Terapiku Terapiku Therapist SaaS
Legal / Privacy

Privacy Policy

This policy explains how Terapiku collects, uses, stores, and protects personal information across the therapist booking management SaaS platform.

Effective: May 10, 2026 Last updated: May 10, 2026 Malaysia PDPA aware

1. Introduction

Terapiku ("we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and protect your information when you use our therapist booking management SaaS.

2. Information We Collect

We collect the following types of information:

  • Account Information: Name, email address, phone number, and password when you register as a therapist.
  • Booking Information: Customer names, contact details, appointment dates and times, treatment types, and service locations.
  • Google Calendar Data: When you connect your Google Calendar, we access calendar event data to create, update, and delete appointment events.
  • WhatsApp Business Platform Data: When you connect WhatsApp Business, we may process your WhatsApp Business Account ID, phone number ID, display name, quality status, approved templates, access tokens, webhook events, message metadata, delivery/read status, and message content required to provide inbox, notification, and automation features.
  • Usage Data: Information about how you use our system, including login times and feature usage.

3. How We Use Google Calendar Data

Important: We use limited Google Calendar access (calendar.events scope) for booking synchronization only.

What we do with Google Calendar

  • Create Events: Automatically add booking appointments to your Google Calendar with appointment details.
  • Update Events: Modify events when bookings are rescheduled by customers.
  • Delete Events: Remove events when bookings are cancelled.
  • Monitor Changes: Receive notifications when calendar events change to prevent double bookings and maintain synchronization.

What we do not do with Google Calendar

  • We do not read your personal calendar events unrelated to our bookings.
  • We do not access calendars other than the one you explicitly authorize.
  • We do not share your calendar data with any third parties.
  • We do not use your calendar data for marketing or advertising purposes.
  • We do not sell or rent your calendar data.

4. WhatsApp Business Platform and Meta Data

Important: WhatsApp Business integration is used only to connect your business number, send and receive customer messages, manage approved templates, and keep delivery/status records for support and compliance.

When you use Meta Embedded Signup or manually connect WhatsApp Business API credentials, you authorize Terapiku to access the WhatsApp Business assets you select for the purpose of providing the Service.

What we use WhatsApp/Meta data for:

  • Connect your WhatsApp Business Account and phone number to your Terapiku account.
  • Send booking confirmations, reminders, receipts, customer replies, and other messages you configure.
  • Receive inbound WhatsApp messages and display them in the Sales Team conversation inbox.
  • Submit, sync, and monitor WhatsApp message templates where supported.
  • Track message delivery, read, failure, quality, and account status events for operational support.
  • Download inbound media only when needed to display or store customer conversation attachments inside the Service.

What we do not do with WhatsApp/Meta data:

  • We do not sell WhatsApp customer data, message content, or contact lists.
  • We do not use WhatsApp message content for third-party advertising.
  • We do not connect to WhatsApp assets you did not authorize through Meta or manual credentials.
  • We do not send marketing broadcasts through Official WhatsApp Business API unless you explicitly configure and approve a compliant template-based workflow.

5. Data Storage and Security

We take the security of your data seriously:

  • Secure Database: Your data is stored in encrypted MongoDB databases with restricted access.
  • Token Encryption: Google Calendar and WhatsApp Business access tokens are stored securely and encrypted where applicable.
  • HTTPS: All data transmission uses secure HTTPS protocol.
  • Access Control: Only authorized system processes can access your data.
  • Password Protection: User passwords are hashed using industry-standard bcrypt encryption.

6. Data Retention

  • Booking Records: Retained for business and accounting purposes as long as your account is active.
  • Google Calendar Tokens: Stored as long as you keep the Google Calendar integration active.
  • WhatsApp Business Tokens: Stored as long as you keep the WhatsApp Business integration active, and removed or disabled when you disconnect the integration or request account deletion.
  • WhatsApp Message Logs: Retained for customer conversation history, delivery troubleshooting, audit, billing estimation, and compliance unless deleted according to your account settings or a valid deletion request.
  • Account Data: Retained until you request account deletion.
  • Backups: Database backups are retained for disaster recovery purposes and deleted according to our backup retention policy.

7. Your Rights and Control

You have control over your data:

  • Disconnect Anytime: You can disconnect Google Calendar integration at any time from your dashboard, which immediately revokes our access.
  • Disconnect WhatsApp Anytime: You can disconnect Official WhatsApp Business API from your dashboard. Disconnection stops Terapiku from sending through that connected number and removes active credentials from normal use.
  • Delete Account: Request deletion of your account and all associated data.
  • Delete Connected Data: Request deletion of connected WhatsApp/Meta integration records and conversation data, subject to legal, security, dispute, and backup retention requirements.
  • Access Data: Request a copy of your personal data.
  • Correct Data: Update or correct any inaccurate information.
  • Export Data: Export your booking and customer data.

Data deletion instructions are available on the Data Deletion page.

8. Third-Party Services

Our system integrates with the following third-party services:

  • Google Calendar API: For calendar synchronization, governed by the Google Privacy Policy.
  • Meta / WhatsApp Business Platform: For WhatsApp Embedded Signup, WhatsApp Business API messaging, template management, webhook delivery events, and customer conversation workflows, governed by Meta and WhatsApp terms and policies.
  • Payment Gateway: For processing subscription payments, governed by their respective privacy policies.

Each third-party service has its own privacy policy and data handling practices. We recommend reviewing their policies.

9. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may disclose your information only in the following circumstances:

  • Legal Requirements: When required by law, court order, or legal process.
  • Service Providers: To trusted service providers who assist in operating our system under strict confidentiality agreements.
  • Business Transfer: In the event of a merger, acquisition, or sale of assets, with prior notice to users.

10. Compliance and Standards

We comply with:

  • Google API Services User Data Policy: Including the Limited Use requirements.
  • Meta Platform Terms and WhatsApp Business Platform requirements: For WhatsApp Business integrations, messaging, templates, and webhook handling.
  • Malaysia Personal Data Protection Act (PDPA) 2010: Malaysian data protection regulations.
  • Industry Best Practices: For data security and privacy protection.

11. Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect personal information from children.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by:

  • Posting the new Privacy Policy on this page.
  • Updating the effective date at the top.
  • Sending an email notification for material changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us directly:

WhatsApp: +60 11-6059 8203
Email: afifakmal9301@gmail.com
Website: https://terapiku.com
Support: Available through your dashboard.

We aim to respond to all inquiries as soon as possible.