Privacy Policy

Last updated: March 31, 2026

1. Introduction

Book & Unlock ("we," "our," or "us") operates the Book & Unlock service (the "Service"), which automates smart lock access codes for businesses using Acuity Scheduling. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information

When you register, we collect your name, email address, and payment information. Authentication is handled by Clerk, Inc. We do not store your raw password.

Booking & Client Data

To operate the Service, we receive booking data from your connected Acuity Scheduling account via webhooks. This may include your clients' names, email addresses, and phone numbers as provided in their Acuity appointments.

Phone Numbers

If you enable SMS notifications, we collect and store your clients' phone numbers solely for the purpose of sending them appointment-related access code notifications. Phone numbers are never sold or shared with third parties except as required to deliver those messages (see Section 4).

Lock Credentials

We store API credentials you provide for your smart lock platform (e.g., TTLock / Sifely) in order to generate and manage access codes on your behalf.

Usage & Log Data

We collect error logs, webhook events, and access code generation records to operate the Service and help you diagnose issues.

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To generate and deliver smart lock access codes based on appointments
  • To send SMS and email notifications to your clients about their access codes
  • To process payments and manage your subscription via Stripe
  • To respond to support requests
  • To send you transactional and service-related communications
  • To detect, prevent, and address technical issues or fraud

4. SMS Messaging & Twilio

SMS notifications are delivered through Twilio, Inc., a third-party messaging service. By enabling SMS notifications and providing a client's phone number, you represent that you have obtained the client's consent to receive text messages from your business via this Service.

Message Content

Messages sent via the Service contain appointment confirmation details and smart lock access codes. Message content is based on the notification templates you configure.

Message Frequency

Message frequency varies and depends on your booking volume. Typically, one SMS is sent per confirmed appointment and one upon cancellation or code revocation.

Opt-Out

Recipients can reply STOP to any message to opt out of further SMS communications. Replies of HELP will return assistance information. Message and data rates may apply.

Data Shared with Twilio

To deliver SMS messages, we share the recipient's phone number and message content with Twilio. Twilio's use of this data is governed by the Twilio Privacy Policy.

5. Third-Party Services

We use the following third-party services to operate the Service:

  • Clerk — Authentication and user management
  • Stripe — Payment processing and subscription billing
  • Twilio — SMS message delivery
  • Resend — Transactional email delivery
  • Neon — Hosted database infrastructure
  • Acuity Scheduling — Appointment data via OAuth integration
  • TTLock / Sifely — Smart lock platform APIs

Each of these services has its own privacy policy governing how they handle data. We are not responsible for their practices.

6. Data Retention

We retain your account data for as long as your account is active. Booking-related records and access code logs may be retained for up to 90 days after generation for troubleshooting purposes. Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

7. Data Security

We use industry-standard security measures including encrypted connections (TLS), access controls, and secure credential storage. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete personal data we hold about you. To exercise these rights, contact us at the address below. We will respond within 30 days.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us through the support page within the app.