Legal Information

Privacy Policy

Last updated: June 21, 2026

This Privacy Policy explains how Kleise Rantevou collects, uses, shares, stores, and protects personal data across our business dashboard, mobile app, website, and public booking pages.

1. Introduction

Welcome to Kleise Rantevou.

Kleise Rantevou is a Software-as-a-Service (SaaS) booking and business management platform operated by Andreou Innovations LTD. Our platform helps businesses create online booking pages, manage appointments, staff, services, business hours, notifications, and subscription access.

This Privacy Policy explains how we collect, use, store, share, and protect personal data when you use kleise-rantevou.com, related dashboard services, mobile applications, public booking pages, and associated business subdomains such as business-name.kleise-rantevou.com.

This policy applies to Business Owners, Staff Members, and Customers who book appointments through businesses using our platform.

In this Privacy Policy, "Business" means the business account using Kleise Rantevou, including the Business Owner and any authorized Staff Members acting on behalf of that business.

2. Our Role Under GDPR

Under the General Data Protection Regulation (GDPR), our role depends on how the platform is used.

A. When We Act as Data Controller

We act as a Data Controller when we decide why and how personal data is processed.

This mainly applies to Business Owners and Staff Members using our dashboard, account system, subscription billing, support, security, platform administration, and direct communications with Kleise Rantevou.

B. When We Act as Data Processor

We act as a Data Processor when we process Customer booking data on behalf of a Business.

When a Customer books an appointment through a business booking page, the relevant Business is usually the Data Controller for that Customer booking data. We process that data to provide the booking, calendar, notification, customer communication, staff coordination, and appointment management services requested by the Business.

The relevant Business may include the Business Owner and authorized Staff Members who need access to Customer booking data to manage appointments, provide services, contact Customers, or maintain appointment records.

The Business decides what Customer or client information is entered into its account, client profiles, appointment notes, internal notes, and booking records. Where we process that information for the Business, we do so to provide the platform and related services according to the Business's instructions, subject to this Privacy Policy, our Terms, and any applicable data processing agreement.

3. Information We Collect

We collect different types of information depending on whether you are a Business Owner, Staff Member, Customer, or visitor using our website, dashboard, mobile app, or public booking pages.

A. Business Owner Account Data

When a Business Owner registers or uses the platform, we may collect:

Account Information: Name, email address, authentication identifiers, login method, and account status.
Business Profile Data: Business name, description, industry/category, booking URL tag, branding preferences, theme settings, and public booking page information.
Contact and Location Data: Business email, phone number, address, city, region, postal code, country, and timezone.
Brand Assets: Business logo, cover image, gallery images, and other uploaded files.
Subscription Data: Plan type, subscription status, trial status, renewal/cancellation status, Stripe customer ID, Stripe subscription ID, billing portal activity, and payment-related status information.
Usage Data: Dashboard activity, booking volume, message usage, analytics, and feature usage.

B. Staff Member Data

When a Business adds or invites Staff Members, we may process:

Staff Profile Data: Staff name, role, assigned services, profile photo, and availability.
Staff Account Data: Email address, invitation status, authentication identifiers, and business access permissions.
Schedule Data: Working hours, availability rules, day-off overrides, assigned bookings, and calendar activity.
Access Data: Information about which business account the Staff Member belongs to and what dashboard features they may access.

C. Customer Booking and Client Profile Data

When a Customer books an appointment through a business booking page, or when a Business creates or updates a client profile, we may collect and process the following on behalf of the relevant Business:

Contact Data: Customer/client name, phone number, optional email address, and optional booking comments.
Appointment Data: Selected services, assigned staff, date, time, duration, price, currency, surcharge information where applicable, status, and confirmation code.
Booking Management Data: Cancellation status, confirmation links, reminder status, appointment history, and booking-related communications.
Optional Client Details: Businesses may optionally store details such as a client reference number, occupation, date of birth, sex/gender, tags, and similar service-related profile details where relevant and permitted by law.
Private Business Notes: Businesses may add private client notes or private appointment notes for internal appointment management, service delivery, customer care, record keeping, or business administration.

Kleise Rantevou does not require Businesses to enter government ID numbers, passport numbers, national identification numbers, medical information, health information, clinical information, treatment information, or other sensitive information into general client profiles or appointment notes.

If a Business chooses to enter any such information into free-text fields, client profiles, appointment notes, internal notes, tags, uploaded content, or similar areas of the platform, the Business is responsible for ensuring that the information is necessary, lawful, accurate, limited to what is needed, and handled in accordance with GDPR and any professional or sector-specific rules that apply to that Business.

