AptlyFlow is an all-in-one booking software designed for small service businesses. It helps you accept online bookings 24/7, reduce no-shows with automated reminders, process payments, and manage client relationships—all from one platform.

How much does AptlyFlow cost?

AptlyFlow offers a free plan to get started, with premium plans starting at affordable rates for growing businesses. All plans include core features like online booking, reminders, and a customizable booking page.

Can AptlyFlow reduce no-shows?

Yes! Businesses using AptlyFlow's automated SMS and email reminders see up to 80% reduction in no-shows. Reminders are sent at customizable intervals before appointments.

What types of businesses use AptlyFlow?

AptlyFlow is used by salons, spas, fitness studios, consultants, coaches, wellness practitioners, photographers, and any service-based business that takes appointments.

Privacy Policy - AptlyFlow

Nuvbook Privacy Policy

Effective Date: 2025, November 01

Last Updated: 2026, May 01

Part 1: Introduction

Welcome to Nuvbook (“Nuvbook,” “we,” “our,” or “us”).

Your trust means everything to us. We’re committed to protecting your personal information and maintaining transparency in how we handle your data.

This Privacy Policy explains:

What types of information we collect from you,
How and why we collect it,
How it’s used, stored, and shared,
Your rights over that information, and
The laws that govern our data practices.

Nuvbook provides digital tools that help businesses such as salons, barbershops, consultants, healthcare providers, and other service-based professionals manage their online bookings, client communications, payments, and AI-powered assistant tools.

By using Nuvbook, you agree to this Privacy Policy and our Terms of Service. If you don’t agree, you should stop using our services and contact us with any questions before continuing.

Part 2: Information We Collect

We collect only the information needed to provide our services effectively and securely. This includes both the data you give us directly and data automatically gathered through your interaction with our platform.

A. Information You Provide Directly

This is data you willingly give to us when signing up, creating an account, scheduling an appointment, or using our tools.

1. For Business Owners

If you sign up as a business owner or service provider, we collect:

Basic details like your name, business name, email, address, and contact number;
Billing and payment information (through Stripe or PayPal; we never store full card details ourselves);
Business branding information, such as your logo, business description, and service categories;
Account security details, including your username and password;
Communication preferences and correspondence you send to us (for example, when you reach out to support).

2. For Clients of Businesses

If you’re a client booking through a Nuvbook-powered page, we collect:

Contact details such as name, phone number, and email address;
Appointment and scheduling details, such as the date, time, and type of service booked;
Form responses or additional information, when business owners create custom intake questions (e.g., hair type, consultation goals, or fitness preferences);
Communication records, such as appointment reminders or confirmations.

3. AI and Communication Data

When you interact with Nuvbook’s AI assistant, we may collect:

Chat transcripts or voice queries, to improve response quality, and
Metadata, such as time of interaction, feature usage, or device type.

These interactions are never used to build advertising profiles and are stored securely to enhance the assistant’s accuracy and reliability.

B. Information We Collect Automatically

Some information is automatically collected whenever you visit or use Nuvbook.

This includes:

Device and browser data: IP address, operating system, browser version, and device identifiers.
Usage data: Pages viewed, buttons clicked, session duration, and navigation patterns.
Cookies and tracking technologies: Used for login sessions, analytics, and improving the user experience.
Error reports and diagnostic logs: So we can detect bugs, fix issues, and improve reliability.

Cookies can be managed or disabled in your browser settings, but some may be necessary for the platform to function properly.

C. Information from Third Parties

We may receive limited information about you from:

Payment processors like Stripe and PayPal (confirmation of completed transactions).
Email delivery services like Mailgun (to confirm delivery of system notifications).
Analytics tools (to understand user engagement and site performance).

We do not combine third-party information with personal data for marketing purposes unless you’ve explicitly opted in.

Part 3: How We Use the Information

We only use your data in ways that are necessary and beneficial to provide and improve Nuvbook’s services.

