Privacy Policy

1. Information We Collect

We collect the following categories of personal data when you create an account or use the bookt platform:

• Identity: Full name, email address, phone number.
• Authentication credentials: Passwords are hashed using industry-standard algorithms; bookt never has access to your plaintext password.
• Profile: Avatar photo, biography, neighborhood, Instagram handle.
• Provider business data: Service offerings, availability hours, license photo, business name, business address, and Stripe Connect account ID.
• Client booking history: Booking records, service details, timestamps, and payment amounts.
• Portfolio media: Photos and captions posted by providers to their profile.
• Messages: In-app communications between clients and providers.
• Payment data: Payment processing is handled exclusively by Stripe. bookt does not store card numbers, bank account details, or other raw payment credentials.
• Device data: Push notification tokens, app version, and operating system.
• Precise geolocation (sensitive under TDPSA):When you grant location permission, bookt accesses your precise location (within approximately 1,750 feet) to power the "nearby providers" feature. This is considered sensitive personal data under the Texas Data Privacy and Security Act. See Section 7 for details.

2. How We Use Your Data

• Operate the marketplace: match clients with providers, facilitate bookings, and confirm appointments.
• Payment processing: transmit booking amounts to providers via Stripe Connect.
• Communication: send push notifications, transactional emails, and in-app messages related to your account and bookings.
• Service improvements: analyze usage patterns to improve features and fix bugs.
• Fraud prevention: detect and investigate suspicious activity.
• Legal compliance: comply with applicable laws, including the Texas Data Privacy and Security Act (TDPSA).

3. Third-Party Processors

We share your data with the following service providers only to the extent necessary to operate bookt:

• Supabase — database, authentication, file storage, edge functions, and platform hosting.
• Stripe — payment processing, Stripe Connect onboarding, and KYC verification for providers.
• Resend — transactional email delivery (booking confirmations, notifications).
• Expo — push notification infrastructure for iOS and Android.
• Sentry — crash reporting and application performance monitoring. Sentry may receive anonymized device and error data.
• Google Maps — map display within the app. Google's own privacy policy governs map tile requests.
• Vercel — web hosting for joinbookt.com, including this Privacy Policy and Terms of Service.

We do not sell your data to any of these processors or to any other third parties.

4. Sale of Personal Data

bookt does not sell personal data. We do not engage in targeted advertising, behavioral profiling for ad purposes, or data brokerage. Your data is used solely to operate the bookt marketplace.

5. Your Rights Under TDPSA

If you are a Texas resident, the Texas Data Privacy and Security Act (TDPSA, effective July 1, 2024) gives you the following rights with respect to your personal data:

• Right to access: Request a copy of the personal data we hold about you.
• Right to deletion: Request deletion of your personal data. You can exercise this right directly in the app (Profile → Account → Delete Account) or via the web at joinbookt.com/account/delete.
• Right to correction: Request correction of inaccurate personal data.
• Right to data portability: Request a copy of your data in a portable format.
• Right to opt out of profiling: bookt does not engage in targeted advertising or profiling for commercial purposes, so this right is not currently applicable.

To exercise any of these rights, use the in-app deletion flow or email privacy@joinbookt.com.

6. Sensitive Data — Precise Geolocation

Precise geolocation is sensitive personal data under TDPSA. bookt collects precise location (within approximately 1,750 feet) only for the "nearby providers" feature, which shows beauty professionals near you. Location access is triggered by an OS-level permission prompt on iOS and Android. You may revoke this permission at any time in your device's Settings. If location permission is denied, the app continues to function using your city-level location only. We do not sell or share your geolocation data with third parties for advertising purposes.

7. Children's Data (Age 16+)

bookt requires all users to be at least 16 years old. We do not knowingly collect personal data from children under the age of 16. If we learn that we have inadvertently collected data from a user under 16, we will delete it within 30 days of notification. If you believe a minor has registered on bookt, please contact us at privacy@joinbookt.com.

8. Data Retention & Deletion

When you delete your account — either in-app or via joinbookt.com/account/delete— your profile is anonymized: your name is replaced with "Deleted User," your email, phone, and avatar are removed, and your future bookings are cancelled. Past completed booking records and provider reviews are retained in anonymized form to preserve marketplace integrity. Stripe payment history is retained according to Stripe's regulatory retention schedule. You will not be able to sign back in after deletion.

9. Security

All data is transmitted using TLS 1.2 or higher and stored in Supabase's managed PostgreSQL database, which encrypts data at rest. We enforce Row-Level Security (RLS) on all user data so that each user can only access their own records. Sensitive server-side secrets (Stripe keys, Supabase service role keys) are stored as environment variables in Vercel and Supabase and are never exposed to client-side code.

10. Changes to This Policy

We will notify users of material changes to this Privacy Policy via email and through an in-app notification. The "Effective" date at the top of this page reflects when the current version took effect. Continued use of bookt after changes become effective constitutes your acceptance of the revised policy.

11. Contact

For privacy-related requests or questions, contact us at: privacy@joinbookt.com
bookt LLC, Houston, TX