KassyBack

Privacy Policy

Last updated: March 10, 2026

1. Introduction

Kassy ("we", "us", "the Service") is a scheduling and invoicing tool for private practitioners. This Privacy Policy applies to all users of Kassy, including practitioners who manage their practice through the platform and clients who receive invoices or visit payment pages generated by the platform. By using Kassy or interacting with any Kassy-generated page (including payment pages) you agree to this policy.

2. Data We Collect

We collect only what is necessary to provide the Service:

  • Account data: Name, email address, and profile picture provided by Google when you sign in.
  • Client data: Client names, email addresses, phone numbers, billing addresses, and session prices that you enter into the platform.
  • Session data: Session titles, dates, times, durations, notes, and attendance status.
  • Invoice and payment data: Invoice amounts, payment status, and payment links. We do not process or store credit card numbers or bank account details.
  • Payment page visitor data: When you visit a Kassy-generated payment page as a client, we display your name, the practitioner's name, session details, and the amount owed. This data was entered by your practitioner. We do not collect additional personal data from you on payment pages. Payments are processed entirely by third-party payment providers (e.g. Revolut) — Kassy does not handle, process, or store any payment credentials.
  • Usage data: Anonymous analytics (page views, feature usage) to improve the Service.

3. How We Use Your Data

  • To provide and operate the scheduling and invoicing features.
  • To send invoices and payment reminders to your clients on your behalf.
  • To send you transactional emails (e.g. account notifications).
  • To improve the Service through anonymous, aggregated analytics.

We do not sell, rent, or share your personal data or your clients' data with third parties for marketing purposes.

4. Third-Party Services

We use the following third-party services to operate Kassy:

  • Supabase — database hosting and authentication (EU region).
  • Google OAuth — sign-in authentication.
  • Resend — transactional email delivery (invoices, reminders).
  • Vercel — application hosting.

Each provider processes data according to their own privacy policies. We choose providers that comply with applicable data protection regulations.

5. Data Storage and Security

Your data is stored in Supabase-managed databases hosted in the European Union. We implement reasonable technical and organisational measures to protect your data, including encryption in transit (TLS) and at rest. However, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.

6. Your Responsibilities

As a practitioner using Kassy, you are the data controller for the client data you enter into the platform. Kassy acts as a data processor on your behalf. You are solely responsible for:

  • Obtaining appropriate consent from your clients before entering their personal data into Kassy.
  • Ensuring your use of Kassy complies with all applicable privacy and data protection laws (including GDPR where applicable).
  • The accuracy and legality of the data you enter, including invoicing amounts and client contact information.
  • Any communications sent to your clients through the platform, including invoices and payment reminders.

7. Information for Clients (Payment Page Visitors)

If you are a client visiting a Kassy-generated payment page or receiving a Kassy-generated invoice email, please note:

  • Your personal data (name, email, session details, amounts) was entered into Kassy by your practitioner. Your practitioner is the data controller for this data — any questions about why your data is being processed or requests to modify or delete it should be directed to your practitioner.
  • Kassy acts as a data processor and only displays and transmits data as instructed by the practitioner. We do not use your data for any other purpose.
  • Payment pages redirect you to a third-party payment provider (e.g. Revolut). Kassy does not collect, process, or store any payment credentials, bank details, or financial information. The payment provider's own terms and privacy policy apply to the transaction.
  • Kassy is not a party to the transaction between you and your practitioner. We are not responsible for the services provided by the practitioner, the accuracy of invoiced amounts, or any disputes arising from your relationship with the practitioner.
  • We do not create an account for you or retain your data beyond what is stored by your practitioner. If you wish to have your data removed, please contact your practitioner directly.

8. Limitation of Liability

The Service is provided "as is" and "as available" without warranties of any kind, either express or implied. To the fullest extent permitted by law:

  • Kassy shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of revenue, data, business, or profits.
  • Kassy shall not be liable for any loss or damage arising from your reliance on the Service, including incorrect invoicing, missed sessions, or failed email delivery.
  • Kassy shall not be liable for any disputes between you and your clients, including payment disputes, scheduling disagreements, or any claims arising from the services you provide to your clients.
  • Kassy shall not be liable for any payments made or not made through third-party payment providers linked from Kassy-generated pages, including but not limited to incorrect amounts, failed transactions, or unauthorized payments.
  • Kassy shall not be liable for any downtime, data loss, or service interruptions, whether planned or unplanned.
  • Our total liability for any claim relating to the Service shall not exceed the amount you paid us in the 12 months preceding the claim (which may be €0 on the free plan).

9. Data Retention and Deletion

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data and client data within 30 days, except where we are required by law to retain it. Soft-deleted records (cancelled sessions, etc.) are retained until account deletion.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or delete your personal data.
  • Export your data in a portable format.
  • Object to or restrict certain processing of your data.
  • Withdraw consent at any time (where processing is based on consent).

To exercise any of these rights, contact us at support@kassy.app.

11. Cookies

Kassy uses only essential cookies required for authentication and session management. We use anonymous analytics to understand usage patterns. We do not use advertising cookies or tracking pixels.

12. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes via email. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact

For questions about this policy or your data, contact us at support@kassy.app.