Privacy Policy

Effective date: March 14, 2026

1. Overview

BookForm (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains what information we collect, why we collect it, how we use it, and the choices you have. It applies to all users of bookform.app and any related mobile applications.

2. Information We Collect

2a. Information you provide directly

  • Account info: Name, email address, and profile picture obtained via Google Sign-In.
  • Event type settings: Names, durations, descriptions, availability windows, and intake form questions you create.
  • Booking data: Appointments, answers to your intake forms, notes, and cancellation reasons.
  • Billing info: Subscription status. Payment details (card numbers) are processed directly by Stripe and never stored by BookForm.
  • Support communications: Emails or messages you send us.

2b. Information collected automatically

  • Usage data: Pages visited, features used, session duration, and click events (via PostHog analytics).
  • Device info: Browser type, operating system, IP address, and approximate location (country/city).
  • Cookies: Session cookies for authentication and analytics. See Section 8 for details.

2c. Information from third parties

  • Google: When you connect Google Calendar, we receive an OAuth token to read/write calendar events on your behalf. We do not read emails or other Google data.
  • Bookers (your clients): When someone books through your link, we collect their name, email, timezone, selected time, and any intake form answers. This data is associated with your account.

3. How We Use Your Information

  • Provide, operate, and improve the Service.
  • Create and manage calendar events, Google Meet links, and booking confirmations.
  • Send transactional emails (booking confirmations, reminders, cancellations, invoices).
  • Process payments and manage subscriptions.
  • Analyze usage patterns to improve features and fix bugs.
  • Respond to support requests.
  • Comply with legal obligations.
  • Prevent fraud and abuse.

We do not use your data for advertising or sell it to data brokers.

4. How We Share Your Information

We share your data only in the following circumstances:

  • Service providers: We use trusted sub-processors to run the Service — Google (Firebase, Calendar, Meet), Stripe (payments), Resend (email delivery), and PostHog (analytics). Each is bound by data processing agreements.
  • Your clients: Booking confirmations and notifications are sent to the email addresses your clients provide when booking.
  • Legal requirements: We may disclose data if required by law, court order, or to protect the rights and safety of BookForm or others.
  • Business transfers: If BookForm is acquired or merged, your data may be transferred. We will notify you before any such transfer and give you the option to delete your account.

5. Data Retention

We retain your account data as long as your account is active. Booking records are retained for 24 months after the booking date to support disputes and audits. You may request deletion of your account and associated data at any time via Settings or by emailing privacy@bookform.app. Derived analytics (aggregated, non-identifiable) may be retained indefinitely.

6. Data Security

We implement industry-standard security measures including TLS encryption in transit, encrypted storage at rest (via Google Cloud / Firebase), and access controls limited to authorized personnel. OAuth tokens are encrypted before storage. However, no system is 100% secure — we cannot guarantee absolute security.

7. Your Rights & Choices

Depending on your location, you may have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate data.
  • Deletion: Request deletion of your account and personal data.
  • Portability: Export your booking data as CSV from the dashboard.
  • Objection / Restriction: Object to or restrict certain processing activities.
  • Withdraw consent: Revoke Google Calendar access at any time from your Google Account settings.

To exercise any right, email privacy@bookform.app. We respond to all requests within 30 days.

8. Cookies

BookForm uses the following cookies:

CookiePurposeDuration
__sessionFirebase authentication sessionSession
ph_*PostHog product analytics (pseudonymous)1 year

You can disable cookies in your browser settings, though this may affect Service functionality.

9. International Transfers

BookForm is operated from the United States. If you are located in the EU, UK, or elsewhere, your data may be transferred to and processed in the US. We rely on Standard Contractual Clauses and adequacy decisions where required by applicable law to legitimize such transfers.

10. Children's Privacy

BookForm is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with their data, please contact us and we will delete it promptly.

11. Third-Party Links

The Service may contain links to third-party websites (e.g., Stripe, Google). We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you by email and post a notice in the app at least 14 days before material changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

13. Contact Us

For privacy-related questions, data requests, or to report a concern, contact:

BookForm Privacy
privacy@bookform.app