A. Core Operational Uses

We process your information to:

Provide and maintain services: To create accounts, manage bookings, and deliver reminders or notifications.
Process payments and subscriptions: To verify and complete billing through secure third-party gateways.
Enable communication: To send confirmations, reminders, notifications, and service updates to clients and business owners.
Improve platform functionality: By analyzing aggregated, non-identifiable data on usage trends and preferences.
Ensure security and prevent fraud: To detect suspicious activity and protect user accounts.
Comply with legal obligations: Including tax, accounting, and law enforcement requests when required.

B. Communication and Marketing

We may use your contact information to send:

Product updates and feature announcements,
Educational content, newsletters, or best practices, or
Promotions or offers (only if you’ve opted in).

You can unsubscribe from marketing communications at any time by using the “unsubscribe” link in emails or updating your profile settings.

C. AI Data Usage

AI-related data, such as messages or interactions, is used exclusively to:

Train and refine Nuvbook’s virtual assistant responses,
Enhance user experience through better contextual understanding, and
Identify trends in usage to improve automation capabilities.

We do not use AI conversation data for advertising or sell it to third parties.

Part 4: Legal Bases for Processing Personal Data

Because Nuvbook serves both U.S. and international users, we operate under multiple privacy frameworks to ensure your data is handled lawfully and fairly.

A. Under U.S. Law

We comply with the Federal Trade Commission Act (FTC Act) by avoiding deceptive or unfair practices in how we collect and use information.

Depending on the services offered by business owners using Nuvbook, the following laws may also apply:

Children’s Online Privacy Protection Act (COPPA): Nuvbook is not designed for children under 13. We do not knowingly collect data from minors. If such data is ever identified, it will be deleted immediately.
Gramm-Leach-Bliley Act (GLBA): If a business owner provides financial or investment-related services (e.g., consulting, advising, etc) through Nuvbook, GLBA may apply. Nuvbook itself does not collect or use financial advice-related data, but we support business owners’ compliance by protecting client information and providing secure data handling tools. Business owners using Nuvbook for financial services remain responsible for their individual GLBA compliance.
State Privacy Laws (New York, New Jersey, California, and others): Nuvbook complies with relevant state-level privacy frameworks such as:

California Consumer Privacy Act (CCPA/CPRA): Users can request access to, deletion of, or correction of their data and can opt out of data sharing for targeted advertising.
New York Privacy Act & New Jersey Data Privacy Law: Nuvbook follows best practices consistent with these laws, ensuring transparency, user consent, and reasonable data protection measures.

B. Under GDPR (for EU/EEA & UK users)

If you are located in the European Union, European Economic Area, or the United Kingdom, we process your data under the following lawful bases:

Performance of a Contract: To provide the services you’ve requested.
Legitimate Interests: To maintain and improve our platform in ways that don’t override your rights.
Consent: For marketing emails or when collecting optional data (you can withdraw consent anytime).
Legal Obligations: To comply with laws and regulatory requirements.

Users in these regions also have specific rights, including access, correction, deletion, portability, and the right to lodge a complaint with a supervisory authority.

C. EU Representative (GDPR Article 27)

As Nuvbook is established in the United States, we have designated an EU representative for GDPR purposes. EU users may contact our representative for any privacy-related inquiries at:

privacy@nuvbook.com.

We will respond to all verified GDPR requests within 30 days as required by law.

Part 5: How We Share Data

We value your privacy and never sell your personal information.

However, in order to operate effectively, we share limited data with trusted third parties, always under strict confidentiality and data-protection agreements.

A. Service Providers & Processors

We use the following categories of third parties:

Payment Processors – Stripe and PayPal: Used for subscription billing and secure payments. They handle all sensitive payment data directly and share only transaction confirmation details with us. Both Stripe and PayPal comply with PCI DSS and GDPR standards.
Email Communication Providers – Mailgun: Used to send transactional messages such as booking confirmations, account verifications, and subscription receipts. Mailgun processes email metadata (sender, recipient, time) but not email content beyond delivery purposes.
SMS Messaging Provider – Twilio: Used to deliver appointment reminders, booking confirmations, and other SMS/MMS communications to clients who have opted in to receive text messages. Twilio processes phone numbers and message content solely for delivery purposes. No mobile opt-in data is shared with Twilio for their own marketing. Twilio complies with TCPA, CTIA guidelines, and GDPR standards.
Analytics and Performance Tools: Tools like Google Analytics or similar may track anonymized usage to help us understand how users interact with Nuvbook. Data is aggregated and never used to identify individuals.
Legal & Compliance Entities: We may share information when required by law or to respond to lawful requests from public authorities, such as subpoenas or government inquiries.

B. Data Transfers

Because Nuvbook may process data in multiple regions, information can be transferred and stored in the United States or other countries.

When transferring data internationally, we rely on:

Standard Contractual Clauses (SCCs) for EU users.
Adequacy decisions by the European Commission (where applicable).
Strong encryption and access controls during transmission and storage.

C. Business Changes

If Nuvbook undergoes a merger, acquisition, or sale of assets, we will ensure your data remains protected under this Privacy Policy.

All users will be notified before any transfer of data ownership occurs.

Part 6: Data Security

We take data protection seriously and apply a mix of technical, necessary, administrative, and physical safeguards to protect personal data from unauthorized access, loss, or misuse.

A. Security Measures

Our security framework includes:

Encryption: All data is encrypted in transit (via HTTPS/TLS) and at rest.
Access Controls: Role-based permissions limit who can access user information internally.
Regular Security Audits: Systems are tested for vulnerabilities and compliance with security best practices.
Third-Party Certification: Stripe, PayPal, and Mailgun all hold recognized security certifications, including PCI DSS and ISO 27001 compliance.
Data Minimization: We only retain data necessary for ongoing business and legal operations.

B. Data Retention

We retain personal data only for as long as needed:

Business accounts: Retained for the duration of the subscription and up to 90 days after cancellation, unless otherwise required for legal or tax purposes.
Client bookings and interactions: Retained according to the business owner’s active relationship with their clients or applicable law.
AI chat logs: Stored securely for up to 24 months to improve functionality, after which they are anonymized or deleted.
Cookies and analytics data: Retained for 26 months or less, depending on browser settings.

You can request data deletion at any time by contacting our privacy team at privacy@nuvbook.com.

Part 7: Your Rights and Choices

We believe users deserve transparency and control over their data. Depending on your location and applicable law, you have certain rights regarding your personal information.

A. Rights Under U.S. Laws

If you reside in states such as California, New York, or New Jersey, you have the following rights (under CCPA/CPRA and similar frameworks):

Right to Know: You can request details about the personal data we collect, including what categories of information we hold and why we use it.
Right to Access: You may request a copy of the personal data we maintain about you.
Right to Delete: You may request that we delete your personal information, unless retention is required for legal or contractual reasons.
Right to Correct: You may request correction of inaccurate or incomplete data.
Right to Opt-Out: You can opt out of the sale or sharing of your data for targeted advertising or analytics purposes. (Note: Nuvbook does not sell user data, but we still honour “Do Not Sell or Share My Data” requests to ensure full compliance.)
Right to Non-Discrimination: We will never deny services, charge different prices, or provide a different level of quality if you exercise your privacy rights.

Users can submit these requests by emailing privacy@nuvbook.com.

B. Rights Under GDPR (for EU/EEA and UK Users)

If you are an EU or UK user, you have the following rights under the General Data Protection Regulation (GDPR) and UK GDPR:

Right of Access: To know what data we hold about you.
Right of Rectification: To correct inaccurate or incomplete data.
Right of Erasure (“Right to Be Forgotten”): To request deletion of your data.
Right to Restrict Processing: To limit how your data is used.
Right to Data Portability: To receive your data in a structured, machine-readable format.
Right to Object: To object to certain types of processing, such as marketing.
Right to Withdraw Consent: If processing is based on consent, you can withdraw it at any time.

