FILE —08 / PRIVACYEFFECTIVE 2026-05-17U.S. ONLYv1.0
/ 08POLICY

Privacypolicy.

1. Introduction

This Privacy Policy explains how BookAClip (“BookAClip,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you use BookAClip, including the website at bookaclip.com, our provider applications, public booking pages, and related services (collectively, the “Platform”).

The Platform is operated from and intended only for users in the United States. We have not designed the Platform to comply with non-U.S. privacy laws and we do not invite access from outside the United States. If you are outside the United States, do not use the Platform.

This Policy applies to:

  • Providers— barbers, beauty professionals, and shops who register accounts to take Bookings; and
  • Clients— individuals who book appointments with Providers through the Platform.

It does not apply to information that a Provider collects or processes outside of the Platform. Once a Client books with a Provider, the Provider becomes an independent data controller for the information they receive about that Client; the Provider’s own privacy practices apply to their handling of that information.

2. Information we collect

2.1 Information Providers give us

When you register and use a Provider account, we collect:

  • Identity and contact information— name, business name, email address, optional phone number, optional profile photo.
  • Authentication credentials— a hashed password (managed through our authentication provider); we never store passwords in plain text. If you sign in through an OAuth provider we support, we receive a limited identity token rather than your provider password.
  • Business information— service catalog (names, descriptions, prices, durations), working hours, location, public booking page slug, cancellation policy.
  • Payments setup— your Stripe Connect account identifier and high-level account status. We do not collect or store your full bank account number, tax identification number, government ID, or other KYC documents. Stripe collects those directly and is the controller for that information.
  • Support and communications— messages you send us, including support requests, feedback, and survey responses.

2.2 Information Clients give us at booking

Clients do not create accounts. When a Client books, we collect:

  • Contact details— name, phone number in E.164 format, and optionally email.
  • Booking details— the Provider booked, Service selected, appointment date and time, notes the Client adds.
  • Payment data— collected by Stripe directly through Stripe Elements or Stripe Terminal. Payment card details never touch BookAClip’s servers. We receive only a token, a last-four digit summary, brand, and confirmation status.

2.3 Information collected automatically

When you use the Platform, we and our service providers automatically collect:

  • Device and connection data— IP address, browser type and version, device type, operating system, and language.
  • Usage data— pages and screens viewed, features used, links clicked, referring URLs, and timestamps.
  • Error and diagnostic data— application errors, stack traces, and performance metrics collected through Sentry.
  • Cookies and similar technologies— see Section 5.

2.4 Information from third parties

We receive information from third parties that we use to operate the Platform, including:

  • Stripe— confirmations of identity verification status, payout status, dispute notifications, and transaction-level metadata for payments processed for your account.
  • Authentication and OAuth providers— if you log in through a supported third party, basic profile information consistent with what you authorize that provider to share.
  • Fraud-prevention signals— risk scoring or device fingerprinting from our infrastructure or payment providers.

We do not buy personal information from data brokers.

3. How we use information

We use the information we collect to:

  • Operate the Platform— host accounts, render booking pages, send appointment confirmations, calendar invites, and reminders, and otherwise deliver requested functionality.
  • Account management— create, secure, and authenticate accounts; verify Provider eligibility; and manage Subscriptions.
  • Payment orchestration— coordinate with Stripe to process payments, collect platform fees, route payouts, and surface receipts and refund flows.
  • Customer support— respond to questions, troubleshoot issues, and follow up on feedback.
  • Communications— transactional messages (booking confirmations, receipts, account notices, security alerts, Subscription billing notices), which are essential to the service and cannot be opted out of while you have an active account or Booking; and product updates, tips, and marketing messages, only where permitted by law. You can opt out of marketing at any time using the unsubscribe link in those messages or by contacting us.
  • Safety, fraud, and security— detect and prevent fraud, abuse, security incidents, and policy violations; investigate suspicious activity; and enforce our Terms.
  • Analytics and improvement— understand how the Platform is used, measure performance, and improve features.
  • Legal compliance— comply with applicable laws, regulations, court orders, and legitimate requests from government authorities; establish, exercise, or defend legal claims.

4. How we share information

We share personal information only in the situations described below. We do not sell personal information for money.

4.1 With Providers (when a Client books)

When a Client books with a Provider, we share the Client’s name, phone number, optional email, Service selected, appointment time, and any notes the Client added with that Provider. The Provider needs this information to deliver the Service.

Once shared with the Provider, the Provider acts as an independent data controller for that information. The Provider’s own privacy practices, retention rules, and applicable laws govern how the Provider handles it from that point on. BookAClip is not responsible for Provider data practices outside the Platform.

4.2 With Stripe

We share information with Stripe to process payments, onboard Providers to Stripe Connect, evaluate risk and fraud, manage payouts, and bill Subscriptions. Stripe acts as a separate controller (and as a processor for some functions) under its own privacy policy at stripe.com/privacy.

4.3 With service providers and subprocessors

We use trusted third parties to run the Platform. They process personal information on our behalf, under contract, and are not permitted to use it for their own purposes. Our current subprocessors include:

  • Cloudflare, Inc.— API hosting (Cloudflare Workers), DNS, edge security.
  • Vercel Inc.— web application hosting.
  • Our managed Postgres provider— primary application database.
  • Sentry (Functional Software, Inc.)— error monitoring and performance diagnostics.
  • Stripe, Inc.— payments, Connect, Terminal, and Subscription billing (see Section 4.2; Stripe also acts as a separate controller for some processing).
  • Our authentication provider— credential storage and session management.
  • Our email/transactional messaging provider— sending booking and account emails.

We may update this list from time to time as our infrastructure changes. The current list is available on request at hello@bookaclip.com.

