1. Who We Are

Schdula is a WhatsApp group scheduling tool developed and operated by Desejos Studio. References to "we", "us", or "our" throughout this policy refer to Desejos Studio.

This Privacy Policy applies to all users of the Schdula web application. By creating an account or continuing to use Schdula, you acknowledge that you have read and understood this policy.

Schdula is not affiliated with, endorsed by, or connected to WhatsApp or Meta in any way.

2. Information We Collect

We collect the minimum data necessary to provide the service. Below is a comprehensive breakdown of every category of data we gather:

2a. Account & Identity

• Email address — used to create and identify your Schdula account, and to send you transactional messages (invites, quota warnings, service updates). Authentication is managed via Supabase Auth.
• Password — stored in hashed form by Supabase. We never have access to your plaintext password.
• Name (optional) — if you are part of a Team, your first and last name may be stored in your profile and displayed to your team owner.

2b. WhatsApp Session Credentials

• When you connect WhatsApp by scanning the QR code, Schdula creates a WhatsApp Web session token. This token is stored securely on our servers and used solely to dispatch scheduled messages on your behalf — the same mechanism as WhatsApp Web.
• We do not store your WhatsApp phone number directly. Sessions can disconnect at any time and may require re-authentication.
• Session tokens are permanently deleted the moment you disconnect your WhatsApp account from Schdula.

2c. WhatsApp Group Data

• Group names and chat IDs — stored for groups you explicitly select in the Schdula dashboard.
• Participant count — number of members in selected groups, used to display information in the dashboard.
• Admin status — whether you are an admin of a given group, verified before sending messages.
• We do not read, store, or process: private conversations between group members, personal phone numbers of individual participants, media or files sent by other group members, or messages in groups you have not explicitly added to Schdula.

2d. Scheduled Messages & Batches

• Message content — the text, images, videos, or poll data that you compose and schedule inside Schdula.
• Scheduled send time, target group, message type, delivery status (pending, sent, failed), and any error descriptions from failed send attempts.
• Batch metadata — when you use batch messaging, we store a parent batch record that links 2–5 individual messages and tracks overall batch completion status (pending, sending, completed, failed).
• Message templates — content and metadata for any templates you save in Schdula for reuse.

2e. AI Generation Data

• If you use the AI message drafting feature, we track request counts and token usage in an audit log to enforce per-plan AI quotas. This log records timestamps, model usage, and token counts — not the content of what was generated.
• AI-generated message content is only stored if you explicitly save or schedule it.

2f. Subscription & Billing Data

• Subscription tier (Starter, Pro, or Team), billing period, status (active, past_due, cancelled), current period end date, and whether a cancellation is scheduled.
• Stripe Customer ID — a unique reference used to link your Schdula account to your Stripe record for billing operations.
• Extra message credits — if you purchase additional message credits, the remaining balance is stored in our database.
• Card details, payment methods, and billing addresses are handled exclusively by Stripe and are never stored on our servers.

2g. Team Mode Data

• Team name and configuration — stored when a Team plan owner creates a team workspace, including member limits and group assignments.
• Team member records — the Schdula user IDs and roles (owner or member) of people who belong to a team. Row Level Security (RLS) ensures members can only see their own records; owners see the full team roster.
• Invite records — the email address invited, an expiring invite code, and acceptance status. Invite codes expire after 7 days.
• Team group assignments — which groups are assigned to which team members for scheduling.

2h. Usage & Analytics Events

• We use PostHog (EU-hosted at eu.i.posthog.com) to capture anonymous product analytics events — for example, when a quota is exceeded or a feature is used. Events are linked to your anonymised user ID, not your email or personal details.
• This data helps us understand how the product is used so we can improve it. We do not use it to build advertising profiles.

2i. Message Footer Preference

• On the Pro and Team plans, your custom message footer text (up to 100 characters) is stored in your profile. Starter plan accounts always use the default "Powered by Schdula" footer.

2j. Technical & Log Data

• Server logs may capture IP addresses, request timestamps, HTTP status codes, and error messages for security monitoring, debugging, and abuse prevention. Logs are not used to profile individual users and are retained for a maximum of 90 days.

