Privacy Policy
Last updated: May 19, 2026
1. Introduction
TopBook ("we", "us", "our") provides a booking and appointment management platform for service businesses. This Privacy Policy explains what information we collect, how we use it, and what rights you have over your data. By using TopBook you agree to this policy.
2. Who is the data controller
For business owners (our customers), TopBook is the data controller of the personal information we collect about you. For end-customers who book appointments through a TopBook-powered booking page, the business owner is the data controller and TopBook acts as a data processor on their behalf.
3. Information we collect
From business owners and staff: name, email, phone, password (hashed), organization details, work schedule, and payment account details (handled by Stripe). From end-customers booking appointments: name, phone number, email (optional), date of birth (optional), appointment notes, and verification codes sent via WhatsApp. We also collect technical data such as IP address, browser type, and usage logs for security and debugging.
4. How we use your information
To provide and maintain the service (create accounts, schedule appointments, send confirmations and reminders), to process payments via Stripe, to send transactional messages via WhatsApp (appointment confirmations, reminders, cancellations), to enforce our Terms, and to comply with legal obligations. We do not sell your personal information.
5. WhatsApp messaging
When you provide your phone number to book an appointment, you agree to receive transactional WhatsApp messages from the business — appointment confirmations, reminders, and cancellation notices. Messages are sent through Twilio acting as our messaging provider. You may opt out at any time by replying STOP to any message. Standard messaging rates from your carrier may apply.
6. Service providers
We share necessary data with: Supabase (database hosting, US), Vercel (application hosting, US), Stripe (payment processing), Twilio (WhatsApp messaging), Resend (transactional email). Each provider is bound by its own data protection terms. We do not share your data with advertisers or data brokers.
7. Your rights
Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data, to object to processing, or to withdraw consent. To exercise these rights, contact us at support@topbook.app. We will respond within 30 days. EU users may also lodge a complaint with their local data protection authority.
8. Data retention
We retain account data while your account is active. After deletion, identifiable data is removed within 90 days, except where retention is required by law (e.g., tax records). End-customer appointment data is controlled by the business owner who collected it; contact them directly for deletion of customer records.
9. Security
We use industry-standard safeguards: TLS encryption in transit, encrypted database storage, hashed passwords (bcrypt), session tokens with short expiration, and role-based access controls. No system is 100% secure; in the event of a data breach affecting you, we will notify you within 72 hours where required by law.
10. No protected health information
TopBook is not a HIPAA-compliant platform. You agree not to enter protected health information (diagnoses, treatment notes, medical records) into appointment notes or any other field. The service is for scheduling and communication only. If you are a healthcare provider, you remain responsible for storing clinical records in a HIPAA-compliant system.
11. Children
TopBook is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has provided us with personal information, contact us and we will delete it.
12. International transfers
Our servers are hosted in the United States. If you access the service from outside the US, your information will be transferred to and processed in the US. Where required, we rely on standard contractual clauses for international transfers.
13. Changes to this policy
We may update this Privacy Policy. Material changes will be notified by email or in-app banner at least 30 days before they take effect. The "Last updated" date at the top reflects the current version.
14. Contact
For questions or to exercise your rights, contact us at support@topbook.app.