Privacy Policy
Last updated: April 17, 2026
1. Introduction
Pronto (“Company”, “we”, “us”, or “our”) is committed to protecting your personal data. This Privacy Policy explains what data we collect when you use trypronto.app (“Service”), how we use it, and your rights regarding that data. This policy is compliant with the General Data Protection Regulation (GDPR) and other applicable privacy laws.
2. Data We Collect
We collect the following categories of personal data:
Account & Identity Data
- Email address (used for login and communication)
- Password (hashed; we never store plaintext passwords)
- Name and business information you provide during onboarding
Business Data You Input
- Client names, contact details, and appointment history
- Sales and transaction records
- Inventory items and employee information
- Any other data you voluntarily enter into the Service
Usage & Technical Data
- IP address and browser/device type
- Pages visited and actions taken within the Service
- Error logs and diagnostic data
Payment Data
We do not store payment card data. All payment processing is handled by Paddle. We receive only order confirmations and subscription status from Paddle.
3. How We Use Your Data
We use the data we collect to:
- Create and manage your account and provide the Service.
- Process payments and manage your subscription via Paddle.
- Send transactional emails (account confirmation, password reset, invoices).
- Respond to support requests and improve the Service.
- Detect and prevent fraud, abuse, and security incidents.
- Comply with legal obligations.
We do not sell your personal data to third parties. We do not use your data for advertising profiling.
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), our legal basis for collecting and using personal data is:
- Contract performance — to provide the Service you signed up for.
- Legitimate interests — to improve the Service, prevent fraud, and ensure security.
- Legal obligation — to comply with applicable laws and regulations.
- Consent — for any optional communications or features where we ask for it explicitly.
5. Third-Party Services
We use the following third-party services to operate the platform:
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Database, authentication, file storage | All account and business data |
| Paddle | Payment processing & billing | Email, subscription details |
| Resend / SMTP | Transactional email delivery | Email address |
| Vercel | Hosting & CDN | IP address, request logs |
Each provider operates under their own privacy policy and data processing agreements.
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your data within 30 days, except where retention is required by law (e.g., financial records).
7. Data Security
We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. However, no method of transmission over the internet is completely secure.
8. Your Rights
Depending on your location, you may have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate data.
- Erasure — request deletion of your personal data (“right to be forgotten”).
- Restriction — request that we limit how we use your data.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
9. Cookies
We use essential cookies for authentication and session management. We do not use tracking or advertising cookies. You can configure your browser to refuse cookies, but this may prevent you from logging in to the Service.
10. Children’s Privacy
The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service. We encourage you to review this page periodically.
12. Contact
For privacy-related questions or to exercise your rights, please contact us at: