Last updated: April 24, 2026
CronoCita ("CronoCita", "we", "our", or "us") is a multi-tenant appointment scheduling SaaS that sends WhatsApp and email notifications to reduce no-shows. This Privacy Policy explains how we collect, use, and protect information when you use our platform at okt.io.
For questions about this policy, contact us at privacy@okt.io.
When you register an organization on CronoCita, we collect: your name, email address, phone number, organization name, timezone, and country. This information is required to provide the service.
Data you enter to configure your account: provider names and schedules, service names and durations, availability settings, and your organization's logo (if uploaded).
Your clients' data that you enter into CronoCita to create appointments: name, phone number, and optionally email. You are responsible for having a lawful basis to enter this information. CronoCita processes it solely on your behalf to deliver the service.
Records of appointments created on the platform: service, date and time, assigned provider, status (pending, confirmed, no-show, rescheduled), and any notes.
Content of WhatsApp and email messages sent to your customers through CronoCita (appointment confirmations, reminders, rescheduling links). Message delivery status is logged for diagnostic purposes.
We do not store your payment card details. Billing is handled entirely by Lemon Squeezy as Merchant of Record. We only store your subscription plan, status, and billing cycle dates.
Technical logs including IP address, browser type, pages visited within the app, and timestamps. Used for security and product improvement only.
We never sell your data or your customers' data to third parties.
We share data with the following sub-processors, solely to operate the service:
| Processor | Purpose | Data Shared |
|---|---|---|
| Twilio | WhatsApp notifications | Customer phone, message content |
| Lemon Squeezy | Payment processing (MoR) | Account email, billing address |
| Resend | Transactional email | Customer/user email, message content |
| DigitalOcean | Cloud hosting | All platform data (encrypted at rest) |
We retain your data for as long as your account is active. After cancellation or account deletion, data is retained for 90 days to allow recovery, then permanently deleted. You may request immediate deletion by emailing privacy@okt.io.
You have the right to: access the personal data we hold about you, correct inaccurate data, request portability (export), and request deletion. To exercise these rights, email privacy@okt.io. We will respond within 30 days.
CronoCita uses only technically necessary cookies: a session cookie (for authentication) and a CSRF token (for security). We do not use advertising cookies or third-party tracking pixels.
All data is transmitted over HTTPS/TLS. Data at rest is encrypted by DigitalOcean. Access to production data is restricted to authorized personnel. We do not store WhatsApp message content beyond what is necessary for delivery and diagnostics.
We may update this Privacy Policy. If changes are material, we will notify you by email at least 15 days in advance. Continued use of CronoCita after the effective date constitutes acceptance.
For privacy inquiries: privacy@okt.io
General inquiries: hola@okt.io