Legal

Privacy Policy

SlotBook · HoldBot LLC · Last updated April 2026

Who we are

This Privacy Policy describes how HoldBot LLC, an Ohio limited liability company, collects and uses information when you use SlotBook, our AI-powered booking and scheduling platform for barbershops, hair salons, nail salons, and similar appointment-based service businesses (“Service”).

What we collect

Depending on how you use SlotBook, we may collect:

  • Account and contact details — your name, email address, and phone number provided at registration.
  • Business information — business name, address, timezone, hours of operation, and related shop settings.
  • Booking and appointment data — appointments, staff schedules, and information your clients submit when they book, including name, phone number, and email address.
  • SlotBuddy conversation data — inputs and outputs from SlotBuddy AI sessions, including staff names, schedule changes, and operational instructions you provide through the AI assistant.
  • Custom field data — any additional information collected from end-customers through custom booking fields you configure. You are responsible for ensuring custom fields do not collect sensitive information.
  • Location data — shop address and timezone used to display and calculate appointment times.
  • Payment information — subscription payments are processed by Stripe. We do not store your full card number; Stripe handles card data under its own policies and industry standards.
  • Technical and usage data — device or browser type, IP address, and basic logs that help us operate and secure the Service.

How we use your information

We use the information above to provide and operate SlotBook (including hosting your data, authentication, and AI-assisted scheduling features), to send transactional emails and other service-related messages (for example, account, billing, or security notices), and to improve the product (such as fixing bugs, understanding usage in aggregate, and developing new features), and to protect the Service and comply with law. We also use aggregated booking data to generate dashboard analytics for merchants, including metrics such as revenue tracking, no-show rates, rebooking patterns, and appointment volume trends.

We don't sell your personal data

We do not sell your personal information. We share data only with service providers who help us run SlotBook (listed below), when required by law, or to protect our rights and the security of our users.

Data processing roles

HoldBot acts as a data processor on behalf of merchants (our subscribers) with respect to end-customer data collected through merchant booking pages. Merchants are the data controllers for their end-customers' personal data and are responsible for obtaining any required consents. See our Terms of Service for additional detail on processor obligations.

Third-party services

We rely on trusted vendors to deliver the Service. They process data on our behalf under appropriate agreements:

  • Supabase — hosts our production database and authentication infrastructure, including all client and end-customer personal information (PII).
  • Stripe - payment processing for subscriptions; Stripe handles card data.
  • Anthropic - powers AI features including the SlotBuddy AI assistant and Concierge booking agent. Data sent to Anthropic's API may include scheduling inputs, staff availability, business operational data, and booking-related content entered through AI-assisted features. Per Anthropic's API data usage policy, data submitted via the API is not used to train Anthropic's models.
  • Twilio - used for SMS features. When SMS features are enabled, appointment reminder and notification messages may be processed by Twilio. SMS is only sent to end-customers who have provided express written consent. See the SMS section below for more detail.
  • Resend - used for transactional email delivery, including booking confirmation emails.
  • Render — hosts and serves the SlotBook web application at slotbook.ai.

Each provider has its own privacy notice; we encourage you to review them if you want more detail on how they handle data.

SMS and text messaging

When SMS features are enabled, we send automated text messages (such as appointment reminders) only to end-customers who have provided express written consent through the booking flow. Every SMS includes opt-out instructions (reply STOP). Message frequency varies by booking activity. Message and data rates may apply. SMS features are powered by Twilio.

Cookies and tracking

We use cookies and similar technologies to operate the Service. This includes:

  • Session cookies - necessary for authentication and keeping you logged in.
  • Analytics - we may use basic analytics tools to understand how the Service is used in aggregate. We do not use invasive tracking or sell data derived from analytics.

You can control cookies through your browser settings. Disabling certain cookies may affect Service functionality.

Data retention

We retain your account and business data for as long as your account is active. If you cancel your subscription, we will retain your data for 90 days after cancellation to allow for reactivation, after which it will be deleted or anonymized. End-customer booking data (names, phone numbers, email addresses) associated with your account will be deleted within 90 days of account closure. We may retain certain records longer if required by law. If you request deletion of your data, we will action it within 30 days unless a legal hold applies.

Data breach notification

In the event of a confirmed data breach involving your personal information, we will notify affected users within 72 hours of confirming the breach, or as otherwise required by applicable law. Notification will be provided by email to the address on your account or by in-product notice.

Your choices and contact

You can update much of your information inside SlotBook. For access, correction, deletion, or other data requests (including if you are in a region with specific privacy rights), contact us at support@holdbot.ai. We will respond as required by applicable law.

Children's privacy

SlotBook is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. End-customers booking through merchant pages may include minors; merchants are responsible for obtaining any parental consent required by applicable law, including the Children's Online Privacy Protection Act (COPPA), before collecting information from minors through their booking pages. If we become aware that we have inadvertently collected personal information from a child under 13, we will delete it promptly. Contact us at support@holdbot.ai with any concerns.

Governing law

This Privacy Policy is governed by the laws of the State of Ohio, without regard to conflict-of-law principles, except where your local law requires otherwise for certain rights.

Changes

We may update this Privacy Policy from time to time. We will post the new version here and update the “Last updated” date. If changes are material, we will provide additional notice where appropriate (for example, by email or in-product notice).