Privacy Policy

Booksi.ai ("we", "our", "us") is an AI-powered appointment booking platform for small businesses. Our service is available at booksi.site. For privacy-related inquiries, contact us at udvariarnold@gmail.com.

We collect the following categories of personal data:

• Account data: name, email address, password (hashed), phone number, business name
• Booking data: customer name, email, phone, appointment date/time, service, notes
• Review data: star ratings and optional comments submitted after appointments
• Technical data: IP address (in server logs), browser type, pages visited
• Payment data: billing email and subscription status (card details handled exclusively by Stripe — we never see or store card numbers)

• Providing and operating the booking service
• Sending appointment confirmations, reminders, and cancellation notices by email
• Requesting post-appointment reviews from customers
• Processing subscription payments via Stripe
• Sending daily booking summaries to business owners
• Responding to support requests

We do not sell your data to third parties. We do not use your data for advertising.

• Contract performance: processing bookings and managing accounts
• Legitimate interest: appointment reminders, daily summaries, review requests
• Legal obligation: retaining payment records as required by law
• Consent: optional marketing communications (if any)

We use two categories of cookies:

• Strictly necessary: A single authentication session cookie (booksi_session) that keeps you logged in. It is HttpOnly, Secure (HTTPS only), and deleted on logout.
• Analytics (with consent): We use Google Analytics 4 to understand how visitors use our website (page views, session duration, traffic sources). This is loaded only after you click "Got it" on the cookie banner. Google Analytics uses anonymized IP addresses and does not identify you personally. You can opt out at any time by clearing your browser's localStorage (key: booksi_cookie_consent) or using the Google Analytics Opt-out Browser Add-on.

We do not use advertising cookies or sell your data to any third party.

• Account data: retained while your account is active; deleted upon request
• Booking history: retained for 3 years for business record-keeping purposes
• Server logs: automatically deleted after 30 days
• Payment records: retained for 7 years as required by financial regulations

We use the following sub-processors:

• Supabase (database hosting, EU region) — privacy policy
• Vercel (hosting & CDN) — privacy policy
• Stripe (payments) — privacy policy
• Resend (transactional email) — privacy policy
• Groq (AI processing) — booking requests may be processed by Groq's API; no personal data is retained by Groq beyond the request
• Google Analytics 4 (analytics, consent-based) — anonymized usage statistics; data processed in the EU/US under Google's DPA — privacy policy

Under GDPR, you have the right to:

• Access: request a copy of your personal data
• Rectification: correct inaccurate data
• Erasure: request deletion of your data ("right to be forgotten")
• Portability: receive your data in a machine-readable format
• Restriction: limit how we process your data
• Objection: object to processing based on legitimate interest

To exercise any of these rights, email us at udvariarnold@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with your national data protection authority.

We implement appropriate technical and organizational measures to protect your data: encrypted connections (HTTPS/TLS), hashed passwords (bcrypt), HttpOnly session cookies, and access controls limiting who can view personal data.

We may update this Privacy Policy periodically. Material changes will be communicated via email to registered users. Continued use of the service after changes constitutes acceptance of the updated policy.