Privacy Policy

Last updated: June 2026 · This policy is provided for transparency and is not legal advice. Please review the placeholders marked in brackets before publishing.

This Privacy Policy explains how [Legal Entity Name] ("OpenLagoon", "we", "us") handles personal data when you use our scheduling, video meeting, and payment platform (the "Service"). It applies to visitors to our website, account holders who run booking pages ("Hosts"), and people who book or attend meetings ("Guests").

1. Who is responsible for your data

OpenLagoon acts in two different roles depending on the situation:

• As a controller for data about our own account holders, website visitors, billing, and our direct relationship with you.
• As a processor when a Host uses OpenLagoon to collect and manage information about their own Guests. In that case the Host is the controller and decides why the data is collected; we process it on their behalf under our Data Processing Addendum.

If you booked a meeting with a business or creator using OpenLagoon, that Host is responsible for your data, and you should also review their privacy policy.

2. Data we collect

Information you give us

• Account data: name, email, password, business name, and branding settings.
• Booking data: meeting details, scheduled times, attendee names and emails, and any notes a Guest provides at booking.
• Payment data: when payments are enabled, transactions are handled by our payment processor. We receive limited details (amount, status, last four digits) but do not store full card numbers.
• Communications: messages you send to support or through the platform.

Information we collect automatically

• Usage data: pages viewed, features used, and actions taken in the Service.
• Device and log data: IP address, browser type, device identifiers, and timestamps.
• Cookies and similar technologies: see the Cookies section below.

Meeting content

Video and audio are transmitted in real time. Recordings and AI-generated transcripts or summaries are only created when a Host turns those optional features on, and are stored on the Host's account. We do not record meetings by default.

3. How we use data

• To provide, maintain, and improve the Service.
• To process bookings, send reminders, and deliver meeting links.
• To process payments and prevent fraud.
• To respond to support requests and communicate service updates.
• To keep the Service secure and meet legal obligations.

4. Legal bases (EU/UK — GDPR)

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases:

• Contract: to provide the Service you have signed up for.
• Legitimate interests: to secure, analyze, and improve the Service, balanced against your rights.
• Consent: for non-essential cookies and optional marketing, which you can withdraw at any time.
• Legal obligation: to comply with tax, accounting, and other laws.

5. Your rights

EU/UK residents

Under the GDPR you have the right to access, correct, delete, or port your data, to restrict or object to processing, and to withdraw consent. You may also lodge a complaint with your local supervisory authority.

California residents

Under the CCPA/CPRA you have the right to know what personal information we collect, to access and delete it, to correct inaccuracies, and to opt out of any "sale" or "sharing" of personal information. We do not sell your personal information. We will not discriminate against you for exercising these rights.

Other US states

Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, and others) have similar rights to access, correct, delete, and opt out. We honor these requests regardless of where you live.

To exercise any right, email privacy@openlagoon.com. We will verify your identity and respond within the timeframe required by law.

6. Sharing data

We share personal data only with:

• Service providers who help us run the Service (hosting, video infrastructure, payment processing, email and SMS delivery), under contracts that limit their use of the data.
• Hosts, where you are a Guest who booked with them.
• Authorities, where required by law or to protect rights and safety.
• A successor in the event of a merger, acquisition, or sale of assets.

We do not sell personal information or share it for cross-context behavioral advertising.

7. International transfers

We may process data in countries other than where you live, including the United States. Where we transfer personal data out of the EEA or UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum.

8. Data retention

We keep personal data for as long as your account is active and as needed to provide the Service, then delete or anonymize it within a reasonable period, unless a longer retention is required by law (for example, for tax records). Hosts control retention of their own Guests' data.

9. Security

We use encryption in transit, access controls, and other technical and organizational measures to protect personal data. No system is perfectly secure, but we work to safeguard your information and will notify affected users and regulators of a breach where the law requires.

10. Cookies

We use essential cookies to run the Service and, with your consent, analytics cookies to understand usage. You can manage non-essential cookies through our cookie banner or your browser settings. Essential cookies cannot be switched off as they are required for the site to function.

11. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.

12. Changes to this policy

We may update this policy from time to time. We will post the new version here with a revised "Last updated" date and, where appropriate, notify you directly.

13. Contact us

For privacy questions or to exercise your rights, contact privacy@openlagoon.com or write to us at [Registered Company Address]. If you are in the EU, our representative for GDPR purposes is [EU Representative, if applicable].