Privacy Policy

Last updated June 24, 2026.

Booknis is operated by Bhavesh Labs, Inc., a California corporation. We built a tool your customers trust you with, so we take data handling seriously. This page explains what we collect, who we share it with, how long we keep it, and what you can ask us to do with it.

Note — not legal advice. This policy is written in plain English for clarity. It should be reviewed by qualified legal counsel before your business relies on it for compliance purposes. Laws vary by jurisdiction.

1. What we collect

Account data. Your name, email address, business name, and a hashed password. You provide these at sign-up. We record your explicit consent to these Terms and Privacy Policy at that moment, along with a timestamp.

Business data. Everything you enter to run your business: appointments, services, team members, business hours, location details, and your billing configuration. You own this data. We process it on your behalf.

Customer data. Client records you create or import: names, phone numbers, email addresses, appointment history, notes, and any files or documents attached to a client record. Your customers' data belongs to your business. We store and process it strictly to operate the service you purchased.

Payment data. Transaction amounts, dates, tips, payment status, and method labels (e.g. "card" or "cash") recorded in your appointment ledger. We never store card numbers, CVVs, or full payment instrument details. Those are entered directly into Stripe and never touch our servers.

Usage data. Pages visited, features used, and errors encountered — used only to fix bugs and decide what to build next. No advertising trackers. No third-party analytics beyond our own server logs.

2. Sub-processors we share data with

We use a minimal set of sub-processors. Each receives only the data necessary to do their job:

• Supabase — database and authentication hosting (US-East). Stores account, business, and customer data described in section 1.
• Stripe — subscription billing for your Booknis plan. Stripe receives your billing name, email, and card details directly via Stripe Elements. We never see your card. Stripe's privacy policy governs how they handle your payment instrument data.
• Resend — transactional email (trial reminders, password resets, confirmation emails, and messages you send to your own customers via Booknis Mail).

No other parties receive your data.

3. How we use it

• To operate and deliver the Booknis service you signed up for.
• To power PRANIS™ — the AI memory layer that learns patterns from your own business data to surface insights and draft messages for you. Your data trains nothing outside your account.
• To send transactional emails: account confirmations, password resets, trial reminders. No marketing email without your consent.
• To fix bugs and improve the product.

4. Data retention

We retain your data for as long as your account is active, plus 30 days after cancellation so you can change your mind. After that 30-day window we purge your business and customer data from production databases and from backups within the next backup cycle (90 days maximum). Anonymized aggregate statistics — such as total appointment volume and plan distribution — may be retained indefinitely and cannot be traced back to you.

5. Your rights

You can export, edit, or delete your business and customer data from the dashboard at any time. The export feature produces CSV files covering appointments, customers, payments, and services. The delete-account flow in Settings permanently removes your account and queues full data purge.

To exercise rights of access, correction, portability, or deletion of your account data (name, email, consent record) — or to make a request under California privacy law or applicable data protection regulations — email signal@bhaveshlabs.com. We respond within 30 days.

6. Cookies and local storage

We use a single session cookie to keep you signed in. We use browser local storage for UI preferences such as theme and sidebar state. We do not use advertising cookies, cross-site tracking cookies, or fingerprinting. If you block cookies, you will not be able to stay signed in.

7. Security

Data is encrypted in transit (TLS) and at rest. Access to production systems is restricted to authorized personnel. We follow responsible disclosure: if you discover a security issue, contact signal@bhaveshlabs.com and we will respond promptly.

8. Governing law

This policy is governed by the laws of the State of California, USA. Disputes are resolved in the courts of San Francisco County, except where local consumer-protection law grants you a stronger right.

9. Changes to this policy

We will notify active account holders by email at least 14 days before any material change takes effect. Continued use after the effective date constitutes acceptance of the updated policy.

10. Contact

Privacy questions: signal@bhaveshlabs.com. We read every message and reply within two business days.