Privacy Policy
Effective Date: July 29, 2025
1. Introduction and Scope
This Privacy Policy describes how Thirtin Inc., the owner and operator of Xdulr ("we," "us," or "our"), collects, uses, and discloses your information in connection with your use of our websites (xdulr.com, id.xdulr.com) and any related services (collectively, the "Service"). This policy is a foundational document that serves not only as a legal requirement but as our commitment to handling your personal information responsibly and transparently.
This policy applies to all users of our Service, including:
- Practitioners: Businesses and individuals who create accounts to manage their practice.
- Clients: Customers of Practitioners who use our Service to book appointments or interact with a Practitioner.
- Visitors: Individuals who browse our marketing website or other public-facing pages.
By accessing or using our Service, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy and our Terms and Conditions.
2. The Information We Collect
To provide and improve our Service, we collect information in several ways. The types of personal information we collect depend on your role and how you interact with us.
A. Information You Voluntarily Provide to Us
- Practitioner Account & Profile Information: When a Practitioner registers for an account, we collect identifiers and professional information, such as your full name, business name, email address, phone number, physical address, and a secure password.
- Client Information (Provided by Clients): When a Client books an appointment, we collect identifiers and contact information as required by the Practitioner, which typically includes your name, email address, and phone number.
- Client Information (Provided by Practitioners): A Practitioner may input information about their Clients into our platform. This can include names, contact details, appointment history, and notes related to the services provided. In this scenario, the Practitioner is the "Data Controller," and Xdulr acts as the "Data Processor."
- Payment and Transaction Information: When a Practitioner subscribes to a paid plan, we collect commercial information necessary to process the transaction via our payment processor, Stripe. We do not directly collect or store your full credit card number.
- Communications with Us: When you contact us for support or other inquiries, we collect your name, email address, and the content of your messages.
B. Information We Collect Automatically
- Log and Usage Data: This includes internet activity information such as your device's Internet Protocol (IP) address, browser type and version, operating system, the pages you visit on our site, the time and date of your visit, and time spent on each page.
- Cookies and Similar Tracking Technologies: We use cookies (small data files stored on your device) and similar technologies to operate and analyze our Service, such as for keeping you logged in. We do not use third-party cookies for cross-context behavioral advertising.
C. Information We Receive from Third Parties
- Social Logins (Google & Microsoft): If you choose to register or log in using a third-party account (Google or Microsoft), we receive profile information from that service, limited to your name and email address, solely to authenticate your account.
3. How and Why We Use Your Information
We are committed to the principle of "data minimization," meaning we only collect and use information that is necessary to provide and improve our Service. For users in the European Economic Area (EEA) and the UK, we also identify the legal basis under GDPR upon which we rely.
| Purpose of Processing | Categories of Data Used | Legal Basis (for EEA/UK Users) |
|---|---|---|
| To Provide, Operate, and Maintain Our Service This includes creating accounts, scheduling, and processing payments. |
Practitioner Account Info, Client Info, Payment Info, Log & Usage Data | Performance of a Contract Processing is necessary to fulfill our service agreement. |
| To Communicate With You This includes sending transactional messages (confirmations, reminders) and responding to support requests. |
Practitioner Account Info, Client Info, Communications | Performance of a Contract and Legitimate Interests Necessary for our service and providing effective support. |
| To Improve and Personalize Our Service We analyze usage to identify trends, fix bugs, and enhance user experience. |
Log & Usage Data, Cookie Data | Legitimate Interests Our interest in making our Service more useful for our users. |
| For Security and Fraud Prevention We monitor for fraudulent activity and protect the integrity of our Service. |
Account Info, Payment Info, Log & Usage Data | Legitimate Interests and Legal Obligation Our interest in securing our platform and our legal duty to protect data. |
| To Comply with Legal Obligations We may need to process data to comply with applicable laws and regulations. |
All relevant categories as required | Legal Obligation Necessary to comply with the law. |
4. Disclosure of Your Information (Our Sub-processors)
We do not sell your personal information. We only share your information with third-party service providers (sub-processors) who perform services on our behalf to make the Xdulr Service possible.
| Provider | Service | Purpose & Data Involved |
|---|---|---|
| Amazon Web Services (AWS) | Cloud Hosting & Storage | Hosts our application servers and databases. All application data is stored here. |
| Stripe, Inc. | Payment Processing | Processes subscription payments from Practitioners. |
| Postmark (ActiveCampaign, LLC) | Transactional Email | Sends automated communications like appointment confirmations and password resets. |
| Telnyx LLC | Calls, Phone numbers, SMS | Sends automated communications like appointment reminders via SMS and voice. |
| Google LLC | Authentication & Calendar Sync | Allows users to log in with a Google account and sync their Google Calendar. |
| Microsoft Corporation | Authentication & Calendar Sync | Allows users to log in with a Microsoft account and sync their Outlook Calendar. |
| Pinecone Systems, Inc. | AI & Vector Search | Powers our AI-driven features, processing data to provide intelligent suggestions. |
| OpenSRS (Tucows) | Domain Name Services | If a Practitioner registers a custom domain, we share necessary registration information. |
Compliance with Google API Services User Data Policy
Xdulr's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Information received from Google APIs is used only to provide or improve user-facing features, such as calendar synchronization, and is not used for advertising or transferred to third parties except for security or legal compliance.
5. Your Data Protection Rights
We are committed to ensuring you can exercise your data protection rights. To do so, please contact us using the information in the "Contact Us" section.
- The Right to Access: You have the right to request copies of your personal information.
- The Right to Rectification: You have the right to request that we correct any inaccurate or incomplete information.
- The Right to Erasure: You have the right to request that we erase your personal data, subject to certain conditions.
- The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
- The Right to Data Portability: You have the right to request that we transfer your data to another organization, or directly to you.
- The Right to Withdraw Consent: You have the right to withdraw consent at any time where we rely on consent to process your information.
A Note for Clients: If you are a Client of a Practitioner, that Practitioner is the Data Controller of your information. To exercise your rights, you should first contact the Practitioner directly.
6. Region-Specific Disclosures
For Residents of Canada (PIPEDA)
Our practices are designed to comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to address a challenge concerning our compliance to our Privacy Officer. If the issue is not resolved, you may file a complaint with the Office of the Privacy Commissioner of Canada.
For Residents of the European Economic Area (EEA) & United Kingdom (UK)
Your information is processed on servers in Canada (recognized as adequate by the EC) and the United States (using Standard Contractual Clauses for protection). You have the right to lodge a complaint with a supervisory authority in your member state.
For Residents of California (CCPA/CPRA)
We do not "sell" or "share" your personal information as defined under the CCPA/CPRA. You have the rights as described in Section 5 (Right to Know, Delete, Correct) and we will not discriminate against you for exercising them.
7. Data Security and Retention
We implement technical and organizational security measures to protect your information, including encryption and access controls. However, no method is 100% secure. We retain your information only as long as necessary for the purposes in this policy, based on your account status, our legal obligations, and our legal position.
8. Children's Privacy
Our Service is not directed to individuals under 16. We do not knowingly collect data from children under 16. If we become aware we have done so, we will take steps to remove that information.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting a notice on our website or by sending an email. We encourage you to review this policy frequently.
10. Contact Us
If you have questions or wish to exercise your rights, please contact our Privacy Officer:
Thirtin Inc. (Operator of Xdulr)Attn: Privacy Officer
1200 Bay Street, Toronto ON, Canada
Call us: +1 844 447 0707
Email: to@xdulr.com