Privacy Policy

Effective date: March 9, 2026

Room Consulting (“we”, “us”, or “our”) operates the room.consulting website (the “Platform”). This Privacy Policy describes in detail how we collect, use, store, share, and protect your personal information when you visit our website, register an account, book consultations with experts, or interact with us in any other way.

By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use the Platform.

1. Information We Collect

We collect different categories of information depending on how you interact with the Platform. Below is a detailed breakdown of each category.

1.1 Information You Provide Directly

  • Account and profile information: when you register as an expert or create a booking, we collect your full name, email address, phone number (if provided), professional title, organizational affiliation, areas of expertise, and any biography or summary you choose to share on your profile.
  • Booking details: when you schedule a consultation, we collect the selected expert, consultation package, preferred date and time, and any message or notes you include with your booking request.
  • Communications: if you contact us via email or through the Platform, we retain the content of those communications, including any attachments, along with your contact details and our responses.
  • Expert dashboard data: experts who use the Platform provide additional information such as their availability schedule, working hours, time zone preference, consultation packages and pricing, and minimum notice period for bookings.

1.2 Payment Information

All payment transactions are processed by our third-party payment processor, Stripe, Inc. When you make a payment, your credit or debit card details (card number, expiration date, CVC) are collected and processed directly by Stripe through their secure, PCI DSS Level 1 compliant infrastructure. We do not receive, store, or have access to your full card number. We only receive a transaction confirmation, the last four digits of your card, the card brand, and the transaction amount for our records.

1.3 Calendar Data

If you are an expert and choose to connect your Google Calendar account, we request access to your calendar data using the OAuth 2.0 protocol with the scope https://www.googleapis.com/auth/calendar. This allows us to:

  • Read your existing calendar events to determine your availability and prevent double-booking.
  • Create new calendar events for confirmed consultations, including the client’s name, consultation type, and scheduled time.
  • Update or remove calendar events if a booking is cancelled or rescheduled.

We store the OAuth refresh token securely in our database to maintain the connection. You can disconnect your Google Calendar at any time from your expert dashboard, which will immediately revoke our access and delete the stored tokens.

1.4 Information Collected Automatically

When you visit the Platform, we automatically collect certain technical information, including:

  • Device and browser information: browser type and version, operating system, device type (desktop, mobile, tablet), screen resolution, and language preferences.
  • Network information: your IP address, internet service provider, and approximate geographic location derived from your IP address.
  • Usage information: pages you visit, links you click, time spent on each page, referring website or source, and the date and time of your visits.
  • Cookies and similar technologies: we use cookies and local storage to maintain your session, remember your preferences, and ensure the Platform functions correctly. See Section 7 for more details.

2. How We Use Your Information

We process your personal information for the following specific purposes:

2.1 Providing and Operating the Platform

  • Creating and managing your user account or expert profile.
  • Displaying expert profiles, qualifications, and availability to potential clients.
  • Processing and confirming consultation bookings between clients and experts.
  • Facilitating payment transactions through Stripe.
  • Managing calendar integrations to synchronize booking schedules.

2.2 Communications

  • Sending booking confirmation emails to both clients and experts with consultation details (date, time, expert/client name, consultation type).
  • Sending booking reminder notifications before scheduled consultations.
  • Notifying you of booking cancellations, rescheduling, or refunds.
  • Responding to your inquiries, support requests, or feedback.
  • Sending important service-related announcements, such as changes to our Terms of Service or this Privacy Policy.

2.3 Improving the Platform

  • Analyzing usage patterns to understand how users interact with the Platform and identify areas for improvement.
  • Diagnosing technical issues, monitoring performance, and ensuring the Platform operates reliably.
  • Developing new features and services based on user needs and feedback.

2.4 Legal and Safety Purposes

  • Complying with applicable laws, regulations, and legal processes.
  • Protecting the rights, property, and safety of Room Consulting, our users, and the public.
  • Detecting, preventing, and addressing fraud, abuse, or security incidents.
  • Enforcing our Terms of Service and other agreements.

