Privacy Policy

1. Data controller

SuperTurno is operated by Verix LLC, a Wyoming limited liability company.

The data controller under Argentine Law 25.326 (Ley de Protección de Datos Personales) is Fabricio Nestor Asmus, CUIT: 20-40045207-6.

WhatsApp Business API services are provided through Fabricio Nestor Asmus, a verified Meta Tech Provider.

SuperTurno is a WhatsApp-based appointment management platform designed for barbershops, beauty salons, and aesthetics centers in Latin America.

2. Personal data we collect

We collect the following categories of personal data:

2.1. Data provided by business clients (barbershops and salons):

• Business name, address, phone number, email
• Name and contact details of the owner or representative
• Information about services offered, schedules, and professionals
• Billing data

2.2. Data provided by end users (barbershop/salon clients):

• First and last name
• Mobile phone number (WhatsApp)
• Messages exchanged via WhatsApp with the business
• Appointment data: date, time, requested service, assigned professional, appointment status

2.3. Automatically collected data:

• IP address and device data (when accessing the web dashboard)
• Service usage data (booking frequency, usage patterns)
• Technical information necessary for the operation of the service

3. Purposes of data processing

We use personal data exclusively for the following purposes:

1. Management and administration of appointments and bookings
2. Sending appointment confirmations, reminders, and change notifications via WhatsApp
3. Communication with the user for technical support and customer service
4. Management of the contractual relationship with business clients
5. Service improvement, usage analysis, and platform optimization. Data obtained through Google APIs is excluded from this analysis and is used solely for the functionality described in the "Google Calendar Integration" section.
6. Compliance with applicable legal and tax obligations

We do not use personal data for purposes other than those described herein, nor for creating profiles for third-party advertising purposes.

4. Legal basis for data processing

The processing of personal data is based on the following legal grounds, in accordance with Ley 25.326 de Protección de Datos Personales of the Argentine Republic:

1. Informed and express consent of the data subject (Art. 5, Ley 25.326), granted by using the service and accepting these terms
2. Performance of the service agreement between SuperTurno and the business client
3. Legitimate interest of the controller in maintaining and improving the service, provided that the rights of the data subject do not prevail
4. Compliance with applicable legal obligations

5. Sharing data with third parties

To provide our service, we share personal data with the following third parties:

5.1. Meta Platforms, Inc. / WhatsApp LLC

Messages sent and received through SuperTurno are transmitted via Meta's WhatsApp Cloud API. Meta processes these messages on its servers in accordance with its own privacy policies. For more information, see WhatsApp's privacy policy at https://www.whatsapp.com/legal/privacy-policy.

5.2. Infrastructure and hosting providers

We use third-party services for platform hosting, databases, and storage. These providers are contractually obligated to protect data confidentiality.

5.3. Artificial intelligence providers

SuperTurno uses artificial intelligence services for natural language processing in automated conversation management. These providers are contractually obligated NOT to use the processed data to train, improve, or develop their own artificial intelligence models. Data is processed exclusively to provide the service to each business client.

5.4. Commercial data

We do not sell, rent, or share personal data with third parties for commercial or advertising purposes unrelated to the service.

5.5. Google Calendar Integration (Google API Services)

SuperTurno allows business clients to connect their Google Calendar account to automatically sync booked appointments as calendar events.

Data we access:

• Creation, reading, and deletion of calendar events related exclusively to appointments booked through SuperTurno.

Limited Use:

The use of data received through Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:

1. Google Calendar data is used exclusively to create, display, and delete appointment events within SuperTurno's functionality.
2. We do NOT transfer or share Google Calendar data with third parties, including artificial intelligence providers.
3. We do NOT use Google Calendar data for advertising, general usage analytics, or any purpose other than appointment management.
4. We do NOT store user calendar data beyond the event identifier necessary to manage (modify or cancel) the appointment.
5. Access to Google Calendar can be revoked at any time from the business settings panel or from the Google account permissions settings at https://myaccount.google.com/permissions.

6. International data transfers

Personal data may be transferred to and stored on servers located outside the Argentine Republic, including the United States and other countries where our infrastructure providers operate (Meta/WhatsApp, hosting providers, and artificial intelligence providers).

These transfers are carried out with appropriate safeguards in accordance with Article 12 of Ley 25.326 and its regulations. The Argentine Republic has data protection adequacy status granted by the European Union (Decision 2003/490/EC), which facilitates international data transfers.

7. Consent for WhatsApp messages

7.1. Opt-in

By using the WhatsApp appointment booking service, the user grants express consent to receive WhatsApp messages related to the service.

7.2. Categories of messages you may receive:

• Appointment booking confirmations
• Upcoming appointment reminders
• Change or cancellation notifications
• Support and customer service messages
• Operational service communications

7.3. Opt-out

The user may revoke their consent to receive messages at any time through any of the following methods:

• Sending "STOP" to the business's WhatsApp number
• Sending an email to [email protected] stating your request
• Requesting it directly from the business where you make your bookings

Revoking consent does not affect the lawfulness of any processing carried out prior to such revocation.

8. Rights of the data subject

Under Ley 25.326 and supplementary regulations, the data subject has the following rights:

1. Right of access (Art. 14): The data subject may request information about personal data held in our databases. This right may be exercised free of charge at intervals of no less than six (6) months, unless a legitimate interest is demonstrated.
2. Right of rectification (Art. 16): The data subject may request the correction of inaccurate or incomplete personal data.
3. Right of deletion (Art. 16): The data subject may request the deletion of their personal data when it is no longer necessary for the purpose for which it was collected, or when consent is withdrawn.
4. Right of objection: The data subject may object to the processing of their personal data under certain circumstances provided by law.

To exercise any of these rights, the data subject must send an email to [email protected] with the subject line "Exercise of rights — [type of right]", indicating their full name, registered phone number, and the specific request.

Response time: We will respond to the request within ten (10) business days of receipt.

If the data subject does not receive a satisfactory response, they may:

• File a personal data protection action (habeas data) as provided in Art. 33 et seq. of Ley 25.326
• File a complaint with the Agencia de Acceso a la Información Pública (AAIP), the enforcement authority for personal data protection — https://www.argentina.gob.ar/aaip

9. Data retention

Personal data is retained for as long as necessary to fulfill the purposes described in this policy:

• Business client data: For the duration of the contractual relationship and until the expiration of applicable legal obligation periods.
• End user data: While the user maintains activity with the business through SuperTurno. After 12 months of inactivity, data may be deleted.
• After service termination: Data is deleted within a maximum period of ninety (90) days, unless there is a legal obligation to retain it.
• WhatsApp messages: Meta may retain messages on its servers for up to 30 days to ensure delivery, in accordance with its own policies.

10. Security measures

We implement technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption in transit via TLS/SSL for all communications
• WhatsApp messages are protected by the Signal encryption protocol
• Role-based access control to systems and data
• Encrypted periodic backups
• Infrastructure security monitoring
• Periodic review of implemented security measures

11. Data deletion

The user may request complete deletion of their personal data at any time:

• Sending an email to [email protected] with the subject line "Data deletion request"
• Requesting it directly via WhatsApp from the business where you make your bookings

Deletion will be carried out within a maximum of thirty (30) days from receipt of the request. Some data may be retained when required by a legal obligation (tax obligations, resolution of pending disputes).

For more information, see our data deletion page at https://superturno.app/en/eliminacion-datos.

12. Use of artificial intelligence and automation

SuperTurno integrates the following third-party AI services to power its conversational appointment assistant:

• OpenAI (GPT-4.1-mini): Powers the WhatsApp conversational assistant that helps end-clients book, reschedule, and cancel appointments through natural language.
• OpenAI Whisper: Transcribes voice messages sent by clients via WhatsApp so the assistant can understand and respond to audio messages.
• Google Gemini: Used as a fallback language model if the primary AI service is temporarily unavailable, ensuring uninterrupted service.

These AI services are used exclusively for appointment management through messaging platforms (WhatsApp, Instagram, Facebook). They are entirely separate from our Google Calendar integration — no data obtained through Google APIs is sent to or processed by any AI service.

1. Artificial intelligence does NOT constitute the core functionality of the service. SuperTurno is an appointment management platform; AI is an auxiliary means to facilitate interaction via WhatsApp.
2. The user always has the option to be assisted by a human agent. At any point during the conversation, they may request to speak with a person.
3. Data processed by SuperTurno's artificial intelligence systems is NOT used to train, improve, or develop third-party artificial intelligence models. Data is processed exclusively to provide the service contracted by each business client.

13. Minors

SuperTurno's service is not directed at individuals under sixteen (16) years of age. We do not intentionally collect personal data from minors. If we become aware that we have collected data from a minor without verifiable consent from their parent or guardian, we will proceed to delete such information.

14. Cookies and tracking technologies

SuperTurno's web dashboard may use:

• Essential cookies: Necessary for the technical operation of the platform (authentication, session).
• Analytics cookies: To understand how the service is used and improve it (can be disabled from browser settings).

The user may manage their cookie preferences from their web browser settings.

15. Changes to this policy

We reserve the right to modify this privacy policy at any time. Substantial changes will be notified to business clients by email and/or WhatsApp with a minimum of fifteen (15) days' advance notice. Continued use of the service after notification constitutes acceptance of the changes.

16. Applicable law and jurisdiction

This policy is governed by the laws of the Argentine Republic, in particular Ley 25.326 de Protección de los Datos Personales and its Regulatory Decree 1558/2001, and supplementary regulations.

17. Contact

For any inquiries related to this privacy policy or the processing of personal data: