Privacy Policy

1. Introduction

SeroBook Inc. ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our booking platform service ("Service").

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name, business information, phone number
• Profile Data: Business name, description, services, pricing, availability
• Customer Data: Information about your customers that you input into the system
• Payment Information: Billing address and payment method details (processed securely by Stripe)
• Communications: Messages, support requests, and feedback you send to us

2.2 Information We Collect Automatically

• Usage Data: How you interact with our Service, features used, time spent
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Access times, pages viewed, clicks, errors encountered
• Cookies: We use cookies and similar technologies (see Cookie Policy below)

2.3 Information from Third Parties

• Authentication Providers: If you sign up using Google or other OAuth providers
• Integration Partners: Data from services you connect (Stripe, Google Calendar, etc.)
• Analytics Services: Aggregated usage statistics from analytics providers

3. How We Use Your Information

We use your information to:

• Provide and operate the SeroBook service
• Process bookings, payments, and communications
• Send transactional notifications (booking confirmations, reminders)
• Provide customer support and respond to inquiries
• Improve our service through analytics and usage patterns
• Ensure security and prevent fraud or abuse
• Comply with legal obligations and enforce our terms
• Send marketing communications (with your consent)

4. How We Share Your Information

We do not sell your personal information. We may share your information in these situations:

4.1 With Your Consent

When you explicitly agree to share information with third parties.

4.2 Service Providers

We work with trusted third-party service providers who help us operate our business:

• Stripe: Payment processing (covered by their privacy policy)
• Supabase: Database and authentication services
• Email Providers: SendGrid, Mailgun, or similar for transactional emails
• Analytics: Google Analytics (anonymized data)
• Support: Customer service platforms

4.3 Business Transfers

If SeroBook is acquired or merged, your information may be transferred to the new entity.

4.4 Legal Requirements

We may disclose information when required by law or to protect our rights and safety.

5. Data Security

We implement industry-standard security measures:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access with multi-factor authentication
• Regular Audits: Security assessments and penetration testing
• Infrastructure: SOC 2 compliant hosting providers
• Monitoring: 24/7 security monitoring and incident response

6. Data Retention

We retain your information for as long as necessary to provide our service and comply with legal obligations:

• Account Data: Retained while your account is active
• Transaction Records: 7 years for accounting and tax purposes
• Support Communications: 3 years for quality assurance
• Marketing Data: Until you unsubscribe

7. Your Rights and Choices

7.1 Access and Portability

You can access and export your data through your account settings or by contacting us.

7.2 Correction and Updates

You can update your information through your account or contact us for assistance.

7.3 Deletion

You can delete your account and associated data. Some information may be retained for legal compliance.

7.4 Marketing Communications

You can opt out of marketing emails by clicking "unsubscribe" or updating your preferences.

7.5 Cookies

You can control cookies through your browser settings, though this may affect functionality.

8. International Data Transfers

Your data may be processed in the United States or other countries where we or our service providers operate. We ensure adequate protection through appropriate safeguards.

9. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will delete the information.

10. Cookie Policy

We use cookies and similar technologies for:

• Essential Cookies: Required for the Service to function (authentication, security)
• Analytics Cookies: To understand how you use our Service (Google Analytics)
• Functional Cookies: To remember your preferences and settings
• Marketing Cookies: To show relevant advertisements (with consent)

11. GDPR Rights (EU Residents)

If you're in the EU, you have additional rights under GDPR:

• Right to Access: Request information about your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Delete your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests

12. CCPA Rights (California Residents)

California residents have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of the sale of personal information (we don't sell your data)
• Right to non-discrimination for exercising your privacy rights

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The updated policy will be effective when posted.

14. Contact Us

For privacy-related questions or to exercise your rights, contact us: