Privacy Policy
Last updated: May 19, 2026
1.What We Collect
When you sign up and use BKKD we collect:
- Account info: name, email, and authentication credentials. Authentication is handled by Clerk; we do not store your password.
- Booking data you create: client records, holds, confirmed bookings, projects, communications log, lifecycle progress, documents.
- Usage telemetry: routes visited, error events. Used to maintain the service and identify bugs. Aggregated where possible.
2.How We Use Your Data
We use the data you give us to:
- Operate the service you signed up for.
- Respond to support requests.
- Improve product features based on aggregate usage patterns.
- Send transactional email (request confirmations, account deletion notices). We do not send marketing email without explicit opt-in.
We do not sell your data. Ever. We do not share it with advertisers or data brokers. We do not use your booking data to train AI models.
3.Third-Party Services
BKKD relies on a small set of subprocessors to operate the service. Each handles a specific function and processes data only as needed. Vendor names below link to the company; the “Learn more” column links to that vendor’s public privacy policy. Each opens in a new tab.
| Who | What they do | Where | Learn more |
|---|---|---|---|
| Clerk | Authentication, sign-in, and session management. | United States | Privacy policy |
| Supabase | Database (your booking, client, document, event data) and document file storage. | United States | Privacy policy |
| Vercel | Application hosting, edge compute, scheduled jobs. | United States | Privacy policy |
| Resend | Transactional email delivery (request confirmations, account deletion notices). | United States | Privacy policy |
| Anthropic | AI-assisted email drafting. Only the booking context needed to draft an email is sent — dates, rates, payment structure, and first names of both parties. Full contact details, document contents, and internal IDs are never transmitted. | United States | Privacy policy |
These providers process data on our behalf under their own privacy policies and applicable data processing agreements. We do not grant them rights to use your data for their own purposes.
4.Data Retention
We keep your data for as long as your account is active. When you delete your account, we begin a 30-day grace period during which the deletion can be cancelled. After 30 days all booking, client, document, event, and personal time data is permanently removed from our active systems. Encrypted backups may persist for up to 60 additional days before they age out.
5.Your Rights
You can, at any time:
- Export all your data as a portable archive via Settings → Backup.
- Delete your account via Settings → Profile, which initiates the 30-day removal described above.
- Correct your account information via Settings → Profile.
- Contact us with questions about your data or to exercise rights under applicable privacy laws (GDPR, CCPA, etc.).
6.Cookies and Tracking
We use only the cookies required to keep you signed in and to operate the service. We do not run third-party advertising trackers or behavioural analytics.
7.Security
All data is encrypted in transit (TLS) and at rest. Row-level security policies are enforced at the database level on every user-scoped table. The privileged service-role key used for server-side operations is never shipped to the browser.
8.Children
BKKD is not directed at users under 16, and we do not knowingly collect data from children. If you believe we have collected information from a child, contact us and we will delete it.
9.Changes to This Policy
We may update this policy from time to time. Material changes will be announced by email or in-app notice prior to taking effect. The “Last updated” date at the top of this page reflects the latest revision.
10.Contact
Privacy questions or requests: privacy@bkkd.app