Privacy Policy

1. Introduction

This Privacy Policy explains how Krista V., trading as Laima ("we", "us", "our"), collects, uses, stores, and protects personal data in connection with the Laima platform ("Service") available at getlaima.com and app.getlaima.com.

We are based in Latvia, European Union, and offer our Service to businesses in the United Kingdom, United States, Australia, and other countries.

2. Data Controller and Data Processor

We act as the data controller for Subscriber data (business owners who register for the Service), including account information, billing details, and business information.

We act as the data processor on behalf of Subscribers for Client data (individuals who book appointments). The Subscriber is the data controller for their Clients' data.

3. Legal Bases for Processing

We process personal data based on performance of a contract (to provide the Service), legitimate interests (to improve the Service and ensure security), consent (for marketing communications), and legal obligation (to comply with applicable laws).

4. Data We Collect

Subscriber Data: Account information (name, email, password), business information (name, address, city, country, phone, vertical), service configuration (services, staff, hours), billing information (processed by Stripe, we store only Stripe customer ID and subscription status), and usage data.

Client Data (processed on behalf of Subscribers): Contact information (name, email, phone), booking information (date, time, service, staff), conversation data (messages with AI booking assistant), preference data (service preferences, booking history), and loyalty data.

Automatically Collected: Device and browser information (IP address, browser type, OS), usage data (pages visited, time spent), and cookies (see our Cookie Policy).

5. How We Use Your Data

Subscriber Data: To provide and improve the Service, process payments, send transactional communications, provide support, send marketing communications (with consent), analyse usage, and prevent fraud.

Client Data: To facilitate booking, power AI-assisted conversations, store preferences and history, send reminders on behalf of the Subscriber, and generate analytics for the Subscriber.

AI Processing: The Service uses AI powered by Anthropic's Claude. Conversations are sent to Anthropic's API in real-time. Anthropic does not use conversation data to train their models. Conversation content is not stored by Anthropic beyond the API call duration.

6. Data Sharing and Third Parties

We share data only as necessary to provide the Service: Supabase (database, EU Ireland), Anthropic (AI processing, US), Stripe (payments, US), Google (calendar sync, US), Vercel (hosting, global), Upstash (rate limiting, EU), and Resend (email delivery, EU/US).

We do not sell personal data. We do not share data with third parties for their marketing purposes.

For international transfers, we ensure appropriate safeguards including EU Standard Contractual Clauses and UK International Data Transfer Agreements where applicable.

7. Data Retention

Subscriber data is retained for the subscription duration plus 30 days. Billing records are retained for 7 years. Client data is retained for the Subscriber's active subscription and deleted within 30 days of cancellation. Usage logs are retained up to 12 months.

8. Data Security

We implement encryption in transit and at rest, secure authentication with hashed passwords, row-level security policies, rate limiting, regular security reviews, and access controls. No method of transmission or storage is completely secure — we cannot guarantee absolute security.

9. Your Rights

EU and UK (GDPR): Access, rectification, erasure, restriction, data portability, objection, withdraw consent, and lodge a complaint with a supervisory authority.

Australia: Access, correction, and lodge a complaint with the OAIC.

California (CCPA): Know what data we collect, request deletion, opt out of sale (we do not sell data), and non-discrimination.

To exercise your rights, contact hello@getlaima.com. We respond within 30 days. Clients should contact the Subscriber directly, who may instruct us to action the request.

10. Children's Privacy

The Service is not directed at individuals under 18. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this policy from time to time with notice to Subscribers. Continued use constitutes acceptance.

12. Contact Us

Laima
Operated by Krista Vitolska
Email: hello@getlaima.com
Website: https://getlaima.com

Supervisory Authorities:
Latvia: Datu valsts inspekcija (www.dvi.gov.lv)
UK: Information Commissioner's Office (www.ico.org.uk)
Australia: Office of the Australian Information Commissioner (www.oaic.gov.au)