3. How We Use Your Information

We process your data only for the following purposes:

• Providing the service — authenticating you, maintaining your WhatsApp session, dispatching scheduled messages to your chosen groups at the times you specify.
• Quota enforcement — tracking how many messages you have sent this month against your plan limit (Starter: 12/month, Pro: 25/month, Team: 40/month).
• Billing & subscriptions — processing payments, managing plan upgrades/downgrades, and issuing refunds via Stripe.
• Transactional email — sending you important service communications: team invitations, session disconnection alerts, quota warnings, and policy change notices. We use Resend for email delivery.
• Team administration — enabling team owners to invite members, assign groups, and manage shared scheduling workspaces.
• Service improvement — using anonymised PostHog analytics to understand feature usage patterns and identify areas for improvement.
• Security & fraud prevention — rate limiting API requests, detecting abuse, and monitoring session health.

We do not use your data for advertising, sell your data to third parties, or process it for any purpose unrelated to operating Schdula.

4. Legal Basis for Processing

• Contract performance — most processing is necessary to deliver the Schdula service you have signed up for (scheduling, messaging, team management, billing).
• Legitimate interests — server logging, security monitoring, and anonymised analytics are necessary for operating a safe and reliable service.
• Consent — where required (e.g. non-essential communications), we will seek your explicit consent.
• Legal obligation — we may retain data where required by applicable law.

5. Third-Party Data Processors

We share limited personal data only with the following sub-processors, strictly to operate Schdula. We do not sell or rent data to any party.

6. Data Retention

• Account data (email, profile) — retained for as long as your account exists.
• Scheduled messages & batches — retained for 12 months from the scheduled send date, then permanently deleted.
• Message templates — retained until you delete them or close your account.
• AI audit logs — retained for 6 months for quota enforcement purposes, then deleted.
• WhatsApp session tokens — deleted immediately when you disconnect your WhatsApp account from Schdula.
• Team invites — expire automatically after 7 days and are purged from the system after 30 days.
• Billing records — subscription and payment history is retained for up to 7 years to comply with financial record-keeping obligations.
• Server logs — retained for a maximum of 90 days.
• Upon account deletion — all your personal data (account, messages, groups, templates, team data) is permanently deleted within 30 days, except where legal obligations require longer retention of billing records.

7. Data Security

• All data in transit is encrypted using HTTPS/TLS.
• Passwords are hashed using industry-standard algorithms managed by Supabase Auth — we never see your plaintext password.
• All database tables use Row Level Security (RLS) policies enforced at the database level, ensuring that users can only access their own data. Team data is further scoped so members only see the groups they are assigned to.
• WhatsApp session tokens are stored in access-controlled environments and are only used by the server-side scheduler process.
• API endpoints are rate-limited to prevent abuse and brute-force attacks.
• Access to production infrastructure is restricted to authorised Desejos Studio personnel only.

No system is 100% secure. If you believe your account has been compromised, contact us immediately at desejos.studio@gmail.com.

8. Cookies & Local Storage

Schdula uses only the minimal browser storage required to function:

• Authentication session cookie — a secure, HttpOnly cookie set by Supabase to keep you logged in across page loads. This is a strictly necessary cookie.
• Theme preference (localStorage) — stores your light/dark mode setting. Contains no personal data.

We do not use advertising cookies, cross-site trackers, or any third-party marketing pixels. Our PostHog analytics are server-side event-based and do not rely on tracking cookies.

9. Your Rights

Depending on your location (e.g. the EU/EEA under GDPR, or the UK under UK-GDPR), you may have the following rights:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
• Right to data portability — request your data in a structured, machine-readable format (e.g. JSON).
• Right to restrict processing — request that we limit how we use your data in certain circumstances.
• Right to object — object to processing based on legitimate interests.
• Right to withdraw consent — where processing is consent-based, you may withdraw at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email desejos.studio@gmail.com with the subject line "Privacy Request". We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10. International Data Transfers

Schdula uses services hosted in multiple regions. Supabase, Stripe, and Resend may process data in the United States or other jurisdictions. PostHog data is processed within the EU. Where data is transferred outside your country, we rely on appropriate safeguards (such as Standard Contractual Clauses) as required by applicable law.

11. Children's Privacy

Schdula is intended for use by adults managing WhatsApp communities. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that a child under 16 has created an account, we will delete the account and all associated data without delay.

12. WhatsApp-Specific Privacy Notice

13. Changes to This Policy

We may update this Privacy Policy from time to time as the product evolves or legal requirements change. When we make significant changes, we will notify you by email and update the "Last updated" date at the top of this page. Continued use of Schdula after the effective date of any update constitutes your acceptance of the revised policy.

14. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or how we handle your personal data, please contact us: