Privacy Policy

How we collect, use, and protect your information

Last Updated: March 26, 2026

1. Introduction

BookedUp ("we," "our," or "us") is committed to protecting privacy across our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our AI receptionist service at https://bookedup.today.

BookedUp operates as a business-to-business (B2B) platform. We provide our services to Subscribers — businesses that use BookedUp to manage communications with their own customers ("End Customers"). In this relationship, BookedUp acts as a data processor on behalf of Subscribers, and Subscribers act as data controllers with respect to their End Customers' personal data.

This policy covers both (a) personal data we collect from Subscribers and their authorized users and (b) End Customer data that Subscribers input into or generate through the BookedUp platform.

2. Definitions

  • Subscriber: A business entity or individual that has registered for and uses BookedUp to serve their own customers.
  • Subscriber Data: Account information, configuration settings, and other data provided by or associated with a Subscriber's account.
  • End Customer Data: Names, phone numbers, appointment details, and other information belonging to a Subscriber's clients that is processed through the BookedUp platform on the Subscriber's behalf.
  • Service Data: Usage logs, performance metrics, and other data generated by operation of the platform.

3. Information We Collect

3.1 Subscriber Account Information

When a business registers for BookedUp, we collect:

  • Business name, industry type, and business address
  • Authorized user name(s), email address(es), and phone number(s)
  • Payment and billing information (processed via Stripe; we do not store card numbers)
  • Account configuration, messaging preferences, and business hours

3.2 End Customer Data (Processed on Behalf of Subscribers)

BookedUp processes the following categories of End Customer data strictly on behalf of and at the direction of Subscribers:

  • Phone numbers and names (provided when a call is missed or when the Subscriber imports contacts)
  • Appointment details, service preferences, and scheduling history
  • Inbound and outbound SMS message content
  • Opt-in/opt-out status for SMS communications

BookedUp does not own, sell, or independently use End Customer Data. End Customer Data belongs to the Subscriber. We process it only to deliver the services the Subscriber has requested. For more detail on how we process End Customer Data on behalf of Subscribers, see our Data Processing Agreement (DPA).

3.3 Automatically Collected Service Data

When you use the platform, we automatically collect:

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, features used, session duration)
  • Cookies and similar tracking technologies (see Section 11)

4. How We Use Your Information

4.1 Subscriber Data Uses

We use Subscriber Data to:

  • Provision and operate the BookedUp platform for the Subscriber
  • Process subscription payments and manage billing
  • Send service-related notifications, product updates, and support communications
  • Analyze platform-level usage patterns to improve performance and features
  • Comply with legal and regulatory obligations

4.2 End Customer Data Uses

We use End Customer Data solely to:

  • Send automated SMS responses on the Subscriber's behalf when a call is missed
  • Process and confirm appointment bookings
  • Send appointment reminders and follow-up messages as configured by the Subscriber
  • Provide the Subscriber with communication logs and analytics within their dashboard

We do not use End Customer Data for our own marketing, advertising, or any purpose outside of service delivery for the Subscriber.

5. No Sale or Sharing of Data

BookedUp does not sell, rent, or share Subscriber Data or End Customer Data with third parties for their own marketing or commercial purposes. We will never monetize your data or your clients' data by selling it to advertisers, data brokers, or any other third party.

Mobile phone numbers and customer contact information are never shared with any third party beyond what is strictly necessary to deliver the SMS services the Subscriber has authorized (e.g., routing messages through Twilio's carrier infrastructure on the Subscriber's behalf).

6. Third-Party Sub-Processors

BookedUp engages the following sub-processors to help deliver the service. Each is subject to contractual data protection obligations:

  • Twilio: SMS carrier routing and delivery infrastructure
  • Stripe: Payment processing and subscription billing
  • OpenAI: AI model inference for generating personalized text messages
  • Meta (Meta Pixel): Website analytics and advertising attribution (see Section 11)
  • Neon / PostgreSQL: Secure database hosting for Subscriber and End Customer Data
  • Render: Application hosting and deployment infrastructure

A full and current list of sub-processors is available in our Data Processing Agreement.

7. SMS Communications & TCPA Compliance

BookedUp sends SMS messages on behalf of Subscribers. In this arrangement:

  • Subscriber responsibility: The Subscriber is the sender of record and is responsible for obtaining proper prior express consent from End Customers before enabling SMS communications through BookedUp, in compliance with the Telephone Consumer Protection Act (TCPA) and applicable state telemarketing laws.
  • Opt-out handling: BookedUp automatically processes STOP replies and removes End Customer numbers from active message queues. Subscribers may not override opt-outs.
  • Message content: SMS messages are generated by AI on behalf of the Subscriber's business. Subscribers are responsible for reviewing message templates and ensuring content accuracy.
  • No marketing to End Customers by BookedUp: BookedUp does not send its own marketing messages to End Customers. All messages are sent on the Subscriber's behalf and pertain to the Subscriber's business.

