Privacy Policy

Wellbooked ("we," "us," or "our") operates the scheduling platform at wellbooked.net. This Privacy Policy describes what personal information we collect, how we use it, who we share it with, and how we protect it.

Wellbooked is based in Eugene, Oregon, USA. By using our Service, you agree to the collection and use of information as described in this policy.

From Hosts (Bookees)

When you create a Wellbooked account, we collect:

• Account information: display name, email address, username, timezone, and password (hashed and stored securely by our database provider; we never see or store plaintext passwords)
• Profile information: bio, welcome message, phone number (optional)
• Branding assets: logo images, banner images, theme color preferences, and logo shape preferences. Images are stored in our cloud storage.
• Calendar data: Google Calendar OAuth tokens and Apple Calendar (CalDAV) credentials, used solely to sync your availability and prevent double-booking
• Billing information: Stripe customer ID and subscription status. Credit card details are collected and stored entirely by Stripe — Wellbooked never sees or stores card numbers.
• Promotional codes: any invite codes applied to your account

From Guests (Bookers)

When you book an appointment through Wellbooked, we collect:

• Name and email address (required)
• Phone number (optional)
• Booking notes (optional)
• Timezone

Bookers are not required to create an account.

Automatically Collected

We use essential authentication cookies managed by our database provider (Supabase) to maintain your login session. We do not use analytics cookies, tracking pixels, advertising cookies, or any other form of cross-site tracking.

We use the information we collect to:

• Provide, operate, and maintain the scheduling service
• Process bookings and display your booking page
• Send booking confirmations, reminders, and cancellation notices via email and SMS
• Process payments and manage subscriptions through Stripe
• Sync with external calendars to prevent scheduling conflicts
• Send trial reminder emails as your free trial nears its end
• Respond to support requests submitted through our contact form
• Improve the Service

We do not sell your personal information to third parties.

We use the following third-party services to operate Wellbooked. Each provider processes data in accordance with their own privacy policies:

Wellbooked uses SMS messaging via Twilio to send booking-related notifications. By providing your phone number when scheduling an appointment, you consent to receive transactional SMS messages from Wellbooked, including:

• Booking confirmations
• Appointment reminders
• Cancellation and rescheduling notices

Message Frequency

Message frequency varies based on your booking activity. You will typically receive 1–3 messages per appointment (confirmation, reminder, and any changes).

Opting Out

You may opt out of SMS messages at any time by replying STOP to any message. After opting out, you will receive one final confirmation message and no further SMS messages will be sent. You may opt back in at any time by replying START.

Costs

Message and data rates may apply depending on your mobile carrier and plan. Wellbooked does not charge for SMS messages, but your carrier may.

Privacy

Your phone number is used solely for booking-related notifications. We do not share your phone number with third parties for marketing purposes. Phone numbers are transmitted to our SMS provider (Twilio) only for the purpose of delivering messages. For questions about SMS messaging, contact us at privacy@wellbooked.net.

Wellbooked uses only essential authentication session cookies, managed by Supabase, to keep you logged in. These cookies are strictly necessary for the Service to function and cannot be disabled while using the Service.

We do not use analytics cookies, tracking pixels, advertising cookies, or any form of cross-site tracking technology. We do not share data with advertising networks.

Your data is stored on US-based servers managed by Supabase. We take reasonable measures to protect your personal information, including:

• Passwords are hashed using industry-standard algorithms (managed by Supabase)
• Calendar integration credentials are stored securely
• All data transmission is encrypted via HTTPS
• Database access is restricted using row-level security policies

Please note that uploaded branding images (logos and banners) are stored with publicly accessible URLs. While the URLs are not listed publicly, anyone with the direct URL can access the image.

We retain your account data for as long as your account is active. Booking data is retained for the duration of the host's account. When you delete your account, your personal data is deleted from our systems.

You have the right to:

• Access your personal data held by Wellbooked
• Correct inaccurate or incomplete personal data
• Delete your personal data and account
• Export your personal data in a portable format

To exercise any of these rights, please contact us or email privacy@wellbooked.net. We will respond to your request within 30 days.

If you are a California resident, you have the right to:

• Know what personal data we collect about you
• Request deletion of your personal data
• Opt out of the sale of your personal data

Wellbooked does not sell personal data to third parties. The categories of personal data we collect are described in Section 2 of this policy.

Wellbooked is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child under 16, please contact us and we will promptly delete it.

Each host has access to a public iCal feed URL that can be subscribed to from external calendar applications. This feed contains your scheduling data. You should treat this URL as sensitive information and share it only with trusted calendar applications.

When a Wellbooked booking widget is embedded on a third-party website, any booking data submitted through the widget is processed in accordance with this Privacy Policy. The third-party website may have its own data collection practices; please review their privacy policy as well.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service. The "Effective" date at the top of this page will be updated to reflect the most recent revision.

If you have any questions about this Privacy Policy, please contact us or email us at privacy@wellbooked.net.