Privacy Policy

Last updated: May 18, 2026

This Privacy Policy explains how Salesio (“Salesio,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you visit salesio.app, create a Salesio account, use our website, chatbot, lead-capture, online-store, or appointment-booking tools, or interact with a booking page operated by one of our customers using the Salesio Calendar feature.

Please read this policy together with our Terms & Conditions. If you do not agree with this policy, please do not use the Service.

1. Who we are and our role

Salesio is a software platform that provides websites, AI chatbots, lead capture, online stores, and appointment booking to small businesses (“Customers”). Depending on the data:

• As a controller: for information about Salesio account holders and general visitors to salesio.app, we decide how and why the data is processed.
• As a processor:for information that end users (“Visitors”) submit on a Customer's booking, contact, or store page, we process that data on behalf of, and under the instructions of, that Customer.

2. Information we collect

Information you provide — Salesio account holders

• Account identifiers: name, email, hashed password, optional phone number.
• Business profile: business name, logo, contact details, addresses, hours, services.
• Billing details processed by Stripe; we never see or store full card numbers.
• Support communications you send to us.

Information you provide — Visitors who book or contact through a Salesio page

• Name, email, and (optional) phone number you enter at booking or in a form.
• The appointment, product, or enquiry details you choose.
• Explicit SMS consent when you check the SMS opt-in checkbox at booking; we record your consent timestamp and the consent language verbatim.
• Messages you exchange with a Customer's chatbot or contact form.

Information collected automatically

• Log data: IP address, browser type, user-agent, referring pages, timestamps.
• Device and usage data: pages viewed, features used, approximate location derived from IP.
• Cookies and similar technologies (see Section 6).

We do not collect special categories of data (such as health, biometric, or precise geolocation data) and we ask that you not submit them through the Service.

3. How we use information

• To provide, operate, and maintain the Service.
• To deliver booking confirmations and reminders by email and, when consented, by SMS.
• To process payments, deposits, and refunds via Stripe.
• To authenticate users and secure accounts.
• To provide customer support and respond to your requests.
• To monitor, analyze, and improve the Service, including aggregated analytics.
• To prevent fraud, abuse, and security incidents (rate-limiting, fraud detection).
• To comply with legal obligations and enforce our Terms.

We do not use your information, and specifically do not use SMS opt-in data or phone numbers collected for SMS, for third-party marketing.

4. Legal bases for processing (EEA/UK users)

Where the EU/UK GDPR applies, we process personal data on these legal bases: performance of a contract (to deliver the Service you requested); consent (for SMS messaging and certain cookies — you may withdraw it at any time); legitimate interests (to secure, analyze, and improve the Service); and legal obligation (to comply with applicable law).

5. SMS messaging

The Salesio Calendar SMS program delivers strictly transactional messages tied to an appointment you booked. When you opt in, we send up to four SMS per booking: one confirmation, one reminder 24 hours before, one reminder 1 hour before, and one notification if the appointment is cancelled or rescheduled. Message frequency varies based on your bookings. Message and data rates may apply.

You opt in only by checking the explicit SMS consent checkbox on a Salesio Calendar booking form when you provide a phone number. We never send marketing or promotional SMS. Reply STOP to any message to unsubscribe immediately and permanently; reply HELP for help. Carriers are not liable for delayed or undelivered messages. See our Terms & Conditions for the full SMS program disclosure.

6. Cookies and tracking technologies

We use strictly necessary cookies to keep you signed in and to secure the Service, and a limited set of first-party analytics to understand aggregate usage. We do not use third-party advertising cookies and we do not sell cookie data. You can control cookies through your browser settings; disabling strictly necessary cookies may prevent parts of the Service from working.

7. How we share information

We do not sell, rent, or share your personal information with third parties for their marketing or promotional purposes. We disclose information only as follows:

• Service providers / data processors acting on our behalf: Resend (email), Twilio (SMS), Stripe (payments), Render and Vercel (hosting), Neon (database), and OpenAI (chatbot AI processing). Each is contractually bound to use the data only to provide the service to us.
• The Salesio Customer whose booking, store, or contact page you used, with respect to your booking and contact information.
• Legal and safety: to authorities or other parties when required by law, to enforce our Terms, or to protect the rights, safety, and security of users and the public.
• Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this policy.

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All categories above exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

8. International data transfers

Salesio is operated from the United States and our service providers may process data in the United States and other countries. Where we transfer personal data out of the EEA or UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

9. Data retention

We retain booking and account data while your account is active and for up to 24 months after closure for legal and audit reasons. SMS consent logs are kept for at least 4 years to satisfy U.S. TCPA requirements. Aggregated or de-identified data that can no longer be linked to you may be retained longer. You may request earlier deletion at any time (see Section 10).

10. Your privacy rights

Subject to applicable law, you may request to access, correct, update, delete, or port your personal information, and object to or restrict certain processing. To exercise any right, email privacy@salesio.app. We will respond within the timeframe required by law. You may withdraw SMS consent at any time by replying STOP. If we process data on behalf of a Customer as a processor, we will refer your request to that Customer.

California residents (CCPA/CPRA)

In the past 12 months we have collected the categories of personal information described in Section 2 (identifiers, commercial information, internet activity, and approximate geolocation from IP). California residents have the right to know, delete, correct, and limit the use of their personal information, and the right not to be discriminated against for exercising these rights. We do not “sell” or “share” personal information as those terms are defined under the CCPA/CPRA, and we do not sell or share the personal information of minors.

EEA and UK residents (GDPR)

You have the rights described above and the right to lodge a complaint with your local data protection authority. Our legal bases for processing are described in Section 4.

11. Data security

We use TLS encryption for all traffic in transit, encryption at rest for database backups, hashed passwords, and least-privilege access controls. No method of transmission or storage is 100% secure; we work to protect your data and will notify affected users and regulators of any material breach as required by law.

12. Children's privacy

The Service is not directed to children under 13 (or under 16 in the EEA/UK), and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact privacy@salesio.app and we will delete it.

13. Third-party links

The Service may link to third-party websites and services that we do not control. This policy does not apply to them; please review their privacy policies.

14. Changes to this policy

We may update this policy from time to time. Material changes will be announced on this page with a new “Last updated” date. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

15. Contact us

Privacy questions and requests: privacy@salesio.app
General support: support@salesio.app