Privacy Policy

1. Introduction

ApptSecure ("we," "us," or "our") is committed to protecting the privacy of our users and their customers. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our SMS appointment reminder platform ("Service"). By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

Account Information: When you register, we collect your email address, password (hashed and stored securely), business name, business phone number, business address, and business type.

Customer Data: You may input customer data including names, phone numbers, email addresses, appointment details, service history, and notes. This data is stored on your behalf and you remain the data controller.

SMS Data: We process and store SMS message content, delivery status, timestamps, and consent records as required for service delivery and TCPA compliance.

Usage Data: We automatically collect information about how you use the Service, including pages visited, features used, SMS volumes, and performance metrics.

Payment Data: Payment processing is handled by Stripe. We do not store your full credit card number. We may store your Stripe customer ID and subscription status.

3. How We Use Your Information

We use your information to provide and maintain the Service, including sending SMS reminders on your behalf; process subscription payments and overage charges; monitor SMS delivery and system performance; enforce our Terms of Service and prevent abuse; communicate with you about your account, billing, and service updates; comply with legal obligations, including TCPA recordkeeping requirements; and improve the Service based on usage patterns and feedback.

4. SMS Consent & Compliance

We maintain detailed records of SMS consent events, including opt-in and opt-out actions, methods of consent, timestamps, and IP addresses when available. These records are maintained as required by TCPA and CTIA regulations. Consent records are immutable and cannot be modified or deleted. We retain consent records for a minimum of 5 years after the last consent event, or as required by applicable law.

5. Data Sharing & Third Parties

We share data only with the following categories of third-party service providers, and only to the extent necessary to deliver the Service:

Twilio: SMS message delivery. Twilio processes phone numbers and message content to send and receive SMS messages.

Stripe: Payment processing. Stripe processes payment information for subscription billing and overage charges.

Supabase: Database hosting. Your data is stored in Supabase's cloud infrastructure with encryption at rest.

We do not sell, rent, or trade your personal information or your customers' information to any third party for marketing purposes.

6. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL) and at rest, row-level security policies ensuring users can only access their own data, secure password hashing, and regular security reviews. While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your account data for as long as your account is active. After account deletion, we retain certain data as required by law (such as SMS consent records and billing records). Customer data entered by you is deleted when you delete the customer record or close your account, except for consent audit trails which are retained for legal compliance. Usage and billing records are retained for a minimum of 7 years for tax and accounting purposes.

8. Your Rights

You have the right to access, update, or delete your account information at any time through your account settings. You may export your customer and appointment data at any time. You may close your account by contacting us at sales@apptsecure.com. If you are located in a jurisdiction with additional data protection rights (such as the CCPA or GDPR), you may have additional rights, including the right to data portability and the right to object to certain processing activities.

9. End-Customer Privacy

As a user of ApptSecure, you are responsible for the data of your customers that you input into the Service. You should maintain your own privacy policy informing your customers about how their data is used, including the use of automated SMS reminders. You must obtain appropriate consent from your customers before inputting their data into ApptSecure and sending them SMS messages.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service at least 30 days before they take effect. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

11. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at sales@apptsecure.com.