Privacy Policy

Business owners use BookedSolid to run their business — we are the data controller for your account information. Customers of those businessesmay book appointments or leave reviews — for those records, the business is the controller and we process the data on its behalf. If you are a business's customer and want your information changed or deleted, contact the business directly, or contact us and we will assist.

Account data: name, email address, password (stored only as a salted hash), business profile (name, services, address, phone, branding, language).
Customer records a business stores: contact names, phone numbers, addresses, appointment details, notes, and reviews.
Demo-preview data: publicly available business information (name, locality, advertised services) used to prepare personalized previews, as described in our Terms of Use.
Usage data:sign-in events, actions recorded in the service's audit log, and email engagement (see Section 4).

To operate, secure, and improve the service; to deliver email you request or that the service generates (sign-in links, invitations, reminders); to bill subscriptions and postcard orders; to prevent abuse (rate limits, audit logging); and to comply with law. We do not sell personal information, and we do not use a business's customer records for advertising.

Invitation emails include an open-tracking pixel and click-tracked links so we can measure whether an invitation was received, opened, and acted on. This measurement is tied to the invitation, not used to profile you elsewhere. Transactional email (sign-in links, reminders) is not used for marketing analytics.

We use a single, essential session cookie to keep you signed in. No advertising or third-party analytics cookies.

Hosting and storage: Fly.io (United States). Email delivery: our SMTP/email providers. Printing and mailing: print-and-mail providers (e.g., Lob) for postcard orders. Payments (when live): a PCI-compliant payment processor — we never store card numbers. Calendar feeds you subscribe to are fetched by your own calendar provider (Apple, Google) using your secret feed URL.

The service is hosted in the United States; using it transfers your data there. For users in the EU/EEA we honor the rights described in Section 8 and apply standard safeguards to transfers.

You may request access to, correction of, export of, or deletion of your personal data at any time — including removal of an unclaimed demo preview prepared for your business and suppression of further contact. Business owners can delete all stored customer records themselves (Settings → "Reset CRM data"). We respond to requests within 30 days. EU/EEA users additionally have the rights provided by the GDPR, including complaint to a supervisory authority.

Account and customer data are retained while the account exists and for up to 90 days after closure (for recovery and legal purposes), then deleted. Unclaimed demo previews are deleted in the ordinary course of operations. Audit logs are retained for security purposes.

Passwords are stored as salted scrypt hashes; sign-in links are single-use and hashed at rest; all traffic is encrypted in transit (HTTPS); tenant data is isolated per business; and administrative actions are audit-logged. No system is perfectly secure — report concerns to the contact below.

The service is for businesses and is not directed to children under 16.

We will notify you of material changes in-app or by email. Privacy questions and requests: manolis07gr@gmail.com · BookedSolid, Baton Rouge, LA, USA.