Privacy Policy

BookingFlow ("we", "us", "our") operates the BookingFlow platform — an online booking and scheduling service for businesses. This Privacy Policy explains how we collect, use, share, and protect information about you.

For questions about this policy, contact us at support@bookingflow.com.

2.1 Information you provide directly

• Account data: name, email address, password (stored as a bcrypt hash — we never store plain-text passwords)
• Business data: business name, location address, service descriptions
• Booking data: customer names, email addresses, phone numbers, appointment details
• Payment data: billing cycle and tier — we do not store payment card details (handled by Paddle)

2.2 Information collected automatically

• Server logs: IP address, browser type, pages visited, timestamps
• Authentication tokens stored in your browser

• To provide and operate the BookingFlow service
• To send transactional emails (booking confirmations, account verification, password resets)
• To process subscription payments via Paddle
• To monitor service health and investigate abuse
• To comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising profiling.

We share your data only with:

• Paddle — to process subscription payments. Subject to Paddle's Privacy Policy
• Email service provider — to deliver transactional emails on our behalf
• Infrastructure providers — hosting and database (under data processing agreements)
• Legal authorities — when required by law or court order

We retain your account data for as long as your account is active. If you close your account, we delete or anonymise your personal data within 30 days, except where we are required by law to retain it longer (e.g., financial records for 7 years).

If you are located in the European Economic Area, you have the following rights:

• Access — request a copy of your personal data
• Rectification — correct inaccurate data
• Erasure — request deletion of your data ("right to be forgotten")
• Restriction — limit how we process your data
• Portability — receive your data in a machine-readable format
• Objection — object to processing based on legitimate interests

To exercise any of these rights, contact support@bookingflow.com. We will respond within 30 days.

We protect your data using industry-standard measures including:

• Passwords hashed with bcrypt (10 rounds)
• Password reset tokens stored as SHA-256 hashes — never in plaintext
• HTTPS-only data transmission
• Regular security reviews

No method of transmission over the Internet is 100% secure. We encourage you to use a strong, unique password.

BookingFlow uses cookies and similar technologies for:

• Authentication (keeping you logged in)
• Session security

We do not use third-party advertising cookies.

BookingFlow is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with data, contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by a prominent notice on the platform. The "Last updated" date at the top of this page indicates when the policy was last revised.