Privacy Policy

1. Introduction

BookedSmarter ("BookedSmarter," "we," "us," or "our") provides an AI-powered receptionist software-as-a-service platform that answers calls, books appointments, and sends SMS and email notifications on behalf of small businesses ("Customers"). This Privacy Policy explains how we collect, use, share, and protect personal information through our website at bookedsmarter.com, our customer portal, and the services we operate (collectively, the "Service").

BookedSmarter is owned and operated by Crystal Vision Holdings, LLC (contact: [add email here]). This policy applies to information we collect from Customers, from individuals who call or message Customers' phone numbers handled by the Service ("End Users"), and from visitors to our website.

2. Information We Collect

2.1 Information Customers provide

• Account data: name, business name, email, phone number, password (hashed), business address, billing details.
• Configuration data: business hours, services, pricing, FAQs, AI script preferences, calendar credentials.
• Payment data: processed by Stripe; we do not store full payment card numbers.

2.2 Information about End Users (collected on behalf of Customers)

• Call data: caller phone number, call duration, call recordings, AI-generated transcripts, AI-generated summaries.
• Booking data: name, phone, email, requested service, appointment time, notes provided to the AI.
• SMS data: phone number, message content, opt-in / opt-out status, timestamps.

2.3 Information collected automatically

• Usage data: pages viewed, browser, device type, IP address, referrer, timestamps.
• Cookies and similar technologies: session cookies, authentication cookies, and minimal analytics. We do not run third-party advertising trackers.

3. How We Use Information

We use personal information to:

• Operate the Service: answer calls, transcribe calls, book appointments, send confirmations and reminders.
• Authenticate accounts, process payments, and provide customer support.
• Improve the Service, including improving AI quality (using aggregated and de-identified data wherever feasible).
• Send Customer transactional and account messages.
• Comply with legal obligations and enforce our Terms of Service.

4. How We Share Information

We share personal information only as described below. We do not sell personal information.

• With our Customers: End-User call and booking data is shared with the Customer whose phone number was called. The Customer is the controller of that data.
• Service providers (subprocessors):
  • Twilio — telephony and SMS delivery.
  • Stripe — payment processing.
  • Resend — transactional email delivery.
  • Google — OAuth authentication and Google Calendar integration (only with Customer consent).
  • ElevenLabs — AI voice synthesis.
  • Railway — application hosting and database.
  • Cloudflare — DNS, CDN, and edge security.
• Legal: when required by law, subpoena, court order, or to protect rights, safety, or property.
• Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this Policy.

5. Data Retention

We retain Customer account data for the life of the account plus 90 days after termination. Call recordings and transcripts are retained for 12 months unless the Customer configures a shorter retention. SMS logs are retained for 18 months for compliance and dispute resolution. Customers may request earlier deletion by emailing [add email here].

6. Security

We use TLS in transit, encryption at rest for credentials and tokens, hashed passwords (bcrypt), role-based access controls, and least-privilege service accounts. No system is perfectly secure; if we become aware of a breach affecting your personal information, we will notify you and applicable regulators as required by law.

7. Your Privacy Rights

7.1 California residents (CCPA / CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how we use it.
• Access and obtain a copy of your personal information.
• Request correction of inaccurate personal information.
• Request deletion of personal information, subject to legal exceptions.
• Opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising.
• Limit use of sensitive personal information.
• Not be discriminated against for exercising any of these rights.

To exercise these rights, email [add email here]. We will verify your request using account information already on file.

7.2 Other US states

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have similar rights. The process above applies.

8. Children

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have, contact us and we will delete it.

9. International Users

BookedSmarter is operated from the United States. By using the Service, you consent to the transfer of your information to, and processing in, the United States.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new effective date and, if changes are material, notify Customers by email.

11. Contact

Questions or requests: