Privacy Policy

Application: AZBooking
Effective Date: May 1, 2026
Last Updated: May 1, 2026
Data Controller: Le Van Vinh (Individual Developer, Vietnam)
Contact: awstheme2013@gmail.com

This Privacy Policy describes how Le Van Vinh ("we", "us", "our"), an individual developer based in Vietnam, collects, uses, and protects your personal information when you use the AZBooking mobile application (the "App"). By installing or using AZBooking, you agree to the practices described below.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Full name
Email address
Phone number
Password — stored only as a one-way bcrypt hash; we never see or store your plaintext password

1.2 App Activity

Booking history (services, dates, branches, assigned employees)
In-app preferences and interactions necessary to deliver booking features

1.3 Device & Technical Information

Firebase Cloud Messaging (FCM) registration token — used solely to deliver push notifications related to your bookings
Device model, operating system version, and app version — for compatibility and support purposes
IP address — collected automatically by our server logs and Firebase services for security and analytics

1.4 Diagnostics

Crash reports collected via Firebase Crashlytics (stack traces, device state at crash time)
Aggregated usage analytics via Firebase Analytics (screen views, feature interactions)

What we do NOT collect: precise or approximate location, photos, videos, camera or microphone input, contacts, calendar, SMS or call logs, payment card data, health or biometric data, or any other sensitive personal information. The App contains no in-app payment processing.

2. How We Use Your Information

Create, authenticate, and manage your account
Process and manage your appointment bookings
Send booking confirmations, reminders, and service-related notifications via push notification or email
Provide customer support and respond to inquiries
Diagnose technical problems, improve App stability and performance
Comply with legal obligations and enforce our terms of service

We do not use your personal data for advertising or sell, rent, or trade it to any third party.

3. Third-Party Services

We rely on the following third-party services, each operating under its own privacy policy:

Firebase (Google LLC) — Authentication, Cloud Messaging, Analytics, and Crashlytics. Firebase may collect technical identifiers (FCM token, app instance ID, IP address, advertising ID) per Google's Privacy Policy.

These providers act as data processors on our behalf and may not use your data for their own purposes beyond what their service terms permit.

4. Data Sharing & Disclosure

We share your personal data only in the following limited circumstances:

With our processors (Firebase) as strictly necessary to operate the App
With service providers you book through the App — your booking details (name, contact, appointment) are shared with the branch and assigned staff so they can deliver the service
When required by law — to comply with a valid court order, subpoena, or government request, or to protect the rights, property, or safety of our users or the public

We do not sell your personal information.

5. Data Retention

Account data: retained while your account is active
After account deletion: personal data is permanently deleted within 30 days, except where retention is required by law
Crash logs & diagnostics: retained for up to 90 days
Aggregated, anonymized analytics: may be retained indefinitely for statistical purposes (cannot be linked back to you)

6. Data Security

All data transmitted between the App and our servers is encrypted via HTTPS (TLS 1.2 or higher)
Passwords are hashed using bcrypt; we cannot recover or read your plaintext password
API access is authenticated via short-lived tokens (Laravel Sanctum)
Server-side authorization is enforced on every endpoint; users can only access their own data
Databases are protected with access controls and encrypted at rest

While we apply industry-standard safeguards, no online service is 100% secure. You are responsible for keeping your password confidential.

7. Your Rights

Depending on your jurisdiction (e.g., GDPR for the European Economic Area, CCPA for California, PDPD for Vietnam), you may have the right to:

Access the personal data we hold about you
Rectify inaccurate or incomplete information
Erase your data ("right to be forgotten")
Receive a copy of your data in a structured, machine-readable format (data portability)
Withdraw consent at any time, where processing relies on consent
Object to or restrict certain processing
Lodge a complaint with your local data protection authority

To exercise any of these rights, email awstheme2013@gmail.com from the address registered to your account. We will respond within 30 days.

8. Account Deletion

You can delete your AZBooking account at any time:

In-app: open AZBooking → Settings → Account → Delete Account → confirm. Your account and associated personal data are scheduled for permanent deletion immediately.
By email: send a deletion request to awstheme2013@gmail.com from the email address registered to your account. We will verify and process within 30 days.

For full step-by-step instructions and the list of data deleted vs retained (including retention periods), see our dedicated Account Deletion page.

Upon deletion, all personal data is permanently removed within 30 days. Aggregated, anonymized analytics that cannot identify you may be retained.

9. Children's Privacy

AZBooking is not directed to children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately and we will delete it.

10. International Data Transfers

Our servers are located in Vietnam. Firebase services are operated globally by Google. By using AZBooking, you consent to your personal data being transferred to and processed in countries other than your country of residence, including the United States. We rely on appropriate safeguards (such as standard contractual clauses and Google's compliance frameworks, including the EU-U.S. Data Privacy Framework where applicable) to protect international transfers.

11. Compliance

We endeavor to comply with applicable data protection laws, including:

Vietnam Decree 13/2023/ND-CP on Personal Data Protection (PDPD)
EU General Data Protection Regulation (GDPR) — for users in the European Economic Area
California Consumer Privacy Act (CCPA / CPRA) — for residents of California, USA

12. Changes to This Policy

We may update this Privacy Policy from time to time. When changes are material, we will notify you via in-app notification or by email at the address associated with your account. The "Last Updated" date at the top of this page reflects the most recent revision. Your continued use of the App after changes take effect constitutes acceptance of the updated policy.

13. Contact

For any privacy-related question, request, or complaint:

Email: awstheme2013@gmail.com
Data Controller: Le Van Vinh (Individual Developer)
Country: Vietnam