Back

Privacy Policy

Last updated: June 9, 2026 · v2026-06-09

This Privacy Policy explains how FlowBook and the businesses using it collect, use, store, and protect your personal information. When you book through a business that uses FlowBook, that business is also a controller of your data.

1. Information we collect

Identity & contact data: your name, email address, and phone number.

Booking data: appointment history, services, staff, and any notes you provide.

Payment data: processed by our payment provider (Stripe). We do not store full card numbers.

Technical data: IP address, device/browser information, and cookies.

2. How we use your information

We use your data to create and manage your account and bookings; send appointment confirmations, reminders, and account notifications by email, SMS, and WhatsApp (SMS only with your consent); process payments and deposits; provide support; prevent fraud and secure the service; and meet legal obligations.

Where applicable we rely on your consent (e.g., SMS), the performance of our contract with you (providing the booking service), and our legitimate interests (operating and improving the service).

3. Communications (SMS & email)

With your consent, we send appointment reminders and notifications by SMS, WhatsApp, and email. SMS is opt-in and never a condition of purchase. You can opt out at any time by replying STOP, or in your profile (see our Messaging Terms).

4. How we share information

We share data only with service providers that help us operate FlowBook, under contract and on our instructions: Stripe (payment processing), Twilio (SMS delivery), SendGrid (email delivery), and Supabase (database hosting and authentication). We do not sell your personal information.

5. Data retention

We keep your data while your account is active. You may request deletion at any time; data is permanently removed after a 30-day grace period.

6. Your rights

You may request to access, correct, export, or delete your personal data, and withdraw consent, by emailing [email protected]. You can also request account deletion from your profile.

7. Security

We protect your data with encryption in transit (TLS/HTTPS), access controls, hashed credentials, and reputable infrastructure providers. No method of transmission or storage is completely secure, but we work to protect your information.

8. Children

The service is not directed to children under 13, and we do not knowingly collect their data.

9. Contact

Questions or privacy requests? Contact us at [email protected].