8. Data Retention

8.1 Subscriber Data

We retain Subscriber Data for the duration of the active subscription and for up to 90 days after account cancellation to allow for account recovery. After this period, Subscriber Data is deleted from active systems. Anonymized or aggregated data may be retained for analytical purposes.

8.2 End Customer Data

End Customer Data (call logs, SMS messages, appointment records) is retained on behalf of the Subscriber for the life of the Subscriber's account plus 90 days. Subscribers may request deletion of End Customer Data at any time by contacting privacy@bookedup.app. We will process such requests within 30 days.

8.3 Backup and Archival

Data may persist in encrypted backups for up to 30 additional days after deletion from active systems, after which it is permanently purged.

9. Data Security

We implement industry-standard security measures to protect both Subscriber and End Customer Data, including:

  • Encrypted data transmission (TLS 1.2+)
  • Encrypted database storage (AES-256)
  • Password hashing (bcrypt) and token-based authentication
  • Role-based access controls limiting internal staff access
  • Regular security reviews and dependency audits

In the event of a data breach affecting Subscriber or End Customer Data, we will notify affected Subscribers within 72 hours of discovery, consistent with GDPR Article 33 and applicable state breach notification laws.

10. Your Rights

10.1 Subscriber Rights

Subscribers may at any time:

  • Access and export their Subscriber Data from the dashboard
  • Correct inaccurate account information
  • Request deletion of their account and associated data
  • Opt out of non-essential communications

10.2 End Customer Rights (Exercised Through Subscribers)

Because BookedUp processes End Customer Data as a processor on behalf of Subscribers, End Customers must direct privacy requests (access, deletion, correction) to the Subscriber's business. If an End Customer contacts BookedUp directly, we will forward the request to the relevant Subscriber.

To exercise any rights, contact us at privacy@bookedup.app.

11. State-Specific Privacy Rights (CCPA/CPRA and Others)

Depending on your state of residence (California, Colorado, Connecticut, Virginia, Utah, and others), you may have specific rights regarding your personal information. BookedUp grants all users, regardless of state, the right to:

  • Know what personal data we collect and how it is used.
  • Request Deletion of your personal data from our active systems.
  • Opt-Out of the "sale" or "sharing" of personal data. (Note: BookedUp does not sell or share personal data for advertising purposes.)
  • Correct inaccurate personal information.
  • Data Portability — receive a copy of your data in a structured format.

To exercise these rights, submit a request to privacy@bookedup.app. We will verify and respond within the timeframe required by your applicable state law (typically 45 days).

12. Cookies and Tracking Technologies

12.1 Cookie Types

We use the following categories of cookies:

  • Essential Cookies: Required for core platform functionality (authentication, session management). Cannot be disabled.
  • Analytics Cookies: Used to understand how visitors interact with our marketing website (page views, referrers, session duration). These are opt-in via our cookie consent banner.
  • Advertising/Attribution Cookies (Meta Pixel): We use the Meta Pixel on our marketing website to measure the effectiveness of advertising campaigns and attribute conversions. The Meta Pixel only fires after you provide explicit consent via our cookie consent banner. If you decline, the Pixel is blocked and no advertising data is sent to Meta.

12.2 Your Cookie Choices

On your first visit to our marketing site, you will be presented with a cookie consent banner. You may:

  • Accept All: Enable analytics and advertising cookies in addition to essential cookies.
  • Decline: Use only essential cookies. Analytics and Meta Pixel tracking will not activate.

Your preference is stored in your browser's localStorage and respected on all future visits. You may change your preference at any time by clearing your browser's site data or contacting us.

Note: Cookies on the authenticated dashboard (app.bookedup.today) are limited to session-essential cookies only. The Meta Pixel does not fire within the authenticated dashboard.

13. Children's Privacy

BookedUp provides business-to-business services. Our platform is not directed at children under the age of 13. We do not knowingly collect, solicit, or maintain personal information from anyone under the age of 13. If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take immediate steps to delete that information.

14. International Data Transfers

BookedUp is operated from the United States. If you or your End Customers are located outside the United States, data will be transferred to and processed in the United States. For Subscribers subject to GDPR (e.g., EU-based businesses), we offer a Data Processing Agreement that includes appropriate safeguards for international data transfers. See our DPA page.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify Subscribers of material changes by email and by updating the "Last Updated" date at the top of this page. Continued use of BookedUp after changes constitutes acceptance of the revised policy.

16. Governing Law

This Privacy Policy is governed by the laws of the State of Indiana, United States, without regard to conflict of law principles. Any disputes shall be resolved in the courts located in Indiana.

17. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

  • Privacy Requests: privacy@bookedup.app
  • General Support: support@bookedup.com
  • Website: https://bookedup.today
  • Address: 621 E Columbia St, Evansville, IN 47711

For data processing inquiries from enterprise Subscribers, please also review our Data Processing Agreement.