3. Legal Basis for Processing

We process your personal information based on the following legal grounds:

  • Contract performance: processing necessary to fulfill our obligations under our Terms of Service, such as facilitating bookings and processing payments.
  • Legitimate interests: processing necessary for our legitimate business interests, such as improving the Platform, ensuring security, and communicating with users, provided these interests are not overridden by your rights.
  • Consent: where you have given explicit consent, such as connecting your Google Calendar. You may withdraw consent at any time.
  • Legal obligations: processing necessary to comply with applicable laws and regulations.

4. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We share your information only in the following limited circumstances:

4.1 Between Clients and Experts

When a booking is confirmed, we share relevant details between the parties involved. Clients receive the expert’s name, profile information, and calendar event details. Experts receive the client’s name, email address, selected consultation package, and any notes provided during booking. This sharing is necessary to facilitate the consultation.

4.2 Service Providers

  • Stripe: we share transaction-related data with Stripe to process payments. Stripe acts as an independent data controller for payment information. Please review Stripe’s Privacy Policy for details on how they handle your data.
  • Google: if an expert connects their Google Calendar, booking event data (consultation title, time, and participant names) is shared with Google to create calendar events. Please review Google’s Privacy Policy for more information.
  • Hosting and infrastructure: our Platform is hosted on servers that may process your data as part of providing hosting services. These providers are contractually obligated to protect your data.
  • Email delivery: we use email services to send transactional emails such as booking confirmations and notifications.

4.3 Legal Requirements

We may disclose your personal information if required to do so by law or in the good-faith belief that such action is necessary to: comply with a legal obligation or valid legal process; protect and defend the rights or property of Room Consulting; prevent or investigate possible wrongdoing; or protect the personal safety of users or the public.

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, including:

  • Account data: retained for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law.
  • Booking records: retained for a minimum of 3 years after the consultation date for accounting, tax, and legal compliance purposes.
  • Payment records: transaction records are retained as required by applicable financial regulations and tax laws.
  • Communication records: retained for up to 2 years after the last interaction unless a longer retention period is required for legal or dispute resolution purposes.
  • Technical logs: server logs and usage data are retained for up to 12 months for security and performance analysis purposes.

6. Data Security

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it, including:

  • Encryption in transit: all data transmitted between your browser and our servers is encrypted using TLS/HTTPS protocols.
  • Secure payment processing: payment information is handled entirely by Stripe, which maintains PCI DSS Level 1 certification — the highest level of security compliance in the payment industry.
  • Access controls: access to personal data is restricted to authorized personnel who need it to perform their duties.
  • Secure token storage: OAuth tokens for calendar integrations are stored securely and can be revoked by the user at any time.
  • Regular updates: we regularly update our software and infrastructure to address known security vulnerabilities.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents.

7. Cookies and Similar Technologies

We use cookies and similar technologies for the following purposes:

  • Essential cookies: these are necessary for the Platform to function properly. They maintain your login session, remember your preferences, and enable core features like booking and payment. The Platform cannot function without these cookies.
  • Security cookies: these help protect against cross-site request forgery (CSRF) and other security threats by validating that requests come from legitimate users.

We do not use third-party advertising or tracking cookies. We do not participate in cross-site tracking or targeted advertising networks.

Most web browsers allow you to control cookies through their settings. However, disabling essential cookies may prevent certain features of the Platform from working correctly.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Right of access: you may request a copy of the personal data we hold about you, including the categories of data, the purposes of processing, and any third parties with whom it has been shared.
  • Right to rectification: you may request that we correct any inaccurate or incomplete personal data. Experts can update most of their profile information directly through the dashboard.
  • Right to erasure: you may request that we delete your personal data, subject to certain exceptions (such as legal retention requirements or ongoing contractual obligations).
  • Right to restrict processing: you may request that we limit the processing of your personal data in certain circumstances, such as while we verify the accuracy of your data.
  • Right to data portability: you may request to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object: you may object to the processing of your personal data for certain purposes, such as direct marketing.
  • Right to withdraw consent: where processing is based on your consent (such as Google Calendar integration), you may withdraw consent at any time. Withdrawing consent does not affect the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact us at info@room.consulting. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction. When we transfer data internationally, we take appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy and applicable law.

10. Children’s Privacy

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at info@room.consulting.

11. Third-Party Links

The Platform may contain links to third-party websites or services, such as expert LinkedIn profiles. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Effective date” at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after any changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: