Privacy Policy

Last updated: June 28, 2026 (v2.3)

  1. Who We Are

Bontro ("we," "us," or "our") operates the booking platform available at bontro.co. We provide appointment scheduling software for independent service professionals and their clients. Questions about this policy can be directed to support@bontro.co.

  1. Information We Collect

We collect information you provide directly:

  • Account information: name, email address, and password when you create an account, or your Google profile if you sign in with Google.
  • Business information: business name, address, phone number, and service details provided by professionals during onboarding.
  • Booking information: name, email, phone number, and appointment notes provided when a client books an appointment.
  • Payment information: we use Stripe to process payments. We do not store your full card number, CVV, or bank account details. We store only opaque references (payment method IDs) provided by Stripe.
  • Gift card recipient information: when a gift card is purchased and sent to another person, we collect the recipient's name, email address, and any personal message included by the purchaser. This information is used only to deliver the gift card notification. Recipients who do not have a Bontro account are not added to any marketing list. Recipient data is retained for as long as the gift card record exists.
  • Consent form information: when you submit a digital consent form required by a service professional, we collect the following on their behalf: date of birth, known allergies, relevant medical conditions, age confirmation (18+), photo consent preference, your typed or drawn signature, and the timestamp of signing. For fraud prevention and audit purposes we also record an anonymized version of your IP address (last octet masked, e.g. 1.2.3.0). This health and sensitive information is collected solely to fulfill the service professional's liability and safety requirements and is not used by Bontro for advertising or profiling. It is retained alongside the consent record for 3 years per our standard retention schedule.
  • Communications: messages you send us via email or support channels.

We also collect information automatically:

  • Usage data: pages visited, features used, and actions taken within the platform.
  • Device and browser information: IP address, browser type, and operating system.
  • Cookies: session cookies required for authentication, and analytics cookies to understand how the platform is used.
  1. How We Use Your Information
  • To provide, operate, and maintain the Bontro platform.
  • To process bookings and payments on behalf of service professionals.
  • To send appointment confirmations, reminders, and cancellation notices via email and SMS (where you have opted in).
  • To send review requests following completed appointments.
  • To respond to support requests and troubleshoot issues.
  • To detect and prevent fraud and abuse.
  • To improve our platform through aggregate usage analysis and product analytics.
  • To comply with legal obligations.
  1. SMS Communications

We send SMS appointment reminders and confirmations only to clients who provide a phone number and consent to receive text messages at the time of booking. Message frequency varies based on your appointments. Standard message and data rates may apply.

You can opt out of SMS at any time by replying STOP to any message. For help, reply HELP. Opting out of SMS does not affect your ability to receive email notifications or use the platform.

  1. How We Share Your Information

We do not sell your personal information. We share information only in these circumstances:

  • Between clients and professionals: when a client books an appointment, their name, email, and phone are shared with the professional they booked with.
  • Service providers: we share data with third-party services that help us operate the platform, including Stripe (payments), Resend (email), Telnyx (SMS), Vercel (hosting), Sentry (error monitoring), and PostHog (product analytics). These providers process data only as necessary to provide their services.
  • Legal requirements: we may disclose information if required by law, court order, or to protect the rights and safety of Bontro and its users.
  • Business transfers: if Bontro is acquired or merged, your information may be transferred as part of that transaction.
  1. Payment Security

All payment processing is handled by Stripe, a PCI-DSS-compliant payment processor. Card details are entered directly into Stripe's secure interface and never pass through or are stored on Bontro's servers. We store only tokenized references to payment methods provided by Stripe. For card-on-file bookings, your card is saved securely with Stripe for the purpose of no-show and late cancellation fees, with your consent at time of booking.

  1. Data Retention

We retain your account information for as long as your account is active. When you delete your account, we anonymize your personal information rather than deleting records outright, so that financial, scheduling, and legal obligations tied to past activity remain intact. Our standard retention practices are:

  • Payment and transaction records are retained for 7 years to comply with tax and financial recordkeeping laws.
  • Consent form records (e.g., health or liability waivers collected by professionals), including the masked IP address recorded at submission, are retained for 3 years.
  • Fraud prevention records are retained indefinitely to protect the platform and its users from repeat abuse.
  • SMS opt-out records are retained permanently, as required by TCPA.
  • Aggregated or anonymized data that can no longer be linked to you is retained indefinitely for analytics and platform improvement.

Outside of the categories above, we delete or anonymize personal information once it is no longer needed for the purpose it was collected, or sooner if required by law.

  1. Your Rights and Data Portability

Depending on your location, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Request deletion of your account and associated data.
  • Object to or restrict certain processing of your data.
  • Receive a copy of your data in a portable, machine-readable format (data portability).

Data export (GDPR Article 20): Bontro users can download a copy of their personal data directly from their account. Go to Settings → Data & Privacy → "Download my data" to generate a JSON export of your booking history and reviews. The export is available to authenticated users on demand.

To exercise any other rights, or if you have questions about how your data is handled, contact us at support@bontro.co.

  1. Analytics and Cookies

Bontro uses cookies to maintain your login session and remember your preferences. We do not use third-party advertising cookies.

We use PostHog, a product analytics platform, to understand how users interact with the platform and to improve our features. PostHog may collect usage events, page views, feature interactions, and pseudonymous identifiers. Data collected by PostHog is used solely for internal product improvement and is not used for advertising or sold to third parties. You can review PostHog's privacy policy at posthog.com/privacy.

You can configure your browser to refuse cookies, but this may prevent you from logging in or using certain features.

  1. Children's Privacy

Bontro is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child, please contact us immediately.

  1. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on the platform. Your continued use of Bontro after changes take effect constitutes your acceptance of the updated policy.

  1. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us at support@bontro.co.