Privacy Policy

1. Introduction

TeddyLabs LLC ("we," "our," or "us"), operating as OnBook, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our appointment scheduling platform ("Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

We collect information you directly provide when using our Service:

• Account Information: Name, email address, phone number, password, and business name
• Profile Information: Professional details, business address, and profile photo
• Client Data: Information about your clients that you enter into the system
• Appointment Data: Scheduling information, service details, and notes
• Payment Information: Billing details processed through our payment provider (Stripe)
• Communications: Messages, support requests, and feedback you send us

2.2 Information Collected Automatically

When you access the Service, we automatically collect:

• Device Information: Browser type, operating system, device identifiers
• Log Data: IP address, access times, pages viewed, and referring URLs
• Usage Data: Features used, actions taken, and interaction patterns
• Cookies: Session identifiers and preferences (see Section 7)

2.3 Information from Third Parties

When you connect third-party services (e.g., Google Calendar), we may receive information from those services according to their privacy policies and your settings.

3. How We Use Your Information

We use the collected information for the following purposes:

• Provide the Service: Manage appointments, send reminders, and process payments
• Account Management: Create and maintain your account, authenticate access
• Communications: Send transactional emails, support responses, and service updates
• Improvements: Analyze usage patterns to enhance features and user experience
• Security: Detect and prevent fraud, abuse, and security incidents
• Legal Compliance: Comply with applicable laws and legal obligations
• Marketing: Send promotional communications (with your consent, where required)

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: Third parties that help us operate the Service (hosting, email delivery, payment processing, analytics)
• Third-Party Integrations: Services you choose to connect (Google Calendar, etc.)
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize sharing

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure cloud infrastructure with regular security audits
• Access controls and authentication requirements
• Regular security assessments and updates
• Employee training on data protection practices

While we strive to protect your information, no method of transmission over the Internet is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. After account deletion, we may retain certain information:

• As required by law (e.g., tax records, legal disputes)
• To enforce our agreements and protect our rights
• In aggregated, anonymized form for analytics

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Required for the Service to function (authentication, security)
• Analytics Cookies: Help us understand how users interact with the Service
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling certain cookies may affect Service functionality.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal information
• Export: Receive your data in a portable format
• Opt-out: Unsubscribe from marketing communications
• Restriction: Limit how we use your information

To exercise these rights, contact us at privacy@onbook.io. We will respond within 30 days.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses and compliance with applicable data protection laws.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly.

11. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected and how it's used
• Right to delete personal information (with exceptions)
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising privacy rights

12. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including:

• Right to access, rectification, and erasure
• Right to data portability
• Right to restrict processing
• Right to object to processing
• Right to lodge a complaint with a supervisory authority

13. Google API Services User Data Policy

OnBook's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

13.1 How We Use Google User Data

When you connect your Google account to OnBook, we may access the following data:

• Basic Profile Information: Your name, email address, and profile picture for account creation and identification
• Google Calendar Data: Your calendar events to synchronize appointments between OnBook and Google Calendar (only if you explicitly enable this integration)

13.2 Limited Use Disclosure

OnBook's use of information received from Google APIs will adhere to the following restrictions:

• We will only use access to read, write, modify, or control Google Calendar data to provide the calendar synchronization features you have explicitly requested
• We will not transfer Google user data to third parties unless necessary to provide the Service, comply with applicable laws, or as part of a merger/acquisition with notice to users
• We will not use Google user data for serving advertisements
• We will not allow humans to read Google user data unless: (a) we have your explicit consent, (b) it is necessary for security purposes, (c) it is necessary to comply with applicable law, or (d) our use is limited to internal operations and the data has been aggregated and anonymized

13.3 Data Deletion

You can revoke OnBook's access to your Google data at any time by:

• Disconnecting the Google integration in your OnBook account settings
• Visiting Google Account Permissions to remove OnBook's access
• Contacting us at privacy@onbook.io to request deletion of your Google-related data

14. SMS/Text Messaging

OnBook uses SMS (Short Message Service) text messaging to send appointment-related notifications to end users who provide their phone number during the booking process. This section describes how we collect, use, and protect phone numbers in connection with our SMS messaging service.

14.1 What Information We Collect

When you book an appointment through OnBook, you may voluntarily provide your mobile phone number. We collect and store this number solely for the purpose of sending you appointment-related text messages.

14.2 How We Use Your Phone Number

Your phone number is used exclusively to send you transactional SMS messages related to your appointments, including:

• Appointment confirmation messages
• Appointment reminder messages (typically sent 24 hours and 2 hours before your scheduled appointment)
• Appointment cancellation or rescheduling notifications

We do not use your phone number for marketing, promotional messages, or any purpose unrelated to your booked appointments. We do not sell, rent, or share your phone number with third parties for their marketing purposes.

14.3 Message Frequency

Message frequency varies based on your appointment activity. You will typically receive 1-3 text messages per appointment (confirmation, reminders). No more than 5 messages per month per appointment relationship.

14.4 Opt-Out / Unsubscribe

You can opt out of receiving SMS messages at any time by replying STOP to any message you receive from us. After opting out, you will receive a final confirmation message and will no longer receive text messages from OnBook. You may also text HELP for assistance or contact us at support@onbook.io.

14.5 Costs and Carrier Charges

Message and data rates may apply depending on your mobile carrier plan. OnBook does not charge for sending text messages, but your carrier may apply standard messaging fees.

14.6 Data Protection

Phone numbers are stored securely and encrypted. Our SMS messages are delivered through Twilio, a trusted third-party communications platform. Twilio's privacy practices are governed by their own privacy policy. No mobile information is shared with third parties or affiliates for marketing or promotional purposes.

14.7 Consent

By providing your phone number during the appointment booking process, you expressly consent to receive transactional SMS messages related to your appointments from OnBook. Consent is not a condition of purchasing any goods or services. You may book appointments without providing a phone number or opt out of SMS at any time.

15. Third-Party Services

Our Service integrates with third-party services. Their privacy practices are governed by their own policies:

• Stripe: Payment processing - stripe.com/privacy
• Google: Authentication and Calendar integration - policies.google.com/privacy
• Twilio: SMS notifications - twilio.com/legal/privacy
• Resend: Email delivery - resend.com/legal/privacy-policy

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service or by email. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

17. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: