Legal

Privacy Notice

This notice explains the data BookableCheck plans to process for the public website, HubSpot app, alerts, support, and billing.

1. Scope and controller

This notice applies to bookablecheck.com and the BookableCheck HubSpot application. “BookableCheck,” “we,” and “us” refer to the service operator. The operator’s full legal name, registered address, and privacy representative will be inserted here following legal review.

2. Data we collect

Website data

The public website does not use analytics, advertising pixels, or cookies. Infrastructure providers may process basic request information such as IP address, user agent, requested URL, timestamp, and security signals to deliver and protect the site.

HubSpot installation and account data

We process HubSpot portal ID, app installation state, granted scopes, encrypted OAuth credentials, portal timezone, signed user ID, signed user email when required for alert self-subscription, and signed permission context.

Scan and remediation data

The free service stores aggregate deactivated-user and risky-link counts, scan status, and timestamp. Pro may store owner identifiers and limited profile fields, scheduling-page identifiers and metadata, finding classifications and states, replacement mappings, offboarding cases and tasks, scan history, and audit events.

For future-meeting detection and owner reassignment, HubSpot currently requires the conditionally authorized crm.objects.contacts.read and crm.objects.contacts.write scopes even though BookableCheck calls only Meetings endpoints. We never call a Contacts endpoint or retrieve contact records. We store only meeting ID, owner ID, start and end times, outcome, and a validated HubSpot link. An authorized admin may direct BookableCheck to update the HubSpot CRM owner field. We do not intentionally retrieve or retain titles, attendee identities, message bodies, notes, locations, or contact associations.

Billing, email, and support data

Stripe processes payment details. We receive customer and subscription identifiers, portal linkage, billing email, invoice and status information, and relevant webhook events. For alerts, we process subscriber consent, email address, suppression state, and delivery events. Support messages contain the information a sender chooses to provide.

3. How we use data

  • Authorize, operate, secure, and troubleshoot the service.
  • Detect supported scheduling pages that reference deactivated users.
  • Present findings, guide remediation, verify results, and maintain short-term history.
  • Send opted-in service alerts and required account or billing notices.
  • Manage subscriptions, prevent duplicate portal subscriptions, and support cancellation or reinstall.
  • Comply with legal, accounting, security, and fraud-prevention obligations.

4. Legal bases

Where applicable law requires a legal basis, the anticipated bases are performing a contract, the customer’s and our legitimate interests in operating and securing the service, consent for optional alert enrollment where required, and compliance with legal obligations. Counsel will confirm applicable bases and regional disclosures before launch.

5. Service providers and sharing

We plan to use the following subprocessors:

ProviderPurpose
CloudflareWebsite and application hosting, relational storage, queue processing, networking, security, and operational logs
HubSpotOAuth authorization, source owner, scheduling-page and minimal meeting data, confirmed CRM meeting-owner updates, native app interface, and installation lifecycle
StripeCheckout, subscriptions, invoices, tax configuration, Customer Portal, and payment processing
Twilio SendGridTransactional alerts, required account notices, delivery events, and suppression handling

We do not sell personal information or use application data for targeted advertising. We may disclose information when required by law, to protect the service and its users, or as part of a properly governed business transaction.

6. Retention and deletion

  • Current and open Pro operational state is kept while the portal remains installed and entitled.
  • Resolved findings, closed cases, scan history, and minimal meeting records are deleted after 90 days.
  • On paid downgrade, detailed operational data is deleted from active systems within 24 hours, leaving aggregate status.
  • On confirmed uninstall, HubSpot credentials, recipients, scan data, snapshots, findings, cases, and aggregate results are deleted from active systems within 24 hours.
  • Cloudflare D1 Time Travel may retain recoverable encrypted database states for up to 30 days under the planned Workers Paid configuration.
  • Minimal Stripe-linked billing records are retained separately as needed for an active subscription, cancellation, accounting, disputes, tax, legal obligations, and reinstall recognition.

7. Uninstall and continuing billing

Under the planned policy, uninstalling BookableCheck from HubSpot ends operational processing but does not cancel a Stripe subscription. The billing contact must cancel separately through the billing portal. We will make this distinction visible before purchase, during uninstall, in required email notices, and in the Terms. This policy is subject to legal and HubSpot Marketplace approval before production billing.

8. Security

Planned safeguards include authenticated encryption for OAuth credentials, signed-request verification, one-time OAuth state, least-privilege scopes, tenant-scoped queries, restricted secrets, redacted logs, idempotent background work, retention jobs, and monitoring. No method of storage or transmission is completely secure.

9. International transfers

Service providers may process information in countries other than the customer’s. The selected D1 placement is planned for western North America unless a different jurisdiction is selected before production database creation. Counsel will add the appropriate transfer mechanism and region-specific rights before launch.

10. Your choices and rights

Authorized admins may manage alert subscriptions, disconnect the app, and request assistance with access, correction, or deletion. Billing contacts manage the subscription separately through Stripe. Depending on location, individuals may have additional rights to access, correct, delete, restrict, object, or receive a copy of personal information.

11. Children

BookableCheck is a business service not directed to children, and we do not knowingly collect children’s personal information.

12. Changes and contact

We may update this notice as the service changes. The final notice will include an effective date and a method for notifying customers of material changes. Questions or privacy requests may be sent to support@bookablecheck.com until a dedicated privacy address and legal mailing address are finalized.