4.4 For legal reasons

We may disclose information if we reasonably believe doing so is necessary to: (a) comply with applicable law, legal process, or a lawful government request; (b) enforce our Terms or other agreements; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of BookAClip, our users, or others.

4.5 Business transfers

If BookAClip is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction. We will notify you (for example, by email or in-app notice) if your information becomes subject to a materially different privacy policy after such a transfer.

4.6 With your consent

We share information with other parties only when you direct or consent to it.

4.7 Aggregated or de-identified information

We may use and share information that has been aggregated or de-identified so that it does not reasonably identify you.

5. Cookies and similar technologies

We and our service providers use cookies, local storage, and similar technologies for the following purposes:

  • Strictly necessary— keep you signed in, secure your session, remember items like cookie preferences, and load-balance traffic. These are required for the Platform to function and cannot be turned off without breaking it.
  • Preferences— remember settings like display preferences.
  • Analytics and performance— understand how the Platform is used and detect errors (for example, Sentry session tracking for crash reports).

You can control cookies through your browser settings. Most browsers let you block or delete cookies, but doing so may break parts of the Platform. We do not currently respond to “Do Not Track” browser signals because there is no agreed standard, but we honor Global Privacy Control (GPC) signals as an opt-out of “sale” or “sharing” under U.S. privacy laws.

6. Data retention

We retain personal information only as long as needed to provide the Platform, comply with our legal obligations, resolve disputes, and enforce our agreements. In general:

  • Provider accounts— retained for the life of the account plus a reasonable wind-down period after account closure.
  • Booking records and transaction logs— retained for up to seven (7) years to meet U.S. tax, accounting, and financial recordkeeping requirements.
  • Authentication logs and security events— retained for the period needed to investigate and prevent abuse, typically up to 24 months.
  • Error and diagnostic data— retained according to our service providers’ default retention windows (typically 30–90 days), unless needed longer to investigate a specific incident.
  • Support communications— retained as long as reasonably needed to operate support and document responses.

When information is no longer needed, we delete or anonymize it. If you ask us to delete information, we will honor the request subject to legal retention obligations and to information we need to keep to detect fraud, resolve disputes, or enforce our agreements.

7. Your privacy rights

7.1 Baseline rights

Depending on where you live and applicable law, you may have the following rights regarding your personal information:

  • Access— request a copy of the personal information we hold about you.
  • Correction— ask us to correct inaccurate or incomplete information.
  • Deletion— ask us to delete your information, subject to lawful exceptions.
  • Portability— receive a copy of certain information in a portable format.
  • Objection / restriction— object to or restrict certain processing.
  • Withdraw consent— withdraw consent where we rely on it.

To exercise any of these rights, contact hello@bookaclip.com. We may need to verify your identity before responding. We will respond within the timeframe required by applicable law.

If you are a Client whose information is held by a Provider, you should contact the Provider directly for requests about how they handle your information; we can help you identify the Provider if needed.

7.2 California residents (CCPA / CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”):

  • Right to know— what personal information we collect, the sources, the purposes, and the categories of third parties we share it with.
  • Right to access / portability— a copy of your personal information.
  • Right to correct— inaccurate personal information.
  • Right to delete— your personal information, subject to exceptions.
  • Right to opt out of sale/sharing— we do not “sell” personal information in the traditional sense and we do not “share” it for cross-context behavioral advertising. We honor GPC signals as an opt-out.
  • Right to limit use of sensitive personal information— to the extent we process such information beyond what is necessary to provide the service.
  • Right to non-discrimination— for exercising your privacy rights.

The categories of personal information we have collected in the last 12 months, the sources, the purposes, and the recipients map to the categories described in Sections 2, 3, and 4 of this Policy.

You may submit a request through hello@bookaclip.com. You may also authorize an agent to submit a request on your behalf; we will require proof of authorization.

7.3 Other U.S. states

Residents of other U.S. states with comprehensive privacy laws (such as Colorado, Connecticut, Virginia, Utah, Texas, Oregon, and others, as those laws come into effect) have similar rights to access, correct, delete, and (where applicable) opt out of targeted advertising, sale, and certain profiling. We honor these rights consistent with applicable state law. Contact hello@bookaclip.com to make a request.

8. How we secure information

We use commercially reasonable administrative, technical, and physical safeguards to protect personal information. These include:

  • TLS encryption in transit for traffic between your browser or device and the Platform;
  • Encryption at rest for our application database and managed storage, as offered by our infrastructure providers;
  • Hashed password storage through our authentication provider (we do not store plaintext passwords);
  • Role-based access controls and the principle of least privilege for internal access;
  • Logging, monitoring, and alerting on security-relevant events;
  • Use of Stripe’s PCI-compliant infrastructure for payment data, so card details do not pass through our servers; and
  • Contractual safeguards with our subprocessors.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security and you use the Platform at your own risk. If a security incident materially affects your personal information, we will notify you and the appropriate authorities to the extent required by law.

9. Children

The Platform is not directed to children under 18. We do not knowingly collect personal information from anyone under 13. If you are under 18, you may not register as a Provider, and you should not book Services on your own behalf — a parent or guardian must do so for you.

If you believe a child under 13 has provided us personal information, contact hello@bookaclip.com and we will take appropriate steps to delete it.

The Platform may contain links to third-party websites or services that we do not operate. We are not responsible for their privacy practices. We encourage you to read the privacy notices of any third-party site you visit.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top and, for material changes, provide additional notice (such as an email to Providers or an in-app notice). Your continued use of the Platform after the effective date of a revised Policy means you accept the revised Policy. If you do not agree, you should stop using the Platform.

We will keep prior versions of this Policy available on request.

12. Contact

For questions, requests, or complaints about this Privacy Policy or our handling of personal information, contact:

BookAClip
hello@bookaclip.com