Privacy Policy

Last updated: June 5, 2026

Javisa.ai is a brand operated by Pixpod SPA ("we", "us", or "our"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered booking automation platform.

1. Information We Collect

1.1 Personal Information

• Full name: To identify you and personalize your experience
• Email address: For communications, booking confirmations, and account updates
• Phone number: For booking notifications, reminders, and WhatsApp communications
• Business information: Business name, services offered, operating hours, and locations

1.2 Usage Information

• Appointment and booking history
• Service and professional preferences
• Communication logs (WhatsApp messages, emails)
• Technical data (IP address, browser type, operating system)

1.3 Zoom Integration Data

When you connect your Zoom account, we request the following OAuth permissions and use them exclusively for the following purposes:

• meeting:write:meeting — to automatically create a Zoom meeting when a video call appointment is booked on the platform.
• meeting:update:meeting — to update the corresponding Zoom meeting if an appointment is rescheduled.
• meeting:delete:meeting — to cancel the Zoom meeting if an appointment is cancelled.
• user:read:user — to retrieve your Zoom user profile (name, email, and timezone) so that meetings are created correctly under your Zoom account.

We store your Zoom access token and refresh token (encrypted at rest on AWS) and your Zoom user ID. We do not access your Zoom recordings, cloud storage, contacts, chat messages, or any other Zoom data beyond what is listed above.

1.4 Google Meet Integration Data

When you connect your Google account, we request the following OAuth permissions:

• https://www.googleapis.com/auth/meetings.space.created — to automatically create Google Meet video call rooms when a video appointment is booked on the platform.
• https://www.googleapis.com/auth/meetings.space.readonly — to read and display the status of the Google Meet rooms created by our platform.

We store your Google access token and refresh token (encrypted at rest on AWS). We do not access your personal emails, Google Drive files, contacts, Google Calendar, or any other Google data outside of the Meet spaces managed by our platform.

Google API Limited Use Disclosure: Javisa.ai's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

2. How We Use Your Information

2.0 Our Role in Data Processing

For the personal data of the professionals and business owners who register for our platform, Pixpod SPA acts as the Data Controller. For the personal data of the end-clients who book appointments through our businesses, Pixpod SPA acts purely as a Data Processor on behalf of those businesses.

2.1 Service Delivery

• Facilitate booking and appointment management
• Send booking confirmations and reminders
• Process payments and manage billing
• Provide customer support

2.2 Communications

• Send automated notifications via WhatsApp and email
• Send updates about service or policy changes
• Respond to inquiries and information requests
• Provide assistance through our AI chatbot

2.3 Service Improvement

• Analyze usage patterns to optimize the platform
• Train and improve our AI models
• Develop new features and functionality
• Prevent fraud and ensure platform security

3. Data Security

3.1 Infrastructure

• AWS Storage: All data is stored on secure Amazon Web Services (AWS) servers
• Encryption: Data is encrypted in transit (HTTPS/TLS) and at rest
• Authentication: We use AWS Cognito for secure identity management and multi-factor authentication
• Data isolation: Multi-tenant architecture with complete isolation between businesses

3.2 Access Controls

• Access restricted to authorized personnel only
• Regular security audits
• Continuous monitoring of suspicious activities

4. Data Sharing and Sub-Processors

We do not sell, rent, or share your personal information with third parties, except in the following circumstances. We use the following sub-processors to operate the platform:

We may also disclose your information to comply with legal obligations, court orders, or governmental regulations, or to protect our rights, property, or the safety of our users.

5. Your Rights (GDPR & CCPA)

Depending on your jurisdiction, you may have the following rights regarding your personal data. These rights apply to users in the European Union (GDPR) and California residents (CCPA), among others:

• Access: Request a copy of the information we hold about you
• Rectification: Correct inaccurate or incomplete information
• Erasure / Right to be Forgotten: Request deletion of your data (subject to legal obligations)
• Data Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing of your data for certain purposes
• Withdrawal of Consent: Withdraw your consent at any time
• Non-Discrimination (CCPA): We will not discriminate against you for exercising your privacy rights

5.1 Chile — Personal data laws (Ley 19.628, Ley 20.584, Ley 21.719, Ley 21.633)

If you are in Chile: we process personal data in line with Law No. 19.628 on protection of private life and its amendments. Health-related answers you provide through booking forms may qualify as sensitive data; we apply technical measures (including encryption and access controls) and, where configured, record explicit consent at booking time. Law No. 20.584 on patient rights informs how healthcare providers using Javisa should govern clinical information — your provider remains responsible for medical record rules. Law No. 21.719 strengthens data protection rules (including accountability measures); material provisions become enforceable on 1 December 2026 unless the law is amended. Law No. 21.633 establishes a national cybersecurity framework; essential-service operators (which may include certain health providers) have specific duties — your provider determines if those rules apply and how incidents are reported to authorities.

5.2 Security incidents and breach cooperation

We maintain administrative and technical safeguards appropriate to the risk. If we become aware of a breach of security leading to accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of personal data we process as a processor on behalf of a business customer, we will notify the affected customer without undue delay so they can meet their obligations. End-users should contact the business with which they booked, and may also contact support@javisa.ai for platform-related inquiries.

To exercise any of these rights, submit a written request to support@javisa.ai. We will respond within 30 calendar days. For requests to delete Zoom-related data, we will also revoke the Zoom OAuth token and delete all stored Zoom credentials within the same timeframe.

5.3 Revoking Third-Party Access

In addition to requesting data deletion from Javisa.ai, you may revoke our platform's access to your third-party integrations at any time directly through their respective security settings:

• Zoom: Navigate to your Zoom App Marketplace dashboard, go to "Added Apps," and click "Remove" next to Javisa.ai.
• Google: Navigate to your Google Account Security settings, go to "Third-party apps with account access," and remove Javisa.ai's access.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. Specific retention periods:

• Account data: Retained for the duration of your active account. Upon account deletion, personal data is permanently deleted within 90 days.
• Zoom tokens: Deleted immediately upon disconnecting your Zoom integration or within 90 days of account deletion, whichever comes first.
• Appointment history: Retained for up to 2 years for operational and legal purposes, then anonymized or deleted.
• Communication logs: Retained for up to 1 year, then deleted.

7. Cookies

We use cookies and similar technologies to:

• Keep your session active and remember your preferences
• Analyze platform traffic and usage
• Improve platform functionality and performance

You may configure your browser to reject cookies, but this may affect platform functionality.

8. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect information from minors. If we discover that we have collected information from a minor, we will delete it immediately.

9. International Transfers

Your information may be transferred to and stored on servers located in different countries, including the United States. By using our services, you consent to these transfers. We ensure all transfers comply with applicable data protection laws, including GDPR standard contractual clauses where required.

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or for operational, legal, or regulatory reasons. We will notify you of significant changes via a notice on our platform or by email. Continued use of our services after such changes constitutes your acceptance of the updated policy.

11. Contact

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, contact us at:

• Privacy and data protection inquiries (including Chile Law 21.719): support@javisa.ai
• Support: support@javisa.ai
• Legal entity: Pixpod SPA (operating as Javisa.ai)

By using Javisa.ai, you acknowledge that you have read, understood, and accepted this Privacy Policy.