Privacy Policy

Atelo is a booking and client management platform built for fashion designers, couture houses, bridal ateliers, and tailoring studios ("fashion houses"). We operate the website getatelo.com and related services (the "Service"). This Privacy Policy explains what data we collect, how we use it, who we share it with, and the rights you have over your data.

Atelo is a trading name of Kamdithecreator Ventures, a business registered in Nigeria. References to "Atelo," "we," "us," or "our" in this Policy mean Kamdithecreator Ventures, operating the Service under the Atelo brand.

If you have questions about this policy, email us at support@getatelo.com.

• Fashion houses — operators who sign up for an Atelo account to accept bookings and manage clients.
• Clients — people who book appointments, fittings, or consultations with a fashion house through Atelo.
• Website visitors — anyone who views our public pages.

Account data — when a fashion house registers, we collect the account holder's name, email, phone (WhatsApp), business name, slug, logo, locations, timezone, and services offered.

Booking data — when a client books, we collect the client's name, phone, email, the requested service, the requested date and time, and (on payment) the Paystack transaction reference.

Client profiles — fashion houses may store notes, measurements, and prior-booking history about their own clients inside their Atelo account. This data is created and controlled by the fashion house.

Payment data — payments are processed by Paystack. We do not store card numbers, CVVs, or bank credentials. We store Paystack-returned metadata such as transaction reference, amount, currency, subaccount code, and customer code.

Messaging data — WhatsApp messages we send on your behalf via Twilio (booking confirmations, reminders, cancellations) and delivery status for each message. Inbound WhatsApp messages to our business number are logged for operational debugging.

Google Calendar data — if you choose to connect Google Calendar, see Section 6 below for exactly what we access and how we use it.

Email data — transactional emails are delivered by Brevo. We log the recipient email and send status for each email.

Usage data — Firebase / Google Cloud server logs (IP address, user-agent, timestamp) captured for security, rate limiting, and abuse prevention. Cloudflare Turnstile bot-protection tokens are processed during public booking submission.

• To operate the booking flow — show availability, accept payments, create appointments.
• To send booking confirmations, reminders, and status updates over WhatsApp and email.
• To maintain the fashion house dashboard and its client records.
• To sync confirmed appointments with your Google Calendar, if you connect one.
• To process subscription payments and manage your Atelo account state.
• To secure the Service — detect and prevent fraud, abuse, and unauthorized access.
• To comply with legal obligations.

We do not sell your data. We do not use your data, your clients' data, or your Google user data for advertising. We do not train any machine-learning model on your data without your separate consent.

Where applicable, our legal bases for processing are: (a) performance of our contract with you, (b) your consent (for optional integrations such as Google Calendar), (c) our legitimate interest in securing and improving the Service, and (d) compliance with law.

Atelo's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, when you connect your Google Calendar to Atelo:

• We request three scopes: calendar.events, calendar.readonly, and userinfo.email. The two calendar scopes allow us to read busy-time information from your primary calendar (so we don't double-book you) and create, update, and delete the specific events we add on your behalf when bookings are confirmed, rescheduled, or cancelled. The userinfo.email scope returns the email address of the Google account you connected, which we display in your Atelo dashboard so you can confirm the correct account is linked and detect if the wrong account was used.
• We use Google user data only to provide the calendar-sync feature that is visible to you in the Atelo dashboard.
• We do not use Google user data for advertising.
• We do not transfer Google user data to third parties except as necessary to provide or improve the calendar-sync feature, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to you.
• We do not allow humans to read Google user data unless (a) we have your affirmative agreement for specific events, (b) it is necessary for security purposes such as investigating abuse, (c) it is necessary to comply with law, or (d) the data is aggregated and used for internal operations in a way that cannot identify you.
• You can revoke Atelo's access to your Google Calendar at any time — either from the Atelo dashboard (Settings → Integrations → Disconnect Google Calendar) or from your Google Account permissions page. When you disconnect, we delete the stored refresh and access tokens.
• We store Google OAuth tokens only. We do not store a mirror of your Google calendar events in Atelo — availability checks are made in real time at request time and are not cached.

We share data only with service providers necessary to operate the Service:

• Google Firebase / Google Cloud — authentication, Firestore database, file storage, Cloud Functions, and hosting. Primary processor.
• Paystack — payment processing. Cardholder data is handled entirely by Paystack under PCI-DSS.
• Twilio — WhatsApp message delivery.
• Brevo — transactional email delivery.
• Google Calendar (Google LLC) — only if you connect your calendar. See Section 6.
• Cloudflare — bot protection (Turnstile) on public booking pages.

Each of these providers is bound by their own terms and privacy policies and may process data outside your country.

We keep your account and booking data for as long as your Atelo account is active. After account deletion, we delete or anonymize personal data within 30 days, except where we are legally required to retain specific records (for example, financial records for tax purposes).

Fashion houses may delete specific booking or client records at any time from their dashboard.

Depending on where you live, you may have the right to access, correct, delete, or export your personal data, to object to or restrict processing, and to withdraw consent. To exercise any of these rights, email support@getatelo.com. We will respond within a reasonable time, and in any case within the period required by applicable law.

We use industry-standard security measures: HTTPS everywhere, Firebase Auth for identity, scoped Firestore security rules, webhook signature verification for Paystack and Twilio, Cloudflare Turnstile for bot protection, and rate-limiting on sensitive endpoints. No system is perfectly secure; if you suspect a vulnerability, contact us immediately.

Atelo is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has given us data, email support@getatelo.com and we will delete it.

We may update this policy from time to time. We will update the "Last updated" date at the top of the page and, if the changes are material, notify account holders via email or in-app notice at least 14 days before the changes take effect.

Questions, requests, or complaints: support@getatelo.com.