Privacy Policy

Enyare is an appointment booking platform operated by Panthra ("we", "us"). This Privacy Policy explains what personal data we collect, why we use it, and the rights you have over it.

Enyare is a multi-organization platform: each office, clinic, or business (the "provider") uses Enyare to manage its own appointments and is the controller of its clients' data. Panthra acts as the technology provider that processes that data on the provider's behalf.

Depending on how you use Enyare, we may collect:

• Data from clients booking an appointment: name, phone number, email address, document number (national ID, passport, or other), and appointment details.

• Data from each organization's staff: name, email address, and login credentials.

• Technical data: IP address, device type, and usage logs, for security and abuse prevention.

We use personal data solely to provide the service: to create and manage appointments, send confirmations and reminders, verify identity where applicable, prevent spam and abuse, and provide support. We do not sell personal data.

To send appointment confirmations and reminders, we use the phone number provided at booking. These messages are sent through messaging providers, including WhatsApp (Meta Platforms) and Twilio.

When a message is sent over WhatsApp, Meta processes the message content and metadata under its own terms and privacy policy. We only send transactional messages related to your appointments; we do not use WhatsApp for marketing without explicit consent.

We share data with service providers that help us operate the platform, limited to what is necessary to deliver the service:

• Meta Platforms (WhatsApp) — message delivery. • Twilio — WhatsApp and SMS message delivery. • Amazon Web Services (AWS) — hosting and infrastructure (São Paulo, Brazil region). • Vercel — website hosting. • Email provider — email notification delivery.

We retain personal data for as long as it is needed to provide the service and meet legal obligations. Audit logs of sensitive actions are kept for one (1) year and then automatically deleted. Appointment history is kept while the organization keeps its account active.

You have the right to access, correct, and request deletion of your personal data, and to object to certain processing. To exercise these rights, contact us at contact@panthratech.com. You may also direct your request to the organization that manages your appointment, which acts as the controller of your data.

Data is stored on Amazon Web Services servers in the São Paulo, Brazil region (sa-east-1). Some messaging and web-hosting providers may process data in other regions under their own data-protection safeguards.

When Enyare is used in a medical context, appointments may be associated with health data. We treat this data with appropriate confidentiality and in accordance with applicable data-protection law (including Argentina's Personal Data Protection Act, Law 25.326). The healthcare provider is the controller of this data.

We may update this Privacy Policy from time to time. We will post the current version on this page and indicate the date of the last update at the top.

If you have questions about this Privacy Policy or how we handle your data, contact us at contact@panthratech.com.