PoZapisi · pozapisi.kz

Privacy Policy

Revision of May 13, 2026.

1. Who we are

PoZapisi (hereafter «Service», «we») is an online booking platform for service businesses. Service website: pozapisi.kz. Operator contact: ${CONTACT_EMAIL_INFO}.

2. What data we process

• First and last name (if provided at registration).
• Phone number — for OTP sign-in and notifications.
• E-mail — for sign-in and notifications.
• Telegram ID — if sign-in was performed via Telegram WebApp.
• Booking history, correspondence with the business, avatar photos (optional).
• Technical data: IP address, user-agent, timestamp — for security and audit.

3. Legal basis

• User consent (Art. 7 of the Kazakhstan Law «On Personal Data and Its Protection»).
• Performance of contract (provision of the online-booking service).
• Legitimate operator interests (fraud prevention, anonymous analytics).

4. Why we process it

• Creating and confirming bookings.
• Sending notifications (Telegram, SMS, e-mail).
• Billing and invoicing — for business customers.
• User support.
• Service security and abuse prevention.

5. Whom we share data with

We share the minimum necessary data with the following categories of recipients:

• The business the user booked with (name, phone, chosen service, time).
• Telegram, SMS and e-mail providers — strictly for notification delivery.
• Payment providers — when business customers pay for the service.
• Government authorities — upon lawful request.

We do NOT sell personal data to third parties. We do not use it for third-party ad targeting.

6. Where data is stored

Data is stored on servers located in the Republic of Kazakhstan. Backups are encrypted and stored separately. Access to production data is restricted to selected staff under audit log.

7. How long we keep it

• Active account — as long as it stays active.
• After account deletion — technical data is removed within 30 days.
• Financial documents — 5 years (Kazakhstan tax law requirement).

8. Your rights

Under the Kazakhstan Law «On Personal Data and Its Protection» you have the right to:

• Request a copy of the data we hold about you.
• Request correction of inaccurate data.
• Request data deletion (right to be forgotten).
• Withdraw consent for processing at any moment.
• File a complaint with the Ministry of Digital Development of Kazakhstan.

All requests — to ${CONTACT_EMAIL_SUPPORT}. Reply within 10 business days.

9. Cookies and similar technologies

The pozapisi.kz landing does not use cookies. The Business Dashboard and the Client Mini App use session JWT tokens (HttpOnly Cookies) and localStorage — strictly for authentication. Third-party analytics is disabled.

10. Security

• TLS 1.3 on all communication channels.
• Password hashing (BCRYPT).
• Tenant isolation: each business's data is isolated.
• Audit log of all changes to critical entities.
• Regular encrypted backups.

11. Policy changes

We will notify users about material changes to this policy 30 days in advance via e-mail and Telegram. The current version is always available at pozapisi.kz/en/privacy/.

12. Contacts

For any personal-data processing questions: ${CONTACT_EMAIL_INFO}. Phone: ${CONTACT_PHONE_DISPLAY}.

← Back to home