Privacy policy

Privacy.

Last updated

1. Who we are

Booked.so is a multi-tenant social media management and calendar scheduling platform operated by xAscend Inc.

Contact: dev@booked.so

2. Information we collect

  • Account information — name, email address, and password (hashed) when you create an account
  • Connected social platform data — OAuth tokens for the social platforms you connect, profile names, account IDs, posting permissions
  • Content you create — posts, images, captions, and scheduling metadata you upload for distribution
  • Usage data — pages visited, features used, timestamps, and IP addresses (for security and rate-limiting)
  • Communications — messages you send to our support team

3. How we use information

  • Provide and operate the Booked.so service
  • Publish content to your connected social platforms on your behalf
  • Send service-related notifications (billing, security alerts, policy updates)
  • Improve our service through aggregated usage analytics
  • Comply with legal obligations and respond to lawful requests

4. Information sharing

We share information only as required to provide the service:

  • Social platforms — when you publish content, the content and required metadata is transmitted to the relevant platform (Facebook, Instagram, LinkedIn, etc.)
  • Service providers — infrastructure, email delivery, and analytics providers under data processing agreements
  • Legal compliance — when required by law, subpoena, or court order

We do NOT sell your personal information to third parties.

5. Data retention

  • Account data: retained while your account is active and for 90 days after termination
  • Connected platform tokens: retained while connections are active; revoked immediately when you disconnect
  • Posted content metadata: retained for 12 months for analytics, then anonymized
  • Billing records: 7 years (legal requirement)

6. Your rights

You may:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and associated data (see Data Deletion)
  • Export your content and connection data
  • Withdraw consent for processing
  • Object to direct marketing

Email dev@booked.so to exercise any of these rights.

7. Security

  • TLS encryption for all data in transit
  • Encrypted-at-rest storage of OAuth tokens
  • Two-factor authentication for account access
  • Rate-limited authentication endpoints
  • Regular security audits

8. International transfers

Data is processed in Singapore and the United States. If you are in the EEA, UK, or other jurisdictions with data-transfer requirements, we provide Standard Contractual Clauses on request.

9. Children

Booked.so is not intended for users under 18. We do not knowingly collect data from minors.

10. Changes

We will notify users by email at least 30 days before material changes to this policy.

11. Contact

Booked.so / xAscend Inc
dev@booked.so