Privacy Policy

Last Updated: January 24, 2026

Introduction

Welcome to Availo, operated by Marko Automations ("we," "us," or "our"), a sole proprietorship operating in the State of Michigan, United States. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our appointment booking and automation platform.

By using Availo, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our service.

Information We Collect

Personal Information

We collect personal information that you voluntarily provide to us when you:

  • Register for a trial or subscription
  • Fill out forms on our website
  • Contact us for support
  • Subscribe to our newsletters or marketing communications

This information may include:

  • First and last name
  • Email address
  • Phone number
  • Business name and address
  • Employer Identification Number (EIN) for business verification (encrypted at rest and permanently deleted after SMS verification approval)
  • Communications preferences

Payment Information

Payment and billing information (credit card numbers, billing addresses) is collected and processed directly by our payment processor, Stripe. We do not store your full payment card details on our servers. We only retain a reference identifier to your Stripe customer account for subscription management purposes.

Customer Data You Store

As a business tool, Availo allows you to store information about your own customers, including their names, contact details, appointment history, and custom fields you define. You are the data controller for this information and are responsible for ensuring you have appropriate consent and legal basis to collect and store your customers' data.

Automatically Collected Information

When you access our service, we automatically collect certain information, including:

  • IP address and browser type
  • Operating system and device information
  • Pages visited and features used within the Service
  • Date and time of access

How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our service
  • Process your transactions and manage your subscription
  • Send you administrative information, updates, and security alerts
  • Respond to your inquiries and provide customer support
  • Send you marketing and promotional communications (with your consent)
  • Improve and personalize your experience
  • Monitor and analyze usage and trends to improve the Service
  • Detect, prevent, and address technical issues and fraudulent activity
  • Enforce our Terms of Service and protect our rights
  • Comply with legal obligations

Communications Consent

By providing your email address and/or phone number, you expressly consent to receive communications from Availo, including:

  • Account-related notifications and service updates
  • Billing and subscription information
  • Technical support and customer service communications
  • Marketing emails and promotional offers
  • SMS messages for account verification and important alerts

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails or by contacting us directly. Please note that you cannot opt out of receiving transactional or service-related messages that are necessary for the operation of your account.

Data Sharing and Third-Party Service Providers

We do not sell, rent, or trade your personal information. We share your information only with the following categories of third-party service providers who assist us in operating the Service:

  • Stripe — Payment processing and subscription billing. Stripe processes your payment card information directly and is PCI DSS compliant.
  • Twilio — SMS message delivery. Phone numbers and message content are transmitted to Twilio for delivery.
  • SendGrid (Twilio) — Email delivery. Email addresses and message content are transmitted for delivery.
  • Railway — Application hosting and infrastructure. Your data is stored on Railway's servers.
  • Cloudflare — File storage (R2) and content delivery. Uploaded files are stored on Cloudflare's infrastructure.
  • Mapbox — Address autocomplete services. Address queries are sent to Mapbox for location lookup.

We may also share your information in the following circumstances:

  • Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.
  • Legal Requirements: We may disclose your information if required by law or in response to valid requests by public authorities (e.g., a court order or government agency).
  • Protection of Rights: We may disclose information to protect our rights, privacy, safety, or property, and that of our users or the public.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Logical tenant isolation ensuring your data is inaccessible to other customers
  • Application-level access controls and authentication measures
  • Secure password hashing (bcrypt)
  • Secure payment processing through Stripe (PCI DSS compliant)
  • Regular security updates and dependency patching

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users within 72 hours of becoming aware of the breach
  • Provide details about the nature of the breach, the types of data affected, and the measures taken to address it
  • Report the breach to relevant supervisory authorities as required by applicable law
  • Take immediate steps to contain the breach and prevent further unauthorized access

A "data breach" refers to unauthorized access to or disclosure of personal information stored on our platform infrastructure. Compromises of individual user accounts due to weak passwords, phishing, or other factors within the user's control are the responsibility of the account holder.

Data Retention

We retain your personal information according to the following schedule:

  • Account data (profile, settings, customer records): Retained while your account is active and for 90 days after account termination or cancellation, after which it is permanently deleted.
  • Billing records (transaction history, invoices): Retained by our payment processor, Stripe, for up to 7 years as required by applicable tax and financial regulations.
  • Communication logs (SMS and email records): Retained while your account is active and deleted with your account data after the 90-day post-termination period.
  • Server logs (access logs, error logs): Retained for up to 90 days for debugging and security purposes, then automatically purged.

When we no longer need your information, we will securely delete or anonymize it. You may request early deletion of your data by contacting us, subject to any legal retention requirements.

International Data Transfers

Availo is operated from the United States, and our infrastructure is hosted in the United States. If you access the Service from outside the United States (including from Canada or the European Union), your data will be transferred to, stored, and processed in the United States.

By using the Service, you consent to the transfer of your information to the United States. We acknowledge that data protection laws in the United States may differ from those in your country of residence. We take appropriate measures to ensure your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Request a copy of your information in a portable format
  • Objection: Object to our processing of your information
  • Restriction: Request restriction of processing your information
  • Withdrawal of Consent: Withdraw consent where we rely on consent to process your information

To exercise any of these rights, please contact us at notifications@maavailo.com . We will respond to your request within 30 days. We will not discriminate against you for exercising any of your privacy rights.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You can request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your data.
  • Right to Delete: You can request that we delete your personal information, subject to certain legal exceptions.
  • Right to Non-Discrimination: We will not deny you goods or services, charge you different prices, or provide a different quality of service because you exercised your CCPA rights.

We do not sell or share your personal information as defined under the CCPA/CPRA. We do not use your personal information for cross-context behavioral advertising.

Categories of personal information collected (as defined by CCPA): Identifiers (name, email, phone number, IP address); commercial information (subscription and billing history); internet or electronic network activity (usage data, browser type); professional information (business name, business address).

Canadian Residents (PIPEDA/CASL)

If you are a Canadian resident, your personal information is protected under the Personal Information Protection and Electronic Documents Act (PIPEDA) or applicable provincial legislation. You have the right to access, correct, and withdraw consent for the use of your personal information.

Commercial electronic messages sent to Canadian recipients comply with Canada's Anti-Spam Legislation (CASL). You may withdraw your consent to receive commercial electronic messages at any time by using the unsubscribe mechanism provided in each message or by contacting us directly.

Cookies and Tracking Technologies

We use only essential cookies that are necessary for the operation of the Service. These include:

  • Session cookies: Used to maintain your authenticated session while you are logged in. These cookies expire when you close your browser or after a period of inactivity.
  • Authentication tokens: Stored in your browser to keep you signed in between visits. You can clear these by logging out.

We do not use third-party analytics cookies, advertising cookies, or tracking pixels. We do not track you across other websites.

Since we only use strictly necessary cookies required for the Service to function, no cookie consent banner is required. You can instruct your browser to refuse all cookies, but this may prevent you from using the Service.

Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete such information.

Third-Party Links

Our service may contain links to third-party websites that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last Updated" date, and sending you an email notification.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Availo by Marko Automations

Email: notifications@maavailo.com

Website: maavailo.com