Privacy Policy

Thiscita is an online booking platform for local businesses, accessible at thiscita.com. We operate as a software provider for appointment management and are not an intermediary between customers and businesses.

For questions about this policy, contact us at robert@robertfrontend.com.

From business owners (registered users):

• •Business name, description, and phone/WhatsApp number.
• •Business logo or image, stored in Firebase Storage.
• •Business hours and blocked dates.
• •Email address associated with the Firebase Authentication account.
• •Google access tokens (only if you voluntarily connect Google Calendar).

From customers who book appointments:

• •Full name and phone number provided at the time of booking.
• •Selected service, appointment date, and time.
• •Booking status (pending, confirmed, cancelled).

Customers do not create accounts on Thiscita. Their data is managed exclusively by the business that owns the appointment.

• •Create and manage your business profile and public booking page.
• •Display your availability and process customer bookings.
• •Show your logo and business info in link-sharing previews.
• •Sync appointments with Google Calendar when you explicitly enable it.
• •Improve the platform through aggregated, anonymized usage analysis.

We do not sell or rent your information to third parties. We do not use it for advertising purposes or share it without your consent.

Thiscita offers an optional Google Calendar integration. It is only activated when you, as the business owner, enable it from Settings.

What access do we request?

• •Create events: when an appointment is confirmed, we create an event in your primary Google Calendar with the service and customer details.
• •Delete events: when an appointment is cancelled, we delete the corresponding calendar event.

What we do NOT do:

• •We do not read existing events in your calendar.
• •We do not access calendars other than your primary one.
• •We do not share your Google data with any third party.
• •We do not use the access for any purpose other than appointment synchronization.

Token storage:

OAuth2 tokens are stored encrypted in Firebase Firestore and are automatically refreshed when they expire. They are only accessed for the operations described above.

How to revoke access:

• •From your dashboard: Settings → Disconnect Google Calendar.
• •Directly through Google at: myaccount.google.com/permissions

Use of Google API data is governed by the Google API Services User Data Policy, including the Limited Use requirements.

All information is stored in Google Firebase services (Firestore, Authentication, Storage), with encryption in transit (HTTPS/TLS) and at rest.

• •Passwords are managed exclusively by Firebase Authentication.
• •Logos are stored in Firebase Storage with controlled access.
• •Firestore security rules restrict access to each business's data.

While we implement reasonable technical measures, no system is 100% secure. We will notify affected users of any significant security breach.

Thiscita uses first-party session cookies to keep you logged in. We do not use third-party tracking cookies or behavioral advertising.

• •Firebase uses technical cookies to manage authentication sessions.
• •We do not integrate analytics tools that collect personally identifiable data.

We retain your data for as long as your account is active. To delete your account and all associated data, email us at robert@robertfrontend.com and we will process your request within 30 days.

Customer booking data is deleted along with the business account it belongs to.

You have the right to:

• •Access the information we hold about you.
• •Correct inaccurate data from your admin panel.
• •Request deletion of your account and data.
• •Revoke Google Calendar access at any time.
• •Request data portability.

Contact us at robert@robertfrontend.com to exercise these rights.

We may update this policy from time to time. We will notify you of significant changes via email or a prominent notice on the platform. Continued use of the service after changes take effect constitutes acceptance of the updated policy.