Customer booking and client profile data may be visible to the relevant Business, including the Business Owner and authorized Staff Members who need access for appointment management, service delivery, Customer communication, record keeping, or business administration.

D. Automatically Collected Data

When you use our website, dashboard, mobile app, or booking pages, we may automatically collect:

Device and Log Data: IP address, browser type, device type, operating system, pages visited, timestamps, error logs, and device tokens for push notifications (if enabled by the user).
Security Data: Authentication logs, token/session information, suspicious activity indicators, rate-limit events, and abuse-prevention data.
Analytics Data: Usage patterns, feature interactions, traffic sources, and performance data collected through analytics tools where enabled.
Technical Data: Information needed to keep the platform functional, secure, reliable, and compatible with different devices and browsers.

4. How We Use Personal Data

We use personal data to provide, secure, operate, and improve Kleise Rantevou. Specifically, we may use personal data to:

Create and manage Business Owner and Staff Member accounts.
Create and display business booking pages.
Process appointment bookings, updates, reminders, confirmations, and cancellations.
Manage services, staff, availability, business hours, booking calendars, and appointment records.
Allow Businesses, including Business Owners and authorized Staff Members, to manage Customers and appointments.
Send appointment confirmations, reminders, service notifications, and support messages.
Send push notifications, email notifications, or SMS messages where enabled.
Manage free trials, paid subscriptions, plan limits, billing status, upgrades, cancellations, and customer portal access.
Provide booking analytics, business insights, and dashboard statistics.
Prevent fraud, spam, abuse, unauthorized access, and misuse of the platform.
Debug, monitor, maintain, and improve platform performance.
Comply with legal, accounting, tax, regulatory, and security obligations.

5. Legal Basis for Processing

Where GDPR applies, we rely on one or more legal bases depending on the context:

Contract: To provide our platform, dashboard, booking services, subscriptions, account access, and support.
Legitimate Interests: To secure the platform, prevent abuse, improve our services, analyze usage, maintain system reliability, and communicate important service updates.
Consent: Where required, for optional marketing communications, non-essential analytics, or certain notification preferences.
Legal Obligation: To comply with accounting, tax, legal, regulatory, and compliance requirements.
Processor Instructions: For Customer booking data, we generally process the data on behalf of the relevant Business according to the Business's instructions and our service agreement.

When a Business uses Kleise Rantevou to manage Customer bookings, client profiles, private notes, appointment notes, or Customer communications, the Business is usually responsible for having a lawful basis to collect, access, use, store, and manage that Customer or client data.

If a Business records identity-document information, health-related information, medical information, clinical information, treatment notes, or other special-category/sensitive information, the Business is responsible for identifying and documenting the appropriate lawful basis and any additional GDPR Article 9 condition, consent, professional duty, secrecy obligation, or legal requirement that applies to its own services.

6. Client Profiles, Notes, and Sensitive Information

Kleise Rantevou provides general client-management tools that Businesses can use for appointment management, customer service, and business administration.

Businesses are responsible for the content they and their authorized Staff Members enter into client profiles, booking comments, private client notes, private appointment notes, tags, custom fields, uploaded files, and similar areas of the platform.

Businesses must not use Kleise Rantevou to collect or store information that is unnecessary, excessive, unlawful, inaccurate, or unrelated to the services they provide.

Businesses should not enter government ID numbers, passport numbers, national identification numbers, health information, medical information, clinical information, treatment information, biometric data, criminal-offence data, or other sensitive/special-category information unless they have determined that it is necessary for their services and they have an appropriate lawful basis, transparency notice, consent where required, professional authority, retention rule, and security measures.

If a Business is a healthcare, physiotherapy, wellness, beauty, therapy, or similar provider and uses the platform to record health-related or treatment-related information, that Business is responsible for complying with all professional, ethical, medical, health-sector, confidentiality, retention, and data-protection obligations that apply to it in Cyprus, Greece, the EU, or any other relevant jurisdiction.

Kleise Rantevou may provide warnings, field labels, access controls, technical safeguards, and platform tools to support responsible use, but the Business remains responsible for deciding what client information is collected, why it is collected, who may access it, how long it is retained, and whether the Business has the required lawful basis and notices.

We may restrict, remove, suspend, or delete content or account access where we reasonably believe that the platform is being used unlawfully, abusively, insecurely, or in a way that creates unacceptable privacy, security, legal, or operational risk.

7. Public Booking Pages

Each registered Business may receive a public booking page under a subdomain such as business-tag.kleise-rantevou.com.

Information displayed publicly may include the business name, description, services, prices, staff names, staff photos, location, contact details, social media links, website links, branding images, opening hours, and booking availability.

