Privacy policy · v2.2

Privacy, in plain English.

tilkbook holds appointments, contact details, and the kinds of business records that need to stay between you, your clients, and us. This policy is how we keep that line clean.

Effective
March 12, 2026
Last updated
June 15, 2026
Version
v2.2
Previous
01

What we collect

Plain English: Your account info, your bookings, and the analytics it takes to keep the lights on. No tracking pixels. No data sales.

When you sign up for a tilkbook account, we collect the information you give us: your name, email, business details, services, and the bookings you and your clients create.

On your client's side: their name, contact details, and the booking they made — collected on your behalf, governed by your data-processing addendum.

For service operations, we collect minimum metadata: IP address, browser type, request logs. These are retained for 30 days for security, then purged.

02

How we use it

Plain English: To run tilkbook, talk to you, and stop bad actors. That's it.

We use the information to provide tilkbook to you: serve the dashboard, send reminders to your clients on your behalf, sync calendars, process payments.

We send you product emails — onboarding, billing, security. You can't opt out of those. We send you marketing emails (rarely) and you can opt out of those any time.

We don't sell your data. We don't sell your clients' data. We don't share it with third parties except the sub-processors below, and even then, only what they need.

03

Sub-processors

Plain English: Four vendors, all enterprise-grade, all DPA-signed.

We notify all customers 30 days before adding or changing a sub-processor.

  • Stripe (payments) — US/EU, PCI-DSS Level 1
  • Telnyx (SMS) — US, SOC2 Type II
  • Resend (email) — US, SOC2 Type II
  • Cloudflare (CDN + DDoS) — global, SOC2 + ISO 27001
04

Google Calendar integration

Plain English: Optional. If you connect Google Calendar, we read only your busy times and write your tilkbook bookings back — we never store your event titles, descriptions, or guest lists, and never use Google data for ads or to train AI.

Connecting Google Calendar is optional. If you choose to connect it, tilkbook uses the Google Calendar API and Google OAuth 2.0 to keep your tilkbook schedule and your Google calendar in sync. You can disconnect at any time from your tilkbook settings, which revokes our access and deletes the stored connection tokens.

We request exactly two scopes, and no others. "calendar.events" — to write your confirmed tilkbook bookings onto the calendar you actually use (create, update, and remove the events tilkbook itself creates). "calendar.readonly" — to read your busy intervals and event status (such as tentative, declined, out-of-office, and focus-time) so we never double-book you. We do not request access to Gmail, Drive, Contacts, or any other Google service.

Data minimization. From your calendar we store only (a) the busy time intervals we need to block conflicting slots, and (b) correlation identifiers that link a tilkbook booking to the Google event it created. We do not store, copy, or read your event titles, descriptions, attendee lists, attachments, or meeting links. Busy information is queried in real time and kept only as long as needed to prevent double-bookings.

How we use it. We use Google Calendar data solely to provide the calendar-sync feature described above — checking your availability and writing your bookings. We do not use Google Calendar data for advertising, we do not sell or rent it, and we do not use it to train, develop, or improve any generalized or AI/ML model.

Human access. Our staff do not access your Google Calendar data except (a) with your explicit consent (for example, to resolve a support request you raise), (b) where necessary for security or to comply with the law, or (c) in anonymized or aggregated form. All such access is gated, logged, and subject to the two-person rule described under Security.

tilkbook's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Read the full policy at Google API Services User Data Policy.

05

Your rights

Plain English: Export everything, delete everything, take it elsewhere — all without calling us.

Whether you're in the EU (GDPR), California (CCPA), Brazil (LGPD), or anywhere with a privacy regime, you have the right to access, export, correct, and delete your data.

In tilkbook, those are buttons in Settings → Data, not tickets. Export gives you a JSON archive of everything. Delete is permanent after 30 days.

06

Data retention

Active accounts: we keep your data as long as your account is active.

Cancelled accounts: bookings, customers, and payment records are retained for 90 days then purged, unless a longer period is required by law (e.g. tax records).

Logs: 30 days. Marketing data: until you opt out.

07

Security

Data in transit: TLS 1.3. Data at rest: AES-256. Backups are encrypted with separate keys and tested quarterly.

Access to production data is gated, audited, and logged. Two-person rule for any data-touching operation outside normal product flows.

To report a security vulnerability or request our security documentation (DPA, sub-processor list, security overview), email [email protected].

08

Questions, complaints, or a DPA

Email [email protected]. A human answers, usually within a working day.

Our DPO is reachable at the same address; in the EU, you have the right to complain to your local supervisory authority.

Receipts

This policy is versioned at github.com/tilkbook/legal. Every change is signed, dated, and diffable. Material changes get an email to every account owner 14 days before they take effect.