1. Introduction
Klippme is operated by Yufy Assists Pvt Ltd, a company incorporated under the Companies Act, 2013, with its registered office in India ("Klippme", "we", "us", or "our").
This Privacy Policy explains how we collect, use, store, and share information when you use Klippme — our SaaS booking platform for Indian service providers (coaches, yoga instructors, tutors, therapists, clinics, and spas) and their customers. It applies to our website (klippme.com), our web application, and all related services.
By creating an account or using Klippme, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our services.
2. Information We Collect
2.1 Provider account data
When you create a provider account on Klippme, we collect:
- Name, email address, and phone number (optional)
- Profession, city (optional), and public username (your booking link slug)
- Session details you create: titles, descriptions, schedules, pricing, duration
- Payment collection details: UPI ID and/or QR code image you upload
- Google OAuth refresh token (only if you connect Google Meet — see Section 3)
We do not store raw payment card data. Subscription billing is handled entirely by Razorpay.
2.2 Customer booking data
When a customer books a session through your Klippme booking page, we collect on your behalf: the customer's name, email address, phone number, chosen session date and time, and payment status. You, as the service provider, are responsible for obtaining any necessary consent from your customers for us to process their data on your behalf.
2.3 Usage and technical data
We automatically collect:
- Log data: IP address, browser type, pages visited, timestamps
- Device information: operating system, screen resolution
- Booking and session activity within the platform
- Product analytics via Mixpanel (feature usage, funnel analysis) — see Section 5
- Error reports and performance data
2.4 Google account data
If you choose to connect your Google account to enable Google Meet link generation, we receive an OAuth refresh token that grants us permission to create Google Calendar events (with Meet links) on your behalf. We also receive your Google email address to identify which account the token belongs to. See Section 3 for full details on how this data is used and protected.
3. Google User Data — Limited Use Disclosure
This section specifically addresses our use of data obtained through Google APIs, in compliance with Google's API Services User Data Policy and Limited Use requirements.
3.1 What Google data we access
When you connect Google Meet through Dashboard → Settings → Integrations, we request:
- Google Calendar API (create scope) — to create calendar events with auto-generated Google Meet links for your online sessions
- Your Google email address — to identify which Google account the OAuth token belongs to
We do not access Gmail, Google Drive, Google Contacts, Google Docs, or any other Google service or data. We only request the minimum scopes necessary to create Meet links.
3.2 How we use Google data
Your Google OAuth refresh token is used solely to auto-generate Google Meet video conference links when a customer books an online session with you. No other use is made of the token. Specifically:
- We use the token to call the Google Calendar API and create a calendar event with a Meet link at the time a booking is confirmed
- The generated Meet link is sent to you and your customer in their booking confirmation
- We do not use Google data to serve advertisements, build user profiles, or for any purpose other than delivering this Meet link feature
- We do not sell, rent, or transfer your Google data to any third party
3.3 How we store Google data
Your Google OAuth refresh token is stored encrypted in our Supabase database, hosted in the ap-south-1 (Mumbai) AWS region. It is never exposed to the browser, never logged in plaintext, and is accessible only server-side. Row-Level Security (RLS) is enforced in Supabase, meaning only your own records are accessible to your account.
3.4 How we share Google data
We do not share, sell, transfer, or disclose your Google user data (including the OAuth refresh token or your Google email address) to any third party, except as required by law or to respond to a valid legal process. We do not use Google data for data brokerage or information resale.
3.5 Limited Use compliance statement
Klippme's use of data received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. In plain terms:
- Google data is used only to provide and improve the Google Meet link generation feature
- We do not use it for advertising, profiling, or any secondary purpose
- We do not sell or transfer it to third parties for their independent use
- Human employees at Klippme do not read your Google data unless you have explicitly given us permission to do so, or if it is necessary for security purposes, to comply with applicable law, or to investigate a specific complaint you have filed with us
3.6 How to revoke Google access
You can disconnect your Google account from Klippme at any time:
- Within Klippme: Dashboard → Settings → Integrations → Disconnect Google Meet
- Via Google: Visit https://myaccount.google.com/permissions and revoke access for Klippme
Upon disconnection, we delete the stored refresh token from our database within 24 hours. Previously generated Meet links for past or upcoming sessions will remain functional until they expire on Google's end.
