Privacy Policy

1. Overview & Scope

BookMyService is a SaaS booking and business management platform for appointment-based service businesses in the United States, operated by EverExpanse Technologies LLC. This policy applies to:

• Merchants and business owners who create and manage accounts on the Platform
• Visitors to the bookmyservice.us website
• Individuals who contact us for support, demos, or inquiries
• Newsletter subscribers and marketing contacts

BookMyService is not a healthcare platform. We do not collect, process, or store protected health information (PHI) as defined under HIPAA. Merchants offering clinical, medical, or HIPAA-covered services may not use this Platform.

Payment card data is never collected or stored by BookMyService. Card transactions are processed directly within the PCI-certified environments of our gateway partners (including PayArc, NMI, and others) via embedded iframe.

2. Information We Collect

Business & Account Information

• Business name, type, and address
• Owner/operator name, email address, and phone number
• Account login credentials (passwords are stored as encrypted hashes)
• Tax identification or EIN (if required for gateway onboarding)

Platform Usage Data

• Booking records, appointment history, and service configurations
• Staff profiles and schedules you create on the Platform
• Customer records and contact information you add to your account
• Business performance data and analytics you generate through use

Technical & Device Data

• IP address, browser type, operating system, and device identifiers
• Pages visited, features used, and interaction timestamps
• Cookies and similar tracking technologies (see our Cookie Policy)

Communications

• Support requests, demo inquiries, and correspondence with our team
• Email marketing preferences and subscription status

3. How We Collect Information

• Directly from you — when you register, configure your account, contact support, or request a demo
• Automatically — through cookies, server logs, and analytics tools as you use the Platform
• From third-party integrations — payment gateway partners may share transaction metadata (not card data) relevant to your account activity

4. How We Use Your Information

• To create and manage your account and provide the Platform services
• To process support requests and respond to your inquiries
• To improve Platform features and fix issues
• To send service-related communications (booking confirmations, system updates, security alerts)
• To send marketing communications where you have opted in (you may opt out at any time)
• To detect, investigate, and prevent fraudulent or unauthorized use
• To comply with applicable legal, regulatory, and contractual obligations
• To analyze aggregate usage patterns for product development (in de-identified form)

5. Sharing & Disclosure

We do not sell your personal information. We share your information only in the following circumstances:

• Payment gateway partners — we share necessary business information with PayArc, NMI, and other approved gateways to facilitate merchant account setup and transaction processing
• Service providers — we engage trusted vendors (cloud hosting, email delivery, analytics) who process data solely on our behalf under contractual data protection obligations
• Legal compliance — we may disclose information to comply with applicable law, court orders, regulatory requests, or to protect the rights and safety of our users and the public
• Business transfers — in the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction with appropriate notice
• With your consent — for any other purpose with your explicit agreement

6. Data Retention

We retain your account and business information for as long as your account is active. After account closure, we retain records as follows:

• Account and business records: 3 years post-closure for dispute resolution and legal compliance
• Financial and transaction records: 5–7 years as required by federal and state tax and financial regulations
• Support communications: 2 years
• Marketing consent records: Retained until opt-out is confirmed

You may request deletion of your data at any time. Certain data may be retained beyond these periods if required by law or ongoing legal proceedings.

7. Security Practices

We implement industry-standard security measures including:

• TLS 1.2+ encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• Multi-factor authentication for admin and privileged access
• Role-based access controls limiting data access to authorized personnel
• AWS cloud infrastructure with SOC 2-aligned security controls
• Regular vulnerability assessments and security reviews

Payment card data is never transmitted to or stored on BookMyService infrastructure. All card data flows directly to gateway partners' PCI-certified systems. In the event of a security incident affecting your data, we will notify you within 72 hours of confirmation.

8. Your U.S. Privacy Rights

Depending on your state of residence, you may have the following rights regarding your personal information:

• Right to know / access — request a copy of the personal information we hold about you
• Right to correct — request correction of inaccurate information
• Right to delete — request deletion of your personal information (subject to legal retention obligations)
• Right to data portability — receive your data in a structured, machine-readable format
• Right to opt out — opt out of any sale or sharing of personal information (we do not sell personal information)

To exercise these rights, email us at privacy@bookmyservice.us. We will respond within 45 days. We do not discriminate against users who exercise their privacy rights.

These rights apply under California (CCPA/CPRA), Virginia (CDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Oregon (OCPA), and other applicable state privacy laws.

9. Marketing Communications

We may send you marketing emails about Platform features, updates, and offers if you have opted in. All marketing emails include an unsubscribe link in compliance with CAN-SPAM. You can also opt out by emailing info@bookmyservice.us.

We do not send unsolicited SMS marketing. Any SMS communications are transactional (booking confirmations, support replies) and comply with applicable TCPA requirements.

10. Children's Privacy

The Platform is intended for business operators aged 18 and older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a minor, we will delete it promptly. If you believe we have inadvertently collected such information, contact us at privacy@bookmyservice.us.

11. Third-Party Links & Payment Gateways

The Platform may contain links to third-party websites and services. We are not responsible for the privacy practices of those sites. When you use a payment gateway embedded in our Platform, your payment data is subject to the gateway provider's own privacy policy and PCI DSS controls — not this policy.

12. Data Processing Location

All data collected through BookMyService is stored and processed within the United States on AWS infrastructure. We do not transfer personal information outside the United States.

13. Changes to This Policy

We may update this Privacy Policy periodically. For material changes, we will provide at least thirty (30) days' advance notice by email or by prominent notice on the Platform. The effective date at the top of this policy reflects the most recent revision.

14. Contact Us

For privacy-related questions or to exercise your rights:

• Email: privacy@bookmyservice.us
• Legal inquiries: info@bookmyservice.us
• Phone: +1 (661) 418-3835