Each Business is responsible for ensuring that the information published on its booking page is accurate, lawful, and does not infringe the privacy rights, image rights, intellectual property rights, or other rights of Staff Members, Customers, or third parties.

If a Business displays Staff Member names, photos, schedules, or services, the Business is responsible for ensuring it has the appropriate permission or legal basis to do so.

8. Payments and Subscriptions

Business Owner subscriptions are handled using third-party payment provider Stripe.

We do not store full card numbers or complete payment card details on our own servers. Stripe processes payment details securely. We may store billing-related identifiers and subscription metadata such as Stripe customer ID, Stripe subscription ID, plan type, subscription status, trial end date, current period end date, cancellation status, and payment status.

Customer appointment payments are not processed by Kleise Rantevou. Customers normally pay the Business directly during or after their appointment, depending on the Business's own payment policy.

If we later introduce additional paid features, plan limits, or billing options, we may process related subscription and billing metadata as needed to provide and manage those services.

9. Notifications, SMS, Email, and Marketing Tools

Our platform may allow Businesses to send booking confirmations, reminders, service notifications, push notifications, email messages, and SMS messages to Customers.

Where a Business uses communication or marketing tools, the Business is responsible for ensuring that messages are lawful, accurate, and sent with the appropriate consent or legal basis where required.

Authorized Staff Members may be able to send or manage communications on behalf of the Business. The Business is responsible for ensuring that Staff Members use these tools lawfully and only for authorized business purposes.

Customers who no longer wish to receive marketing or non-essential messages from a Business should contact that Business directly. For platform-level messages from Kleise Rantevou, you may contact us at team@kleise-rantevou.com.

10. Third-Party Service Providers

We do not sell personal data. We may share personal data with trusted third-party service providers only where necessary to operate, secure, and improve the platform.

These providers may include:

Google Firebase / Google Cloud: Authentication, database hosting, file storage, hosting, push notifications, analytics, infrastructure, and security.
Stripe: Subscription checkout, billing, payment processing, customer portal, invoices, and subscription management.
Email and SMS Providers: Sending confirmations, reminders, support emails, transactional messages, and optional marketing messages where enabled.
Analytics and Monitoring Tools: Understanding platform usage, diagnosing errors, improving performance, and detecting abuse.
Professional Advisers: Accountants, legal advisers, auditors, or compliance advisers where necessary.
Authorities: Courts, regulators, law enforcement, or public authorities where required by law.

Service providers are expected to process data only as needed to provide their services and to apply appropriate security protections.

11. International Data Transfers

Some of our service providers may process or store data outside Cyprus or the European Economic Area (EEA).

Where personal data is transferred internationally, we rely on appropriate safeguards where required by law, such as adequacy decisions, Standard Contractual Clauses, contractual protections, or other lawful transfer mechanisms.

Because Kleise Rantevou uses cloud-based infrastructure and third-party service providers, data may be processed in countries where those providers operate, subject to applicable legal safeguards.

12. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

A. Business Owner and Staff Data

We retain account, business, staff, subscription, and configuration data for as long as the business account remains active or as needed to provide the platform.

If a subscription is cancelled or inactive, the public booking page may be hidden or restricted according to the platform's subscription rules. Some billing, tax, fraud-prevention, security, and legal records may be retained for longer where required or permitted by law.

B. Customer Booking Data

Customer booking data is retained on behalf of the relevant Business. Businesses may need booking records for appointment history, customer service, dispute handling, accounting, staff coordination, or operational reasons.

Customers who want their booking data deleted should normally contact the Business they booked with, because the Business is usually the Data Controller for that booking data. This may include the Business Owner or authorized Staff Members acting on behalf of the Business.

We may assist Businesses with deletion requests where technically possible and legally appropriate.

C. Logs and Security Data

Security logs, technical logs, and abuse-prevention records may be kept for a limited period to protect the platform, investigate issues, prevent fraud, maintain service reliability, and comply with legal or security obligations.

13. Data Security

We use technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

These measures may include secure HTTPS connections, Firebase Authentication, token-based authentication, role-based access controls, restricted database rules, server-side authorization checks, access logging, rate limiting, and separation of sensitive subscription data from public business data.

However, no online service can guarantee absolute security. Users and Businesses are responsible for keeping login credentials secure and for controlling who has access to their business dashboard.

Business Owners are responsible for managing Staff Member access and removing access for Staff Members who should no longer use the business dashboard.