4. How We Use Your Information
- To create and manage your provider account and deliver the Klippme service
- To process your subscription payments via Razorpay
- To send booking confirmations, reminders, and cancellation notices to you and your customers via email (Resend) — and via WhatsApp (Meta WhatsApp Cloud API, on Pro plans only)
- To auto-generate Google Meet links for online sessions when you have connected your Google account
- To display your session availability, booking page, and customer booking history
- To send product updates, billing notices, trial expiry reminders, and support communications
- To analyse how providers and customers use the platform (via Mixpanel) so we can improve features
- To detect and prevent fraud, abuse, or violations of our Terms of Service
- To comply with applicable laws, including GST obligations
We do not sell your personal data or your customers' data to any third party for advertising or marketing purposes.
5. Third Parties We Share Data With
We use the following third-party service providers to operate Klippme. Each processes your data only as needed to provide their service and has their own privacy policy.
| Provider | Purpose | Data shared |
|---|---|---|
| Razorpay | Subscription billing and payment processing | Email, phone, payment method |
| Supabase (AWS ap-south-1, Mumbai) | Database and authentication | Account data, session data, booking data |
| Resend | Transactional email delivery | Email address, name, booking details |
| Meta (WhatsApp Cloud API) | WhatsApp booking notifications (Pro plan) | Phone number, name, booking details |
| Google (Calendar API) | Google Meet link generation (if connected) | OAuth refresh token; no other Google data |
| Mixpanel | Product analytics | User ID, feature usage events (anonymised) |
| Vercel | Web hosting and CDN | IP address, request logs |
We may also disclose data when required by Indian law, court order, or a valid request from a government authority, or to protect the rights, safety, and property of Klippme, our users, or the public.
6. Data Retention and Deletion
We retain your account data for as long as your account is active. Booking records are retained for up to 7 years to meet GST record-keeping and accounting obligations under Indian law.
If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it by law (such as GST transaction records, which we retain for 7 years from the date of the transaction).
Your customers' booking data (names, emails, phone numbers) is subject to the same retention schedule unless you request earlier deletion. To request deletion of specific customer records, email us at hello@klippme.com.
7. Your Rights
As a user of Klippme, you have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate or incomplete data
- Deletion — request deletion of your account and personal data (subject to legal retention requirements)
- Data portability — request an export of your booking and session data in a machine-readable format (CSV)
- Withdraw consent — withdraw consent to processing at any time; this may affect your ability to use the service
- Revoke Google access — disconnect your Google account at any time from Dashboard → Settings → Integrations
To exercise any of these rights, email us at hello@klippme.com. We will respond within 30 days.
8. Cookies and Tracking
Klippme uses cookies and similar technologies to maintain your login session and analyse platform usage. We do not use third-party advertising or tracking cookies.
Types of cookies we use:
- Strictly necessary — authentication session cookies issued by Supabase Auth (cannot be disabled — removing them will log you out)
- Functional — theme preference, UI state
- Analytics — Mixpanel anonymised usage events to improve the product
You can control cookies through your browser settings, though disabling strictly necessary cookies will prevent you from logging in.
9. Data Security
We implement industry-standard security measures to protect your data, including encrypted connections (TLS/HTTPS), Row-Level Security (RLS) enforced at the database layer in Supabase, and restricted access controls for our team. Our database is hosted in the ap-south-1 (Mumbai) AWS region.
Google OAuth refresh tokens are stored encrypted and are never transmitted to the browser or exposed in client-side code.
No system is completely secure and we cannot guarantee absolute security. If you discover a security vulnerability, please report it responsibly to hello@klippme.com.
10. Children's Privacy
Klippme is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with their information, please contact us at hello@klippme.com and we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email to your registered address and via a notice within the Klippme dashboard at least 14 days before the change takes effect. Continued use of Klippme after the effective date constitutes acceptance of the updated policy.
The "Last updated" date at the top of this page reflects when the policy was last revised.
12. Contact Us
If you have any questions about this Privacy Policy, how we handle your data, or to exercise your data rights, please contact us:
Yufy Assists Pvt Ltd (Klippme)
Incorporated in India
Email: hello@klippme.com
We aim to respond to all privacy queries within 30 days.