Data and Compliance

1. Overview

Booqself is built to help businesses manage appointments, customers, services, resources, booking pages, and notifications in a structured and secure way.

This page explains our approach to data protection and compliance. It is not a certification statement and does not replace a legal agreement.

2. Data We Process

Booqself may process:

• Business account data
• Business settings
• Team member information
• Customer contact information
• Appointment information
• Service and service option data
• Resource and staff information
• Public booking page content
• Notification and integration data
• Operational and security logs

3. Data Ownership

Businesses remain responsible for the customer and appointment data they collect through Booqself.

Booqself provides the software infrastructure used to store, organize, and process that data.

4. Access Controls

Booqself supports role-based access patterns so businesses can control what owners, admins, and team members can access.

Users should only be granted access needed for their business role.

5. Multi-Tenant Data Separation

Booqself is designed as a multi-tenant system where each organization manages its own data.

Application logic and database access rules should prevent users from accessing information belonging to another organization.

6. Security Measures

Booqself uses reasonable technical and organizational safeguards, which may include:

• Authentication
• Authorization checks
• Organization-based data access
• Secure database access patterns
• Server-side validation
• Audit-friendly timestamps
• Secure file storage patterns
• Infrastructure monitoring
• Principle of least privilege

7. Data Retention

Data is retained as needed to provide the platform, support business operations, comply with legal obligations, resolve disputes, and maintain security.

Businesses may delete or modify certain information from the dashboard, subject to platform limitations and legal requirements.

8. Backups and Recovery

Booqself may rely on infrastructure providers for database, storage, backup, and recovery capabilities.

Backup retention and recovery processes may vary based on the provider and platform configuration.

9. Third-Party Service Providers

Booqself may use third-party providers for:

• Hosting
• Database infrastructure
• File storage
• Email delivery
• Authentication
• Analytics
• Error monitoring
• Automation
• Messaging integrations
• Voice or AI-powered integrations when enabled

These providers process information only as needed to deliver platform functionality.

10. Compliance Responsibilities

Booqself helps businesses manage appointment data, but each business is responsible for understanding and meeting its own legal and industry obligations.

Businesses should evaluate whether their use of Booqself is appropriate for their industry, region, and data requirements.

11. Regulated Data

Unless a separate written agreement says otherwise, Booqself should not be used to store highly sensitive regulated data that requires specific compliance programs.

Examples may include certain medical records, financial account data, government identifiers, or other highly sensitive information.

12. Current Compliance Position

Booqself does not currently claim SOC 2, ISO 27001, HIPAA, PCI DSS, or similar formal certification unless explicitly stated in a signed agreement or official compliance report.

13. Incident Response

If Booqself becomes aware of a security incident affecting user data, we will take reasonable steps to investigate, mitigate, and notify affected parties when required.

14. Contact

For data or compliance questions, contact:

Booqself
Email: hello@booqself.com