Privacy Policy

Last updated: June 2, 2026

1. Introduction

Seed Logic, LLC ("we," "our," or "us") operates BookerKit, a booking widget optimization platform for businesses using Zenoti. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using BookerKit, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access the service.

2. Information We Collect

2.1 Information You Provide

Account Information: When you create an account, we collect your name, email address, and password.
Business Information: We collect information about your business, including your Zenoti Center ID and API credentials.
Payment Information: We use Stripe to process payments. Your payment card details are collected and processed directly by Stripe and are not stored on our servers.
Communications: When you contact us, we collect information you provide in your messages.

2.2 Information Collected Automatically

Device Information: Device type, operating system, browser type and version, screen resolution, and viewport size.
Usage Data: Pages visited, features used, actions taken, and time spent on the service.
Analytics Data: We collect UTM parameters, referrer information, and advertising click identifiers (such as Google Ads gclid, Facebook fbclid) for attribution purposes.
Log Data: IP address, access times, and error logs.

2.3 Information About Your End Users (Guests)

When end users (guests) interact with your booking widget, we collect:

Guest name, email address, and phone number
Booking details (service, date, time, provider)
Session information for analytics (device, browser, referrer, UTM parameters)

This data is collected on your behalf as a data processor, and you remain the data controller for your guest data.

3. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain our service
Process transactions and send related information
Send you technical notices, updates, and support messages
Respond to your comments, questions, and customer service requests
Monitor and analyze usage patterns and trends to improve our service
Detect, prevent, and address technical issues and security threats
Provide analytics and reporting features to help you understand booking performance
Comply with legal obligations

4. Information sharing

We do not sell, rent, trade, or share your personal information or your guests' personal information with third parties for marketing, advertising, analytics, or any purpose beyond delivering the BookerKit service to you.

4.1 Service providers (limited to service delivery)

We share data with a limited set of third-party service providers strictly as necessary to operate BookerKit. These providers process data on our behalf under contractual obligations and may not use it for any other purpose:

Supabase (database hosting and authentication)
Stripe (payment processing — your card details are handled directly by Stripe and never stored on our servers)
Twilio (SMS verification during the booking process)
Resend (transactional email delivery — booking notifications and account communications only)
Vercel (application hosting and delivery)
Cloudflare (security and bot protection)

We do not share data with advertising networks, data brokers, social media platforms, or analytics providers beyond what is strictly necessary for service operation.

4.2 Zenoti integration

We transmit booking data to Zenoti solely as required to process bookings through your Zenoti account. This data transmission is initiated by your configuration and is necessary for the core booking functionality.

4.3 Webhooks (your configured endpoints)

If you configure webhooks, we send booking event data to endpoints you specify. You are responsible for ensuring your webhook endpoints maintain appropriate data handling standards. We do not control or monitor the data practices of your webhook receivers.

4.4 Legal requirements

We may disclose information if required by law, regulation, subpoena, or legal process.

4.5 Business transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

4.6 No data sharing with AI or machine learning providers

We do not share your data or your guests' data with artificial intelligence providers, machine learning services, or large language model providers for training, analysis, or any other purpose.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. After account deletion, we retain data for up to one (1) year to comply with legal obligations, resolve disputes, and enforce our agreements.

Guest booking data is retained according to your account settings and applicable data retention requirements.

6. Data Security

We implement appropriate technical and organizational security measures to protect your information, including:

Encryption of data in transit using TLS/SSL
Encryption of sensitive data at rest
Row-level security for database access control
Multi-factor authentication (MFA) support
Regular security audits and monitoring

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights and Choices

7.1 Account Information

You may update, correct, or delete your account information at any time by logging into your dashboard or contacting us.

7.2 Email Communications

You may opt out of promotional emails by following the unsubscribe instructions in those emails. You cannot opt out of transactional emails related to your account or service.

7.3 Cookies and Tracking

We use cookies and similar technologies to operate our service and provide analytics features. These include:

Essential Cookies: Required for the service to function, including authentication and session management.
Analytics Cookies: Used to understand how users interact with our service, track booking attribution, and improve our platform.

You can control cookies through your browser settings, but disabling cookies may affect functionality.

8. European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, this section applies to you.

8.1 Legal Basis for Processing

We process your personal data based on the following legal bases:

Contract Performance: Processing necessary to provide our services to you, including account management, booking processing, and customer support.
Legitimate Interests: We rely on legitimate interests for analytics, service improvement, security, and fraud prevention. Specifically:
- Session analytics (device, browser, referrer data) to understand service usage and improve our platform
- Attribution tracking (UTM parameters, click IDs) to help our business customers understand their booking sources
- Security monitoring and fraud detection to protect the service
Legal Obligations: Processing required to comply with applicable laws.

We have assessed that our legitimate interests do not override your rights and freedoms, given the business-to-business nature of our service and the limited scope of data collected.

8.2 Your Rights

Under the GDPR, you have the following rights:

Right to Access: Request a copy of your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your personal data
Right to Restriction: Request restriction of processing
Right to Portability: Request your data in a portable format
Right to Object: Object to processing based on legitimate interests (we will cease processing unless we have compelling grounds)

8.3 International Data Transfers

Your data is transferred to and processed in the United States. We use appropriate safeguards to protect data transferred outside the EEA, including Standard Contractual Clauses where applicable.

To exercise your rights, contact us at support@bookerkit.com.

9. California Users (CCPA Rights)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request information about the categories and specific pieces of personal information we have collected
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal information)
Right to Non-Discrimination: We will not discriminate against you for exercising your rights

Categories of Information Collected: Identifiers, commercial information, internet activity, geolocation data, and professional information.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We have never sold or shared personal information and have no plans to do so.

To exercise your CCPA rights, contact us at support@bookerkit.com.

10. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes, we will provide notice via email or through our service.

Your continued use of the service after any changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

Seed Logic, LLC
Email: support@bookerkit.com

If you are in the EEA or UK and believe we have not adequately addressed your concerns, you may contact your local data protection authority.