Effective: February 23, 2026
Privacy Policy
This Privacy Policy describes how LusterBook ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our weather-aware scheduling platform and related services (the "Service").
1. Information We Collect
1.1 Account Information
When you create an account, we collect your name, email address, and authentication credentials provided through Google OAuth or Magic Link email sign-in. During onboarding, we also collect your business name, phone number, service area, and service offerings.
1.2 Business & Client Data
Through your use of the Service, we store data you provide including: service catalog details (names, descriptions, pricing, durations), client contact information (names, email addresses, phone numbers, vehicle details), appointment and booking records, and notes or preferences you attach to client profiles.
1.3 Location & Weather Data
We collect and process your service area location (city/ZIP) to retrieve weather forecasts, calculate dew points using the Magnus-Tetens formula, and generate weather risk assessments for your scheduled appointments. We do not track your real-time GPS location.
1.4 Usage & Technical Data
We automatically collect information about how you interact with the Service, including pages viewed, features used, browser type and version, device type, IP address, referral URLs, and session timestamps.
1.5 Payment Information
Subscription payment data is collected and processed by Lemon Squeezy, our Merchant of Record. We do not directly collect or store your credit card numbers or banking details. If you use the optional Stripe integration for client payments, that data is handled entirely by Stripe under their privacy policy; we do not have access to your clients' payment card information.
2. How We Use Your Information
We use the information we collect to:
• Provide, maintain, and improve the Service, including scheduling, weather risk assessment, and client management features
• Process your subscription and manage your account
• Send transactional emails including booking confirmations, weather alerts, and appointment reminders via our email service provider
• Retrieve and display weather data relevant to your service area and scheduled appointments
• Monitor and protect the security of the Service
• Communicate with you about updates, changes, or issues with the Service
• Comply with legal obligations
We do not sell your personal information. We do not use your data for advertising or share it with advertisers.
3. Third-Party Services
We share data with the following third-party service providers, solely to operate and deliver the Service:
Supabase
Database hosting, user authentication, and real-time backend services. Your account data, business data, and client data are stored in our Supabase database. Subject to Supabase's privacy policy.
Vercel
Application hosting and deployment. May process IP addresses and usage data for performance optimization. Subject to Vercel's privacy policy.
Lemon Squeezy
Subscription billing and payment processing as Merchant of Record. Receives your name, email, and payment details to process subscription transactions. Subject to Lemon Squeezy's privacy policy.
Stripe (Optional)
If you enable the optional Stripe integration for client payment collection, Stripe processes your clients' payment data under their own privacy policy. We facilitate the connection but do not access or store payment card data.
OpenWeather API
Weather data provider. We transmit location coordinates (based on your service area) to retrieve forecasts. No personal user data is shared with OpenWeather.
Resend
Email delivery service used for sending transactional emails such as booking confirmations, weather alerts, and appointment reminders. Resend processes recipient email addresses and message content on our behalf.
Google (OAuth)
If you sign in with Google, we receive your name, email address, and profile photo from Google. We do not access any other Google account data.
4. Cookies & Tracking
We use essential cookies required for authentication and session management. For full details on the cookies we use, please see our Cookie Policy.
5. Data Retention
We retain your account and business data for as long as your account is active or as needed to provide the Service. If you cancel your subscription, we retain your data for 90 days to allow for potential reactivation. After 90 days, your data will be queued for permanent deletion.
Client data you input into the Service is retained for as long as your account is active. When your account is deleted, all associated client data is also permanently deleted.
We may retain certain anonymized or aggregated data beyond these periods for analytics and service improvement purposes, where such data cannot be used to identify any individual.
6. Data Security
We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS/SSL), encryption at rest for database storage, Row Level Security (RLS) policies ensuring data isolation between user accounts, and secure authentication through Supabase Auth.
While we take data security seriously, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
Access: Request a copy of the personal data we hold about you.
Correction: Request that we correct inaccurate or incomplete data.
Deletion: Request that we delete your personal data, subject to legal retention requirements.
Portability: Request a machine-readable export of your data.
Objection: Object to certain processing of your data.
Restriction: Request that we limit the processing of your data in certain circumstances.
To exercise any of these rights, please contact us at privacy@lusterbook.com. We will respond to verified requests within 30 days.
8. Your Clients' Privacy
When you use LusterBook to manage client data, you act as the data controller for your clients' information, and LusterBook acts as a data processor on your behalf. You are responsible for:
• Obtaining appropriate consent from your clients before entering their data into the Service
• Informing your clients about how their data is used in connection with the Service
• Responding to your clients' data rights requests
• Ensuring the accuracy of client data you enter into the Service
9. Children's Privacy
The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@lusterbook.com.
10. International Data Transfers
Your data may be processed and stored in the United States or other countries where our service providers maintain facilities. By using the Service, you consent to the transfer of your data to these jurisdictions, which may have different data protection laws than your country of residence.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service with a new effective date and, where appropriate, by sending you an email notification. Your continued use of the Service after any changes constitutes acceptance of the updated policy.
Contact Us
For any privacy-related questions or to exercise your data rights, please contact us at privacy@lusterbook.com.