Citauno Citauno
Sign in Sign up

Privacy policy

Last updated: Saturday, April 25, 2026

1. Summary

Citauno respects your privacy. This policy explains what personal data we collect, for what purposes, who we share it with, how long we retain it, what your rights are and how to exercise them. Applies to the use of citauno.com and any related service.

2. Data controller

The controller of your personal data is Citauno, with domicile in the Republic of Paraguay. Contact: hola@citauno.com.

3. What data we collect

a) Data you give us

  • Account: first name, last name, email, password (hash), phone, WhatsApp.
  • Google profile (if you choose OAuth): verified email, name, public photo.
  • Bookings: chosen services, professional, location, date and time, notes for the business.
  • Payments: Bancard processes payments. Citauno keeps amount, currency, status, transaction ID and the last 4 card digits. We do not store full number, CVV or expiry.
  • Reviews: rating, comment, optional attributes (service, professionalism, cleanliness, punctuality).
  • Business (for Businesses): legal name, billing details, locations, hours, team, services, photos.

b) Data we collect automatically

  • Technical logs: IP, user-agent, timestamps, pages visited, errors.
  • Session cookies and language preferences.
  • Approximate geolocation when using "Near me" search (only with your explicit permission and only at search time; we don't store it).

4. What we use your data for

  • Create and maintain your account, authenticate you and protect the Platform from fraud.
  • Process bookings and communicate them to the chosen Business.
  • Send automatic reminders by email and, when you've enabled it, by WhatsApp.
  • Process online payments via Bancard.
  • Display your public review on the Business profile (only first name + rating + comment).
  • Improve the product: aggregate stats, error prevention, debugging.
  • Comply with legal obligations or competent authority requests.

5. Legal basis

We process your data based on (i) contract execution when you book or contract a plan; (ii) your consent when you enable optional features (Near me, WhatsApp reminders); (iii) legitimate interests for security and service improvement; and (iv) compliance with legal obligations.

6. Who we share your data with

  • The Business you chose: receives your first name, last name, email, phone, WhatsApp, booked services, date and time, and your notes. It is the natural recipient of your booking.
  • Bancard: when you pay online. Handles your payment method under PCI-DSS. Citauno only receives the transaction result.
  • Infrastructure providers: Amazon Web Services (hosting, database, storage), transactional email and WhatsApp/SMS messaging providers. They operate as data processors under our instructions.
  • Google (if you sign in with Google): Google delivers your verified email, name and public photo to Citauno. Citauno does not share your data with Google beyond the OAuth flow.
  • Competent authorities: only when there is a binding legal order.

Citauno does not sell your personal data to third parties.

7. International transfers

Our infrastructure is hosted on AWS (us-east-1, United States). Therefore, your data may be processed outside Paraguay. We apply encryption in transit (TLS) and at rest (AES-256) and require equivalent standards from our providers.

8. How long we retain your data

  • Account data: while your account is active, plus 24 months for accounting and fraud prevention.
  • Bookings: 5 years, a reasonable term for audits and disputes.
  • Payments (transaction record, not card): 10 years, per accounting and tax rules.
  • Technical logs: 90 days.
  • Reviews: while the Business is active, except deletion at your request.

9. Your rights

You may exercise the following rights at any time:

  • Access: obtain a copy of your data.
  • Rectification: correct inaccurate data.
  • Deletion: delete your account and your data, except those we must keep by law or by an open contractual obligation.
  • Portability: receive your bookings, clients and services in CSV format.
  • Objection / restriction: to processing based on legitimate interest.
  • Withdraw consent: for optional features (Near me, email marketing, WhatsApp).

To exercise them write to hola@citauno.com from the email registered in your account. We respond within 30 days.

10. Cookies

We use cookies strictly necessary to authenticate you and remember your language. We don't use third-party advertising cookies. If we enable analytics, it will be aggregate and anonymized.

11. Security

We apply TLS 1.2+ encryption in transit, AES-256 at rest, secrets in AWS Parameter Store, bcrypt-hashed passwords, role-based access control, daily automatic backups and log monitoring. No system is 100% secure: if you spot an issue write to hola@citauno.com.

12. Minors

Citauno is not directed to children under 13. If you are a minor, you must use the Platform under the supervision of a responsible adult.

13. Changes to this policy

We may update this policy. We will publish changes on this page and, if material, we'll notify by email.

14. Contact

Any privacy enquiry, write to hola@citauno.com.