14. Your Data Protection Rights

Depending on your location and the applicable law, you may have the right to:

Access: Request a copy of personal data held about you.
Rectification: Request correction of inaccurate or incomplete data.
Erasure: Request deletion of personal data where legally applicable.
Restriction: Request restriction of certain processing activities.
Objection: Object to processing based on legitimate interests or direct marketing.
Data Portability: Request a copy of your data in a structured, commonly used format where applicable.
Withdraw Consent: Withdraw consent where processing is based on consent.

You may request account deletion or data deletion at any time by visiting /delete-account or by contacting us at team@kleise-rantevou.com.

For security reasons, we may need to verify your identity, account ownership, business ownership, or booking details before completing a deletion, access, or correction request.

If you are a Customer who booked with a Business using Kleise Rantevou, the Business is usually the Data Controller for your booking data. You may still use /delete-account to contact us, but we may need to coordinate with or direct your request to the relevant Business where required. This may include the Business Owner or authorized Staff Members acting on behalf of the Business.

15. Minors' Privacy

Kleise Rantevou is not designed for minors to independently create business accounts, manage dashboards, or enter into paid subscriptions.

Minors may be included in an appointment booking only where the booking is made or authorized by a parent, legal guardian, or responsible adult where required by law.

Where applicable law requires parental or guardian consent for the use of online services or the processing of a minor's personal data, the required consent must be obtained before the minor uses the platform or before personal data relating to the minor is submitted.

Businesses that provide services to minors are responsible for ensuring that their services, appointment process, customer communication, consent collection, and handling of minors' data comply with all laws that apply to their business and industry.

If we become aware that personal data relating to a minor has been submitted without appropriate permission where such permission is required, we may delete, restrict, or take other appropriate steps regarding that data.

16. Cookies and Similar Technologies

We may use cookies, local storage, analytics technologies, and similar tools to operate the website, keep users signed in, remember preferences, secure the platform, measure usage, and improve performance.

Some cookies or similar technologies may be strictly necessary for the platform to function. Others, such as analytics or marketing-related technologies, may depend on your preferences or consent where required by law.

If we use non-essential analytics or marketing cookies, we may request consent or provide additional cookie controls where required by law.

17. Account and Data Deletion

You can request deletion of your Kleise Rantevou account or specific personal data at any time through our dedicated deletion page: /delete-account.

You may request:

Full Account Deletion: Deletion of your account and associated account data.
Business Data Deletion: Deletion of business profile data, staff data, services, availability settings, uploaded images, and booking page data where legally and technically possible.
Specific Data Deletion: Deletion or correction of selected personal data, such as contact details, profile information, uploaded images, or outdated business information.
Customer Booking Data Deletion: Deletion of Customer booking data where the request is valid and legally applicable.

Before completing a deletion request, we may ask for information needed to verify your identity, confirm account ownership, identify the relevant Business or booking, and prevent unauthorized deletion.

Once deletion is completed, access to the account, dashboard, booking page, business settings, staff records, services, availability, and related operational data may be permanently lost.

Customers who booked with a Business should also contact the relevant Business, because the Business is usually responsible for deciding how Customer booking data is handled. This may include the Business Owner or authorized Staff Members acting on behalf of the Business.

Some information may be retained where required or permitted by law, including billing records, invoices, tax records, subscription/payment history, fraud-prevention records, security logs, dispute records, or data needed to comply with legal obligations.

Data that has been anonymized or aggregated and can no longer identify you personally may be retained for analytics, reporting, security, or service improvement purposes.

18. Complaints

If you have concerns about how your personal data is handled, please contact us first at team@kleise-rantevou.com so we can try to resolve the issue.

If you are located in Cyprus or the EEA, you may also have the right to lodge a complaint with your local data protection authority. In Cyprus, the supervisory authority is the Office of the Commissioner for Personal Data Protection.

19. Automated Decision-Making

Kleise Rantevou does not use automated decision-making or profiling that produces legal effects or similarly significant effects on users.

We may use analytics, security tools, rate limiting, usage statistics, fraud-prevention tools, and platform monitoring to protect, operate, and improve the platform, but these tools are not used to make legally significant automated decisions about users.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our platform, legal requirements, third-party services, or business operations.

When we make changes, we will update the "Last updated" date at the top of this page. If changes are material, we may provide additional notice where appropriate.

21. Contact Us

If you have any questions about this Privacy Policy or how we handle personal data, you can contact us using the details below.

Platform: Kleise Rantevou

Operator: Andreou Innovations LTD

Email: team@kleise-rantevou.com

Website: kleise-rantevou.com

Account & Data Deletion: /delete-account

Cyprus data protection authority: Office of the Commissioner for Personal Data Protection