← Back

Privacy Policy

Last updated: 2026-07-12

Who we are

This platform provides appointment booking software to independent businesses (“Businesses”). When you book an appointment, the Business you book with is the data controller of your information; we act as a data processor on their behalf.

What we collect

  • Booking details: your name, email address, phone number, chosen service, appointment time, and any notes you provide.
  • Business account data: for business owners and staff — name, email, and hashed password.
  • Technical logs: IP addresses in security audit logs (login attempts, booking creation) retained for security purposes.

What we do NOT do

  • We do not use third-party advertising or analytics trackers.
  • We do not sell or share your personal data with data brokers.
  • We do not use your data for profiling or automated decision-making.
  • We do not send you marketing unless you explicitly opted in at booking.

Cookies

We use only strictly necessary session cookies for business-owner logins (httpOnly, secure). We set no advertising, analytics, or cross-site tracking cookies. Because we use no non-essential cookies, no cookie consent banner is required.

How long we keep data

  • Booking records: retained while the Business maintains its account, for their operational and accounting needs.
  • Security audit logs: retained up to 12 months.
  • Marketing consent: until you withdraw it.

Your rights (GDPR / CCPA)

You may request access to, a portable copy of, correction of, or deletion of your personal data. Contact the Business you booked with directly — they can export or erase your data using built-in tools. Where data is erased, booking records are anonymized (transaction records may be retained without personal identifiers where legally required, e.g. for tax purposes).

Payment data

If a Business enables online payment, card details are processed directly by Stripe and never touch our servers. See Stripe’s privacy policy for details.

Security

Data is encrypted in transit (TLS). Passwords are hashed with bcrypt. Access is isolated per Business (tenant isolation). Security-relevant actions are audit-logged.

Contact

For privacy questions about a specific booking, contact the Business you booked with. For platform-level questions, contact the platform operator.