Privacy Policy
Effective date: July 9, 2026
1. Who we are and what this policy covers
Bookster (bkstr.io) is a scheduling and booking platform for service businesses. This policy explains what personal information Bookster collects, how we use it, and the choices you have.
Bookster is a U.S.-based company. Any questions about this policy or your information — you can reach us anytime at support@bkstr.io.
Two ways we handle data — this matters:
- If you run a business that subscribes to Bookster ("a business"), we collect and control your account information directly. This policy fully applies to you.
- If you book a service with a business that uses Bookster (you're their customer), that business — not Bookster — decides how your information is used. We process it on their behalf to power their booking, scheduling, and communications. Their privacy practices govern; this policy describes only what Bookster itself does with data on our systems. Privacy requests about your data should go to the business you booked with (see Section 9).
2. Information we collect
| Category | Examples | Where it comes from |
|---|---|---|
| Account & identity | Name, email, phone number, business name | Businesses that sign up |
| Billing | None today — Bookster does not process payments. If subscription billing is introduced, we'll use a payment processor and will never store your card number. | Businesses that sign up |
| Booking data (processed on behalf of businesses) | Customer name, email, phone, service address, vehicle details, appointment details, notes, booking history | The business's customers, entered in the booking flow or imported at the business's direction |
| AI assistant conversations | Chat transcripts with the Bookster booking assistant | The booking flow |
| Usage & technical | IP address, device and browser information, log data, cookies | Collected automatically |
3. How we collect it
Directly from you (signup, booking, chatting with the assistant), automatically (logs, cookies), and from the business you interact with (for example, when a business imports its existing customer records into Bookster at its direction).
4. How we use information
- Provide and operate the service: scheduling, bookings, reminders, account management
- Power the AI booking assistant, which reads booking conversations to schedule appointments (AI inference runs on Anthropic's Claude models via AWS Bedrock), including automated quality monitoring of those conversations
- Geocode service addresses so businesses can plan routes and service areas
- Send transactional messages such as booking confirmations and reminders
- Secure, monitor, debug, and improve the service
- Comply with legal obligations
We use booking data processed on behalf of businesses only to provide the service to that business — never for our own advertising or unrelated purposes.
5. How we share information
We do not sell personal information, and we do not share it for cross-context behavioral advertising.
We share information only with:
- Service providers (subprocessors) who help us run Bookster — hosting, email delivery, address geocoding, AI inference and quality monitoring, error and infrastructure monitoring, and authentication. The current list is published at Subprocessors.
- Legal and safety — if required by law, legal process, or to protect rights and safety.
- Business transfers — if Bookster is involved in a merger, acquisition, or sale of assets, with notice to you.
6. Cookies and tracking
Bookster uses only cookies necessary for the service to work — signing you in and keeping your session secure. We do not run analytics, advertising, or tracking cookies on our website or booking experience.
Two of our pages are hosted by third-party providers: our documentation site (docs.bkstr.io) is hosted by Mintlify, which collects basic usage analytics — like page views and search queries — to operate the docs, and our status page (status.bkstr.io) is hosted by Better Stack. Data collected on those pages is governed by those providers' privacy policies.
We honor Global Privacy Control (GPC) and similar opt-out preference signals as required by California law.
7. Data retention
How long we keep information depends on what it is:
- AI chat transcripts — the message content of conversations with the booking assistant is automatically deleted within 60 days of the conversation. (Booking details captured from a conversation — like your name, contact info, and appointment — are saved to the business's booking records before that happens.)
- Booking records and customer information — names, contact details, service addresses, vehicle details, and booking history are kept for as long as the business you booked with maintains its Bookster account, so it can manage its customer relationships. Businesses can request deletion of individual customer records at any time (see Section 9).
- Account information — kept while a business's account is active, and as needed afterward for legal and security purposes.
- Logs and diagnostic data — kept on short rolling windows and not retained long-term. Residual copies may persist in encrypted backups until those backups rotate out.
8. Security
We use industry-standard measures including encryption in transit, access controls, and per-business (tenant) data isolation. Bookster does not process or store payment card information. No system is perfectly secure, but we design for it.
9. Your privacy rights
Depending on your state, you may have the right to access, delete, correct, and port your personal information, to opt out of sale/sharing (we do neither), and to not be discriminated against for exercising these rights.
How to exercise your rights:
- If you're a business using Bookster (or a visitor to bkstr.io): email support@bkstr.io with your request. We will verify your identity and respond within 45 days (extendable once by 45 days where the law allows, with notice).
- If you're a customer of a business that uses Bookster: contact that business directly — under privacy law, they are responsible for responding to your request, and we assist them in fulfilling it. If you contact us instead, we will let you know and forward your request to the business.
You may use an authorized agent where the law permits; we may ask for proof of authorization.
10. Sensitive information and "Do Not Sell or Share"
We do not sell or share personal information as those terms are defined by the California Consumer Privacy Act. We do not use sensitive personal information for purposes beyond providing the service. Because we don't sell or share, no "Do Not Sell or Share My Personal Information" opt-out is required — but we honor GPC signals regardless (Section 6).
11. Children
Bookster is a business tool and is not directed to children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us information, contact support@bkstr.io and we will delete it.
12. Where data is processed
Bookster is operated from the United States and intended for U.S. users. Information is stored and processed in the U.S. We do not knowingly offer the service to users in the European Union or United Kingdom.
13. Data breaches
If a breach affects your personal information, we will notify affected users and regulators as required by applicable law, including California's notification requirements.
14. Changes to this policy
We may update this policy as the service evolves. We'll post the new version here with an updated effective date, and for material changes we'll provide additional notice (such as email to account holders).