Privacy Policy

1. Introduction

BookAI Studio ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI automation platform, OAuth2 authentication services, and related applications.

2. Information We Collect

Information You Provide Directly

• Account registration information (name, email address, company details)
• Profile information and preferences
• Communication data when you contact us
• Payment and billing information
• Content you create or upload through our services

OAuth2 Authorization Data

When you use our OAuth2 authentication services, we may collect:

• Authorization tokens and refresh tokens
• Scope permissions you grant
• Third-party service account identifiers
• API access logs and usage patterns
• Data from connected services as authorized by you

Automatically Collected Information

• Usage data and analytics
• Device information and browser data
• IP addresses and location data
• Cookies and similar tracking technologies
• System logs and performance metrics

3. How We Use Your Information

We use your information to:

• Provide and maintain our AI automation services
• Process OAuth2 authentication and authorization requests
• Facilitate integrations with third-party services
• Personalize your experience and improve our services
• Communicate with you about your account and services
• Provide customer support and technical assistance
• Analyze usage patterns and optimize performance
• Comply with legal obligations and protect our rights
• Process payments and manage billing

4. OAuth2 Data Handling

Our OAuth2 authentication services require special attention to data privacy:

• We only access data for which you have explicitly granted permission
• Access tokens are securely stored and encrypted
• We implement token rotation and expiration policies
• You can revoke access permissions at any time
• We do not store more data than necessary for service operation
• Third-party data is processed according to the minimum scope principle

5. Information Sharing and Disclosure

We may share your information:

• With your consent: When you explicitly authorize data sharing
• Service providers: Trusted partners who assist in service delivery
• Legal requirements: When required by law or legal process
• Business transfers: In case of merger, acquisition, or sale
• Protection of rights: To protect our rights, property, or safety
• Third-party integrations: As necessary to provide requested services

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6. Analytics and Consent

We use Google Analytics 4 (GA4) with Consent Mode v2 to understand how you interact with our services:

• We track events like contact submissions, consultation bookings, and demo views
• Analytics only operate with your explicit consent through our consent banner
• You can withdraw consent at any time by clearing your browser data
• We anonymize IP addresses and do not allow Google Signals when consent is given
• No advertising or ad personalization data is collected
• Analytics data is used solely for improving user experience

Consent Management: We respect your privacy choices. When you decline analytics cookies, we do not load tracking scripts. Your consent preference is stored locally on your device.

7. Data Security

We implement comprehensive security measures to protect your information:

• End-to-end encryption for data transmission
• Secure storage with industry-standard encryption
• Multi-factor authentication for administrative access
• Regular security audits and penetration testing
• Employee training on data privacy and security
• Incident response and breach notification procedures
• OAuth2 token security and rotation policies

8. Your Rights and Choices

You have the right to:

• Access your personal information
• Correct or update your data
• Delete your account and associated data
• Revoke OAuth2 authorizations
• Export your data in a portable format
• Object to processing of your information
• Restrict certain data processing activities
• Withdraw consent for optional data collection

9. Data Retention

We retain your information for as long as necessary to provide services and fulfill the purposes outlined in this policy:

• Account data: Until you delete your account
• OAuth2 tokens: Until revoked or expired
• Usage logs: Up to 2 years for analytics purposes
• Billing records: As required by law and accounting standards
• Support communications: Up to 3 years

10. International Data Transfers

Your information may be processed and stored in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses and adequacy decisions.

11. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or through our platform. Your continued use of our services after such modifications constitutes acceptance of the updated policy.

13. Content Automation Data Processing

What We Process

We process your brand assets (logos, images, copy templates), social media analytics, and posting schedules to deliver content automation services. This data is used solely to create, schedule, and post content on your behalf. You can request data export or deletion at any time by contacting support.

Analytics & Performance Data

We collect engagement metrics, posting performance, and audience insights from your connected social accounts to optimize content strategy. This data remains your property and is used only for service delivery. We do not share analytics data with third parties without your explicit consent.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: