Privacy Policy

Last updated: March 24, 2026

This Privacy Policy ("Policy") describes how Book Tech, LLC, a Missouri limited liability company ("BookShip," "we," "us," or "our") collects, uses, shares, and protects personal information when you use the BookShip platform, website, and related services (collectively, the "Service"). By using the Service, you agree to the practices described in this Policy.

1. Scope

This Policy applies to all users of the Service, including:

  • Providers — businesses and individuals who use BookShip to manage appointments, clients, and payments.
  • Guests — individuals who book appointments or purchase services through a Provider's BookShip-powered booking portal.
  • Visitors — individuals who browse our marketing website without creating an account.

When a Guest books an appointment, the Provider is independently responsible for how they use and protect Guest data within their own business. This Policy covers BookShip's handling of data as a platform — it does not govern Providers' independent use of client information outside of BookShip.

2. Information We Collect

2.1 Information You Provide

Provider account information: name, email address, phone number, profile photo, business name, and business address.

Team member information: name, email, phone number, and role within the team.

Guest booking information: name, email address, phone number, and any notes provided during the booking process.

Client records: Providers may store additional client information such as mailing address, birthday, and gender preference.

Payment information: when you save a payment method or process a transaction, payment card details are collected and processed by Stripe. BookShip stores only a token reference, card brand, last four digits, and expiration date — we never store full card numbers.

Communications: SMS messages, appointment confirmations, and other messages sent through the Service.

2.2 Information Collected Automatically

When you use the Service, we may automatically collect:

  • Device information — browser type, operating system, device type, and screen resolution.
  • Usage data — pages viewed, features used, and interactions with the Service.
  • Log data — IP address, access times, and referring URLs.
  • Booking analytics — referral source, UTM parameters, and booking conversion data.

2.3 Information from Third Parties

We may receive information from third-party services you connect to BookShip, including Stripe (payment account status and verification results) and Twilio (SMS delivery status).

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service, including scheduling, payments, and client management.
  • Process transactions and send related information such as confirmations, receipts, and reminders.
  • Send SMS appointment reminders, confirmations, and Provider-initiated messages.
  • Respond to your requests, comments, and questions.
  • Monitor and analyze usage trends to improve the user experience.
  • Detect, investigate, and prevent fraudulent or unauthorized activity.
  • Comply with legal obligations and enforce our Terms of Service.
  • Send you service-related announcements (e.g., maintenance notices, security alerts, billing updates).

We do not sell your personal information. We do not use your data for targeted advertising.

4. How We Share Your Information

4.1 Between Providers and Guests

When a Guest books an appointment, their booking information (name, email, phone number, and any notes) is shared with the Provider to facilitate the appointment. Providers can view and manage this information within their BookShip account.

4.2 Service Providers

We share information with third-party service providers who perform services on our behalf:

  • Stripe — payment processing and billing. Stripe receives payment card details, transaction amounts, and identity verification data. See Stripe's Privacy Policy.
  • Twilio — SMS delivery. Twilio receives phone numbers and message content. See Twilio's Privacy Policy.
  • Supabase — database hosting and authentication. See Supabase's Privacy Policy.
  • Sentry — error monitoring and performance tracking. Sentry may receive technical data and error logs.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency), or if we believe disclosure is necessary to protect the rights, property, or safety of BookShip, our users, or the public.

4.4 Business Transfers

If BookShip is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

5. Payment Data

BookShip facilitates payment processing through Stripe. Each Provider operates as their own merchant of record on their own Stripe connected account.

  • Card tokenization: full card numbers are never stored on BookShip servers. Card data is tokenized by Stripe and managed in accordance with PCI DSS standards.
  • Card sharing: when a Guest saves a payment method and later pays a Provider, the tokenized payment method is securely shared with the Provider's Stripe connected account to process the charge.
  • Transaction metadata: BookShip stores transaction records including amount, date, payment status, card brand, last four digits, and Stripe transaction identifiers for accounting and dispute resolution purposes.
  • Financial record retention: payment and transaction records are retained indefinitely as required for legal and accounting purposes and are never deleted.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service. These include:

  • Essential cookies — required for authentication, session management, and security. These cannot be disabled.
  • Analytics cookies — help us understand how users interact with the Service so we can improve it.

We do not use advertising or tracking cookies. We do not serve third-party ads on the Service.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specific retention practices include:

  • Account data: retained while your account is active. Upon account deletion, we will remove your personal information within thirty (30) days, except where retention is required by law.
  • Client records: Providers may deactivate client records (soft delete). Deactivated records are hidden from the interface but retained in the database for historical reporting.
  • Financial records: payment transactions, sales records, and related data are retained indefinitely for legal and accounting purposes.
  • SMS messages: message logs are retained for the duration of the team's account.
  • Aggregated data: anonymized, aggregated data may be retained indefinitely for analytics and service improvement.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest.
  • Row-level security policies ensuring that users can only access data belonging to their own team.
  • Authentication via secure session management.
  • PCI DSS compliance for payment data, handled entirely by Stripe.

While we take reasonable measures to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access: request a copy of the personal information we hold about you.
  • Correction: request correction of inaccurate or incomplete information.
  • Deletion: request deletion of your personal information, subject to legal retention requirements.
  • Data portability: request an export of your data in a commonly used format.
  • Opt-out of SMS: reply STOP to any SMS message to unsubscribe from future messages.
  • Account deletion: you may request deletion of your account by contacting us. We will process your request within thirty (30) days.

To exercise any of these rights, please contact us through the Service. We will not discriminate against you for exercising your privacy rights.

10. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe we may have collected information from a child, please contact us.

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read the privacy policies of any third-party services you access through the Service.

12. Additional Information for U.S. State Privacy Laws

If you are a resident of California, Colorado, Connecticut, Virginia, or another state with comprehensive privacy legislation, you may have additional rights, including:

  • Right to know: what categories of personal information we collect, use, and disclose.
  • Right to delete: request deletion of your personal information.
  • Right to opt out of sale: we do not sell your personal information.
  • Right to non-discrimination: we will not discriminate against you for exercising your rights.

Categories of Information Collected

In the preceding twelve (12) months, we have collected the following categories of personal information:

  • Identifiers (name, email, phone number, IP address).
  • Commercial information (transaction records, booking history).
  • Internet or electronic network activity (usage data, log data).
  • Professional information (business name, team role, license information).

We do not sell or share personal information for cross-context behavioral advertising.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service at least thirty (30) days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.