Privacy Policy

Last updated: March 12, 2026

1. Introduction

Fusionix LLC, doing business as "BookMe Studio" ("we," "us," or "our"), operates the BookMe Studio platform, which includes mobile applications, web-based business tools, website builder templates, and related services (collectively, the "Service").

This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service. By accessing or using BookMe Studio, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

This policy applies to all users of the Service, including business owners who manage their operations through BookMe Studio ("Business Users") and their customers who book appointments or interact with businesses through the platform ("Client Users").

2. Definitions

  • "Service" — The BookMe Studio platform, including the BookMe Pro app (for business owners), BookMe Client app (for customers), website builder templates, Cloud Functions, and all related services.
  • "Business User" — A beauty or wellness professional or business that uses BookMe Studio to manage appointments, clients, payments, marketing, and other business operations.
  • "Client User" — An individual who books appointments, purchases gift cards or packages, submits forms, or otherwise interacts with a Business User through the Service.
  • "Personal Data" — Any information that identifies or can be used to identify a natural person, directly or indirectly.
  • "Processing" — Any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.

3. Information We Collect

Account & Profile Data. When you create an account, we collect your name, email address, phone number, and password. Business Users also provide business name, address, description, service categories, hours of operation, and staff information.

Business Operations Data. Business Users may store client records, appointment history, service details, staff schedules, inventory records, expenses, invoices, goals, and analytics data within the Service.

Client & Booking Data. When Client Users book appointments, we collect their name, email, phone number, selected services, preferred staff, appointment date/time, and any notes or special requests. For guest bookings (without an account), we collect the same information.

Payment Data. Payment information — including credit/debit card numbers, billing addresses, and bank account details — is collected and processed by Stripe. We do not store full card numbers on our servers. We receive limited payment information from Stripe, such as the last four digits of a card, card brand, and transaction status.

Communications Data. We collect the content and metadata of messages sent through the Service, including SMS messages (via Twilio), email campaigns (via SendGrid), push notifications, and in-app communications.

Form & Waiver Submissions. Business Users may create custom forms and waivers that Client Users complete. Submitted data may include text responses, electronic signatures, and uploaded photos or files.

Device & Usage Data. We automatically collect device type, operating system, browser type, IP address, approximate geolocation, app version, pages visited, features used, session duration, and crash/error logs.

Cookies & Similar Technologies. We use cookies, local storage, and similar technologies to maintain sessions, remember preferences, and collect analytics data. See Section 10 for details.

4. How We Collect Information

Directly from you. When you create an account, update your profile, make a booking, submit a form, process a payment, contact support, or otherwise interact with the Service.

Automatically. Through cookies, server logs, device identifiers, analytics tools, and Firebase SDKs embedded in our applications.

From third parties. We may receive information from Stripe (payment confirmations and dispute data), Firebase Authentication (sign-in provider details), Google Places (business address verification), and social login providers if you choose to authenticate via Google or Apple.

5. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery. Operating the platform, processing bookings, managing business operations, enabling the website builder, and providing customer support.
  • Payment processing. Facilitating transactions between Business Users and Client Users via Stripe, managing subscription billing, processing refunds, handling disputes, and issuing invoices.
  • Communications. Sending appointment confirmations, reminders, cancellation notices, receipt emails, gift card delivery emails, staff invitations, and system notifications.
  • Marketing. Sending promotional email and SMS campaigns on behalf of Business Users to their clients, subject to opt-in consent and applicable law. See Section 9 for details.
  • Analytics & improvement. Analyzing usage patterns, monitoring performance, debugging issues, and improving the Service. This includes syncing website analytics via Google Analytics 4.
  • AI features. Generating AI-powered responses and suggestions for Business Users (Premium plan) using Google Vertex AI. Your data may be processed by Google's AI models for this purpose.
  • Security & fraud prevention. Detecting and preventing fraudulent transactions, unauthorized access, and abuse of the platform.
  • Legal compliance. Complying with applicable laws, regulations, legal processes, or government requests.

6. Legal Bases for Processing

If you are in the European Economic Area (EEA), United Kingdom, or another jurisdiction that requires a legal basis for processing, we rely on the following:

  • Contract. Processing necessary to perform our contract with you (e.g., providing the Service, processing payments, managing your account).
  • Consent. Processing based on your explicit consent (e.g., marketing communications, optional cookies, AI feature usage).
  • Legitimate interest. Processing necessary for our legitimate interests, such as improving the Service, preventing fraud, and ensuring security, where those interests are not overridden by your rights.
  • Legal obligation. Processing necessary to comply with applicable laws, such as tax reporting, financial record-keeping, or responding to lawful government requests.

7. Data Sharing & Third-Party Services

We do not sell your Personal Data. We share information with the following categories of third-party service providers who process data on our behalf:

ProviderPurposeData Shared
StripePayment processing, Connect marketplace, subscription billingName, email, payment method details, transaction amounts
Firebase / Google CloudAuthentication, database, file storage, Cloud Functions, push notificationsAccount data, business data, booking data, uploaded files, device tokens
SendGrid (Twilio)Transactional and marketing email deliveryEmail address, name, email content
TwilioSMS notifications and marketing messagesPhone number, message content
VercelWebsite hosting, edge functions, analyticsIP address, device info, page views
Google Analytics 4Website analytics for business template sitesAnonymized usage data, page views, session data
Google Vertex AIAI-powered response generation (Premium feature)Business context, query content

We may also disclose information if required by law, court order, or governmental authority, or to protect our rights, safety, or property.

8. Business User Data Processing

Business Users act as independent data controllers with respect to the Personal Data of their clients ("Client Data"). BookMe Studio acts as a data processor, processing Client Data on behalf of and at the instruction of the Business User.

Business Users are responsible for ensuring they have a lawful basis to collect and process their clients' Personal Data, providing their own privacy notices to their clients, and complying with applicable data protection laws in their jurisdiction.

If you are a Client User and have questions about how a specific business handles your data, please contact that business directly. For questions about how BookMe Studio processes data as a platform, contact us using the information in Section 20.

9. Marketing Communications

SMS marketing (TCPA compliance). Business Users may send SMS marketing campaigns to their clients through the Service. SMS marketing messages are only sent to individuals who have provided prior express written consent to receive such messages from the Business User. Recipients may opt out at any time by replying STOP. We honor all opt-out requests immediately. Message and data rates may apply. Message frequency varies by Business User.

Email marketing (CAN-SPAM compliance). Marketing emails sent through the Service include a clear unsubscribe mechanism, the Business User's physical address or our address on their behalf, an accurate "From" line, and a non-deceptive subject line. Unsubscribe requests are processed within 10 business days as required by law.

Marketing credits. Business Users receive a monthly allocation of marketing credits (500 for Standard plans, 2,000 for Premium plans). Credits are used to send SMS and email campaigns and reset monthly.

Platform communications. We may send you transactional emails and notifications related to your account, appointments, and the Service (e.g., booking confirmations, payment receipts, security alerts). These are not marketing and cannot be opted out of while you maintain an active account.

10. Cookies & Tracking Technologies

We use the following types of cookies and similar technologies:

  • Essential cookies. Required for core functionality such as authentication, session management, and security. These cannot be disabled.
  • Analytics cookies. Used to understand how visitors interact with our websites (e.g., Vercel Analytics, Google Analytics 4). These collect anonymized usage data.

You can manage cookie preferences through the consent banner displayed on your first visit. Most browsers also allow you to control cookies through their settings.

11. Data Security

We implement industry-standard security measures to protect your Personal Data, including:

  • Encryption in transit using TLS/SSL for all data transmissions
  • Encryption at rest for data stored in Firebase/Google Cloud
  • PCI DSS compliance through Stripe for all payment data handling
  • Firebase Authentication with secure token-based session management
  • Role-based access controls and staff permissions within the platform
  • Firestore security rules restricting data access to authorized users
  • Regular security monitoring and vulnerability assessments

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

12. Data Retention

We retain your Personal Data as follows:

  • Active accounts. We retain your data for as long as your account is active and as needed to provide the Service.
  • Post-deletion. Upon account deletion, we delete or anonymize your Personal Data within 30 days, except as noted below.
  • Financial records. Stripe payment and transaction records may be retained for up to 7 years to comply with tax and financial reporting obligations.
  • Legal holds. We may retain data beyond normal retention periods when required by law, legal proceedings, or government investigations.
  • Aggregated data. De-identified, aggregated data that cannot be linked to any individual may be retained indefinitely for analytics and service improvement.

13. Your Privacy Rights — California (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know. You may request that we disclose what Personal Data we collect, use, disclose, and sell about you.
  • Right to delete. You may request deletion of your Personal Data, subject to certain exceptions.
  • Right to opt out of sale/sharing. We do not sell your Personal Data. We do not share your Personal Data for cross-context behavioral advertising.
  • Right to correct. You may request correction of inaccurate Personal Data.
  • Right to non-discrimination. We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, use the account settings in the app, submit a request through our GDPR data request function, or email legal@fusionix.tech. We will verify your identity before processing requests and respond within 45 days.

14. Your Privacy Rights — GDPR / EEA

If you are in the European Economic Area (EEA) or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access. Request a copy of the Personal Data we hold about you.
  • Right to rectification. Request correction of inaccurate or incomplete data.
  • Right to erasure. Request deletion of your data ("right to be forgotten").
  • Right to data portability. Receive your data in a structured, machine-readable format.
  • Right to restrict processing. Request that we limit how we process your data.
  • Right to object. Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent. Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise these rights, contact us at legal@fusionix.tech. You also have the right to lodge a complaint with your local data protection authority.

15. Data Portability & Deletion

In-app deletion. Business Users can delete their account through the app settings. Client Users can delete their account through the client app or by contacting us.

Data export. You may request a copy of your data in a machine-readable format by contacting us or using the GDPR data request function available in the platform.

Deletion process. When you request account deletion, we initiate a process that deletes or anonymizes your Personal Data within 30 days. Certain data may be retained longer as described in Section 12. Data shared with third-party services (e.g., Stripe) is subject to those services' retention policies.

16. International Data Transfers

BookMe Studio is operated by Fusionix LLC in the United States. Your data is primarily processed and stored in the United States using Google Cloud / Firebase infrastructure.

If you are accessing the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from your jurisdiction. Where required, we rely on standard contractual clauses, adequacy decisions, or other lawful transfer mechanisms to ensure appropriate safeguards for international data transfers.

17. Children's Privacy

The Service is not directed to children under 13 years of age (or under 16 in the EEA). We do not knowingly collect Personal Data from children under these ages. If we become aware that we have collected data from a child under the applicable age, we will take steps to delete that information promptly.

If you believe a child has provided us with Personal Data, please contact us at legal@fusionix.tech.

18. Third-Party Links & Services

The Service may contain links to third-party websites or services, including business websites built with our website builder templates. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you interact with.

19. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For material changes, we will notify you by email, in-app notification, or a prominent notice on our website. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

20. Contact Information

For privacy-related questions, concerns, or requests, contact us at:

Fusionix LLC (d/b/a BookMe Studio)
Email: legal@fusionix.tech

For general inquiries, you may also reach us at contactus@fusionix.tech.