1. Who is responsible for your data
The data controller for the NoShowBee account you create is NoShowBee, Pontidos 17. Contact: [email protected].
For the personal data of your clients that you enter into NoShowBee, you are the controller and we are the processor acting on your instructions.
2. What we collect — about you (the account owner)
- Account: business name, your name, email, hashed password, locale, timezone, optional WhatsApp number.
- Billing: Stripe customer id, subscription status, payment method last-4 digits (never the full card). Card data is handled by Stripe and never reaches our servers.
- Operational: IP address, last login time, email delivery logs, basic event log (signup, upgrade) for troubleshooting and product analytics.
3. What we process — about your clients
For every appointment you create we store: client name, phone, optional email, service name, date/time, optional notes, and the status of the appointment. We use this strictly to send the reminder you scheduled and to render your dashboard.
We do not use your client data for our own marketing, profile them, or share them with third parties beyond the sub-processors listed below.
4. Legal bases
- Performance of contract for account, appointments and reminders.
- Legal obligation for invoicing / tax records.
- Legitimate interest for security, fraud prevention and basic product analytics.
- Consent for optional analytics cookies, if you choose to accept them in the cookie banner.
5. Sub-processors
| Provider | Purpose | Location |
|---|---|---|
| cPanel / shared hosting | Application + database hosting | EU |
| Cloudflare, Inc. | CDN, WAF, DNS | Global (EU edges) |
| Resend, Inc. | Transactional email delivery | EU / US |
| Stripe Payments Europe Ltd | Subscription billing | EU |
6. Retention
We keep client appointment data for as long as your account is active. Closed accounts and their client data are deleted within 30 days of closure. We retain billing records for as long as required by applicable tax law (typically 5–10 years, country-dependent).
Default appointment retention: appointments older than 24 months may be auto-pruned to minimise stored personal data.
7. Your rights (GDPR)
You have the right to access, correct, export, delete or restrict the processing of your personal data, and to object or lodge a complaint with your local data-protection authority. To exercise any of these rights:
- Export: from your Settings page (one-click JSON download of your account + your clients).
- Delete: from your Settings page (account + your clients' data deleted within 30 days).
- Or email [email protected] and we will respond within 30 days.
8. Security
We encrypt traffic with TLS, hash passwords with bcrypt, and use single-use tokens for sensitive links. Data is stored on EU servers with daily backups. If a breach affecting your data occurs, we will notify you and the relevant authority within 72 hours of becoming aware.
9. Cookies
See our Cookie Policy for the cookies we use, what they do, and how to opt out.
10. Changes to this Policy
We may update this Policy; material changes will be announced by email at least 30 days before they take effect.
