data Processing Agreement unless Focuslyne and a customer expressly agree to that in writing.

This page is intended to support GDPR-style transparency about controller and processor roles where those concepts apply. Please read it together with our Privacy Policy, Terms of Service, and Cookie Policy.

Unless a separate written agreement says otherwise, related contractual questions are generally governed by the Terms of Service.

How data protection law classifies each party can depend on the facts, the jurisdiction, and how each feature is used. The summary below is intended as practical product transparency.

Professionals (Focuslyne account holders) may act as independent controllers for their own client relationships, the services they deliver, booking form fields they configure, communications they send or enable, and legal obligations they owe to clients or invitees.

Focuslyne may act, depending on context, as:

• a controller (or equivalent) for data needed to operate the platform — for example account registration and authentication, subscription billing where applicable, security and abuse prevention, website and app administration, support, error monitoring where configured, analytics where configured, and our own legal and accounting obligations; and
• a processor or service provider for data processed on behalf of professionals to deliver scheduling features — for example booking records, client or invitee contact details submitted through public booking flows, custom field responses, calendar availability and sync-related data, notification and reminder delivery data, and similar operational data tied to a professional's use of the product.

Where Focuslyne processes personal data as a processor, the professional's instructions are typically reflected in their account configuration, event types, integrations they connect, and their use of the service. Any stricter or different obligations must be set out in a separate written agreement.

This description covers processing related to:

• public booking pages and shareable booking links;
• appointment scheduling, slot selection, and conflict prevention;
• availability management and calendar-related data;
• calendar sync and connected calendar providers (for example Google or Microsoft) when a professional connects them;
• booking notifications and reminders (including email and, where enabled, WhatsApp Business messages);
• custom booking fields configured per event type;
• client and invitee information submitted through booking flows;
• optional online booking payments, payment status, refunds, and disputes where the product supports them;
• Stripe Connect metadata and routing where Connect is enabled for booking payments;
• WhatsApp opt-in, consent snapshots, template readiness, and delivery-related records where the integration is enabled;
• transactional and operational email delivery (for example via Resend); and
• integrations such as Google, Microsoft, Zoom, Stripe, Meta / WhatsApp, and email infrastructure — only where configured and used in your environment.

Not every deployment enables every integration or feature; availability depends on plan, configuration, and environment settings.

Depending on use of Focuslyne, relevant categories may include:

• Professional account data: name, email, authentication identifiers, timezone, profile and notification preferences, and similar account attributes.
• Business / profile / booking page data: public display name, descriptions, optional contact details or links you choose to show, event type configuration, and manual payment instructions where supported.
• Client / invitee booking data: name, email, phone where provided, and other details submitted to request or manage an appointment.
• Custom field responses: answers to configured fields (for example short text, long text, phone, address, single choice, checkbox), stored as defined by the product.
• Notes and communications: booking notes, messages in transactional templates at a high level, and records needed to deliver notifications.
• Payment and billing metadata: subscription billing with Stripe for Focuslyne plans; for optional booking payments — amounts, currency, status, refund and dispute summaries as mirrored from Stripe for operations (not full card data).
• Integration metadata and tokens (high level): connection status, provider identifiers, and encrypted OAuth or WhatsApp tokens where the product stores them — not user-visible secrets in the UI.
• Calendar availability / free-busy data: data needed to compute open slots and sync events when calendar integrations are connected.
• Notification consent and delivery data: opt-in records where applicable, template identifiers, delivery status from providers where available, and operational suppression or quota counters where implemented.
• Technical and security logs: server and application logs used for security, reliability, and abuse prevention, subject to configuration and retention practices described in the retention and security sections of this page and our Privacy Policy.

• Focuslyne account holders (professionals);
• team members or admin users on an account, if and when the product supports them;
• clients and invitees who book or interact through public booking pages;
• individuals mentioned in booking notes, custom fields, or communications where a professional includes them;
• people who contact us via support or the contact page;
• website visitors, where technical data is collected in line with our policies.

Processing may occur for purposes such as:

• providing, operating, and maintaining the service;
• creating, updating, and managing bookings;
• preventing double bookings and enforcing scheduling rules;
• sending booking confirmations, reminders, and operational messages;
• operating connected integrations (calendars, video, messaging, payments);
• processing payments, refunds, and payment statuses where applicable;
• handling support requests;
• security, fraud prevention, abuse detection, debugging, and reliability;
• legal, regulatory, tax, and accounting obligations applicable to Focuslyne; and
• product improvement and analytics only where permitted by applicable law and, where relevant, your settings and agreements.

Where Focuslyne acts as a processor, we process personal data to provide the service in line with the professional's instructions as reflected in the product — including event types, booking fields, integrations they enable, notification choices, and their use of dashboards and APIs.

Professionals are responsible for ensuring that their instructions, collection practices, and configured fields are lawful and proportionate. They should not use custom fields to collect unnecessary sensitive or special-category data unless they have an appropriate lawful basis and safeguards under applicable law.

If a professional requires processing outside standard product behaviour, it must be agreed separately in writing.

Where Focuslyne acts as a processor, we aim to:

• process personal data only as needed to provide the service or as required by applicable law;
• ensure that personnel and engaged service providers who handle personal data are bound by appropriate confidentiality or contractual obligations where required;
• implement reasonable technical and organisational measures, as further described in this Security measures section;
• assist professionals with data subject requests where we are legally required to do so and where assistance is feasible;
• notify professionals of personal data breaches in line with applicable law and any agreed contract terms; and
• delete or return data in line with product functionality, legal requirements, and the retention criteria described in section 15 and our Privacy Policy.

