Privacy, in plain English.
tilkbook holds appointments, contact details, and the kinds of business records that need to stay between you, your clients, and us. This policy is how we keep that line clean.
What we collect
When you sign up for a tilkbook account, we collect the information you give us: your name, email, business details, services, and the bookings you and your clients create.
On your client's side: their name, contact details, and the booking they made — collected on your behalf, governed by your data-processing addendum.
For service operations, we collect minimum metadata: IP address, browser type, request logs. These are retained for 30 days for security, then purged.
How we use it
We use the information to provide tilkbook to you: serve the dashboard, send reminders to your clients on your behalf, sync calendars, process payments.
We send you product emails — onboarding, billing, security. You can't opt out of those. We send you marketing emails (rarely) and you can opt out of those any time.
We don't sell your data. We don't sell your clients' data. We don't share it with third parties except the sub-processors below, and even then, only what they need.
Sub-processors
We notify all customers 30 days before adding or changing a sub-processor.
- Stripe (payments) — US/EU, PCI-DSS Level 1
- Telnyx (SMS) — US, SOC2 Type II
- Resend (email) — US, SOC2 Type II
- Cloudflare (CDN + DDoS) — global, SOC2 + ISO 27001
Google Calendar integration
Connecting Google Calendar is optional. If you choose to connect it, tilkbook uses the Google Calendar API and Google OAuth 2.0 to keep your tilkbook schedule and your Google calendar in sync. You can disconnect at any time from your tilkbook settings, which revokes our access and deletes the stored connection tokens.
We request exactly two scopes, and no others. "calendar.events" — to write your confirmed tilkbook bookings onto the calendar you actually use (create, update, and remove the events tilkbook itself creates). "calendar.readonly" — to read your busy intervals and event status (such as tentative, declined, out-of-office, and focus-time) so we never double-book you. We do not request access to Gmail, Drive, Contacts, or any other Google service.
Data minimization. From your calendar we store only (a) the busy time intervals we need to block conflicting slots, and (b) correlation identifiers that link a tilkbook booking to the Google event it created. We do not store, copy, or read your event titles, descriptions, attendee lists, attachments, or meeting links. Busy information is queried in real time and kept only as long as needed to prevent double-bookings.
How we use it. We use Google Calendar data solely to provide the calendar-sync feature described above — checking your availability and writing your bookings. We do not use Google Calendar data for advertising, we do not sell or rent it, and we do not use it to train, develop, or improve any generalized or AI/ML model.
Human access. Our staff do not access your Google Calendar data except (a) with your explicit consent (for example, to resolve a support request you raise), (b) where necessary for security or to comply with the law, or (c) in anonymized or aggregated form. All such access is gated, logged, and subject to the two-person rule described under Security.
tilkbook's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Read the full policy at Google API Services User Data Policy.
Your rights
Whether you're in the EU (GDPR), California (CCPA), Brazil (LGPD), or anywhere with a privacy regime, you have the right to access, export, correct, and delete your data.
In tilkbook, those are buttons in Settings → Data, not tickets. Export gives you a JSON archive of everything. Delete is permanent after 30 days.
Data retention
Active accounts: we keep your data as long as your account is active.
Cancelled accounts: bookings, customers, and payment records are retained for 90 days then purged, unless a longer period is required by law (e.g. tax records).
Logs: 30 days. Marketing data: until you opt out.
Security
Data in transit: TLS 1.3. Data at rest: AES-256. Backups are encrypted with separate keys and tested quarterly.
Access to production data is gated, audited, and logged. Two-person rule for any data-touching operation outside normal product flows.
To report a security vulnerability or request our security documentation (DPA, sub-processor list, security overview), email hello@tilkbook.com.
Questions, complaints, or a DPA
Email hello@tilkbook.com. A human answers, usually within a working day.
Our DPO is reachable at the same address; in the EU, you have the right to complain to your local supervisory authority.
This policy is versioned at github.com/tilkbook/legal. Every change is signed, dated, and diffable. Material changes get an email to every account owner 14 days before they take effect.