Privacy Policy

Last Updated: May 27, 2026 · v1.0.0

1. Introduction

REXTEN Marketplace takes your privacy seriously. This privacy policy describes what data we collect, how we use it, and how we protect it in accordance with US law, including the California Consumer Privacy Act (CCPA) and other applicable data protection laws.

REXTEN Marketplace operates the platform only. We are not the seller or performer of services you book; independent businesses and professionals listed on the platform are responsible for those services and for their own legal and tax compliance.

2. What Data We Collect

2.1. Registration Data

  • First and Last Name
  • Email Address
  • Phone Number
  • Password (stored encrypted)

2.2. Usage Data

  • Service search history
  • Booking history
  • Reviews and ratings
  • Messages to service providers
  • Location information (if provided)

2.3. Technical Data

  • IP Address
  • Browser and device type
  • Visited pages information
  • Cookies and similar technologies

2.4. Business account data

For companies and professionals using the platform as a business (including the CRM and management panel), we may additionally collect and process:

  • Business name
  • Business address and service area
  • Tax and business verification information, if requested
  • Staff/specialist information
  • Schedule and calendar data
  • Client records added manually by the business
  • Notes, photos, and documents uploaded by the business
  • Transaction and payout metadata
  • Support communications

2.5. Client data added by the business (CRM)

When a business manually adds records about its own clients to the platform (names, contacts, notes, and other information), REXTEN processes this data on behalf of and for the relevant business, acting as a data processor.

  • The business acts as the controller of such data and is responsible for the lawfulness of its collection, for obtaining any required consents and legal bases, and for notifying its own clients.
  • REXTEN uses this data only to provide the business with platform features (CRM, bookings, communications) and does not use it for its own independent purposes.
  • Data subject requests (access, correction, deletion) regarding such records are forwarded to the relevant business or handled on its instructions.

3. How We Use Your Data

We use collected data for the following purposes:

  • Providing access to the platform and its features
  • Processing bookings and managing your orders
  • Communicating with you regarding bookings and services
  • Improving platform quality and user experience
  • Sending important notifications and updates
  • Preventing fraud and ensuring security
  • Complying with legal obligations

4. Data Sharing with Third Parties

4.1. Sharing with Service Providers

When booking a service, we share necessary information with the service provider to fulfill the booking:

  • Your name and contact details
  • Booking details (date, time, service)
  • Additional requests or comments

4.2. Sharing with Service Vendors

We may share data with third-party services that assist us in operating the platform (hosting, analytics, payment processing). These providers are obligated to protect your data and use it only to provide services to us.

4.3. Legal Requirements

We may disclose your data if required by law or upon request by government authorities.

5. Data Retention

We retain your personal data for the period necessary to fulfill the purposes outlined in this policy, or for the period required by law.

Upon account deletion, we delete or anonymize your personal data, unless law requires its retention.

6. Your Rights

6.1. General Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Request deletion of your data
  • Restrict processing of your data
  • Receive a copy of your data in a structured format
  • Withdraw consent for data processing

6.2. California Consumer Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA:

  • Right to know what personal data is collected and how it is used
  • Right to know if your data is sold to third parties
  • Right to opt-out of the sale of personal data
  • Right to non-discrimination for exercising your rights
  • Right to delete personal data (with some exceptions)

To exercise your rights, including CCPA rights, contact us via the feedback form on the platform or use the dedicated CCPA request form.

7. Data Security

We implement modern technical and organizational measures to protect your data from unauthorized access, alteration, disclosure, or destruction:

  • Data encryption during transmission
  • Secure data storage
  • Restricted access to data only for authorized employees
  • Regular monitoring and updating of security systems

8. Cookies and Tracking

We use cookies and similar technologies to improve platform performance, analyze usage, and personalize content. Detailed information about cookies is available in our Cookie Policy.

In accordance with US legal requirements, we provide the ability to manage cookies through browser settings and cookie usage notifications.

9. Children's Privacy (COPPA)

Our platform is not intended for children under 13. We do not knowingly collect personal data from children under 13 without parental consent in accordance with COPPA (Children's Online Privacy Protection Act).

If you are a parent or guardian and believe your child has provided us with personal data, please contact us to remove such information.

10. Changes to Privacy Policy

We may update this Privacy Policy. We will notify you of significant changes via the platform or email.

11. Contact Information

For questions related to personal data processing, you can contact us via the feedback form on the platform or by email.

For requests related to California consumer rights (CCPA), use the special form on the platform or contact us directly with 'CCPA Request' in the subject line.

12. Google User Data (Google Calendar Integration)

If you choose to connect Google Calendar to REXTEN, we request access to your Google Calendar through Google's secure OAuth consent screen. This section explains how REXTEN accesses, uses, stores, and shares Google user data, in addition to the practices described above.

12.1. Data We Access

With your authorization, we use the Google Calendar API (calendar.events scope) only to:

  • Create, update, and delete calendar events that correspond to bookings made in REXTEN
  • Read the calendar events that REXTEN itself created, in order to keep them synchronized

We do not read, collect, or store the content of calendar events that were not created by REXTEN.

12.2. How We Use the Data

We use Google Calendar access solely to provide the synchronization feature you enabled: reflecting your REXTEN appointments in your connected calendar and helping prevent scheduling conflicts. We do not use Google user data for advertising, and we do not use it to develop, improve, or train generalized machine-learning or artificial-intelligence models.

12.3. Storage and Security

We store the OAuth access and refresh tokens required to maintain the connection in encrypted form, together with a mapping between your REXTEN bookings and the corresponding Google Calendar event identifiers. These tokens are used only to perform the synchronization you authorized.

12.4. Sharing

We do not sell Google user data and do not share it with third parties, except with infrastructure providers strictly necessary to operate the service, solely to provide this feature to you, or where required by law.

12.5. Limited Use

REXTEN's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

12.6. Revoking Access

You can disconnect Google Calendar at any time in your REXTEN business settings or via your Google Account permissions at https://myaccount.google.com/permissions. When you disconnect, we stop synchronizing and delete the stored Google tokens.