Professionals are typically responsible for:

• their own privacy notices, policies, and transparency toward clients;
• lawful bases and transparency for collecting client or invitee data;
• configuration of booking fields and what they ask clients to provide;
• client-facing communications and service delivery;
• refund, cancellation, and service policies they advertise;
• responding to client or invitee rights requests where they act as controller — we may forward requests or assist where required;
• keeping account credentials secure; and
• lawful use of connected integrations and third-party accounts.

Focuslyne relies on categories of service providers and infrastructure partners. The list may evolve. Current categories are described in the “Subprocessors and third-party providers” section of this page.

Categories may include, depending on configuration:

• Supabase — database, authentication, and related infrastructure where used;
• Vercel — hosting and deployment;
• Stripe — SaaS subscription billing, optional booking payments, Stripe Connect, and payment-related records;
• Resend — transactional and operational email delivery;
• Google / Microsoft / Zoom — when a professional connects those integrations;
• Meta / WhatsApp Business — when WhatsApp messaging is enabled;
• Upstash Redis — rate limiting or related controls when configured;
• Sentry — error monitoring when configured; and
• Analytics providers — only where explicitly configured and permitted.

Focuslyne may update subprocessors. Where legally or contractually required, we will provide notice in line with the “Subprocessors and third-party providers” section of this page and any separate written agreement in place.

Personal data may be processed in countries other than the professional's or client's country of residence, including outside the European Economic Area, depending on where our infrastructure and subprocessors operate.

Where required, we rely on appropriate safeguards such as standard contractual clauses, adequacy decisions, or other contractual or legal mechanisms.

Focuslyne implements reasonable technical and organisational measures appropriate to the nature of the service. Examples aligned with the current product (non-exhaustive, and not a certification claim) include:

• access controls and authentication for the application;
• encryption of certain integration tokens at rest where implemented in the codebase;
• rate limiting and abuse prevention where configured (for example via Upstash);
• logging and monitoring for operations and security; and
• infrastructure controls provided by our hosting and database vendors as part of their services.

Further detail for transparency purposes appears in this Security measures section. We do not claim ISO 27001, SOC 2, or similar certifications unless confirmed in writing for publication.

If we become aware of a security incident affecting personal data, we will assess it and take reasonable steps to contain, investigate, and remediate the issue.

Where applicable law or a separate written agreement requires notification to affected customers or professionals, we will provide information without undue delay, subject to the need to establish facts, coordinate with providers, and follow law enforcement or regulatory constraints. Specific notice timing and content may depend on applicable law, the facts of the incident, provider input, and any agreement in place.

Professionals may have their own legal duties to notify clients or regulators; they should seek independent advice.

Individuals may exercise rights under applicable data protection law (such as access, rectification, erasure, restriction, objection, or portability, where available).

Where a professional is the controller for client or invitee data, they are typically responsible for responding to those individuals. Where Focuslyne acts as a processor, we will assist the professional as required by law and where feasible.

Where Focuslyne acts as a controller for its own processing, requests may be sent to info@focuslyne.com. Further detail appears in our Privacy Policy.

We retain personal data only as long as needed for the purposes described in this page, including providing the service, legal and accounting obligations, dispute resolution, security, fraud prevention, backups, and operational resilience.

Retention periods depend on the type of data, account status, product configuration, legal and accounting obligations, security needs, backup cycles, dispute resolution, and operational requirements.

Deletion, export, or return of data may depend on product capabilities (for example whether self-service export exists for a dataset), technical constraints, and statutory retention. Backup copies and aggregated logs may persist for a period after deletion from primary systems; we do not promise instantaneous purging from all media.

Focuslyne may provide reasonable information to help customers assess compliance, for example summaries of security practices or subprocessor updates, where appropriate and subject to confidentiality.

This page does not grant broad on-site audit rights, unlimited questionnaires, or certification guarantees unless expressly agreed in a separate written contract.

Stripe processes full payment method details when checkout or billing flows run on Stripe's infrastructure. Focuslyne does not store full card numbers for those flows in the role described here.

Focuslyne may store payment and billing metadata needed to operate SaaS subscriptions, optional booking payments, refunds, disputes, and — where enabled — Stripe Connect routing and account status. SaaS billing for the Focuslyne subscription and optional booking payments are distinct contexts; professionals using Connect are also subject to Stripe's own terms and privacy notices for their connected account activity.

WhatsApp Business notifications operate only where the integration is enabled, configured, and permitted for the account, and where applicable opt-in or consent requirements are met (for example positive opt-in captured at booking where the product implements it).

Related processing may include phone numbers, consent text snapshots, template names and approval status, message delivery statuses, webhook payloads at a high level, and usage or suppression records used to respect user preferences and quotas where implemented.

Focuslyne is not positioned here as a bulk marketing messaging platform; transactional and operational notifications tied to bookings are the primary scope.

We may update this page from time to time to reflect product, legal, or organisational changes. The “Last updated” date at the top of this page will be revised when we publish substantive changes.

Material changes may be communicated through the website, the app, or email where appropriate and where we have contact details. Continued use of the service after notice may be treated as acceptance of updates to the extent permitted by law and your contract.

For questions about this page or data processing arrangements, contact info@focuslyne.com.

Focuslyne
Lisbon, Portugal

Related pages: Privacy Policy, Terms of Service, and Contact.