If you believe your rights under GDPR have been violated, you may lodge a complaint with your local data protection authority.

Part 8: Opt-Out Mechanisms and Marketing Choices

We understand that communication preferences vary. Here’s how you can manage your marketing and data preferences:

Email Communications: You can unsubscribe from marketing or promotional emails by clicking the “Unsubscribe” link in any Nuvbook message or by updating your preferences in your account settings. Transactional emails (e.g., billing notices, password resets, and booking confirmations) are not optional as they’re necessary to provide the service.
Cookies and Tracking Technologies: You can manage cookies through your browser settings or by using our in-site cookie consent manager. Essential cookies (for security and functionality) cannot be disabled, but analytics and advertising cookies can be turned off.
Do Not Track (DNT) & Global Privacy Control (GPC): Nuvbook respects “Do Not Track” browser signals and Global Privacy Control opt-outs wherever required by law.
SMS/Text Messages: You can opt out of text messages at any time by replying STOP to any message you receive from Nuvbook or a Provider on our platform. You will receive a single confirmation message and no further texts will be sent. Standard opt-out applies per sender — opting out from one Provider’s messages does not automatically opt you out from another Provider’s messages.

Part 9: Children’s Privacy

Nuvbook is not directed toward children under 13 years of age, and we do not knowingly collect personal information from them.

If a parent or guardian believes that their child’s information has been submitted to us, they should contact privacy@nuvbook.com immediately, and we will take prompt action to remove the data.

For users in the EU, our platform is not intended for individuals under 16 unless consent is provided by a parent or guardian.

Part 10: Policy Updates and Notifications

We may update this Privacy Policy periodically to reflect:

Changes in our services or integrations,
Evolving industry standards and best practices,
Updates in applicable law, and/or
Enhancements to data security or functionality.

When we make significant updates, we will:

Notify users via email or an in-app alert before the changes take effect, and
Update the Effective Date at the top of the policy.

Continued use of the platform after updates constitutes acceptance of the revised policy.

Part 11: Contact Information

If you have questions, concerns, or requests related to privacy, data protection, or this policy, you can reach our Data Protection Team directly at:

418 Broadway STE 8805

Albany, NY, 12207, USA

📧 privacy@nuvbook.com

📞 +19143718990

We aim to respond to all verified privacy requests within 30 days or as required by law.

Part 12: Summary of Your Data Protection

To make our stance crystal clear:

Category	Our Commitment
Transparency	You will always know what data we collect and why.
Control	You can access, modify, or delete your data anytime.
Security	All data is encrypted and stored securely.
Fair Use	We only collect what’s necessary to improve your experience.
Compliance	We follow U.S. federal, state, and international privacy laws.

Part 13: SMS Consent and Text Messaging Practices

How We Collect Consent to Receive Text Messages

Nuvbook collects explicit, affirmative opt-in consent before sending any SMS or MMS messages to end users. We never send text messages without a clear opt-in action from the recipient.

Consent is collected through one or more of the following methods:

Web form opt-in: During account registration or appointment booking, users check a checkbox (unchecked by default) agreeing to receive SMS messages. The opt-in clearly states the message type, frequency, and how to opt out.
In-person or written consent: Providers may collect consent at their place of business via paper form or verbal agreement, with records maintained accordingly.
Double opt-in (where applicable): For certain message types, users may receive a confirmation text and must reply YES to activate messaging.

Consent collected for one Provider on the Nuvbook platform is not shared with other Providers or used for Nuvbook’s own marketing.

Types of Messages Sent

Users who opt in may receive:

Appointment confirmations and reminders
Booking updates, cancellations, and rescheduling notifications
Follow-up communications related to their appointment or service
Promotional messages from the specific Provider they opted into (where applicable)

How to Opt Out

Reply STOP to any text message at any time. You will receive one final confirmation and no further messages will be sent. To opt back in, reply START or re-enter consent at the point of booking.

Help

Reply HELP to any message, or contact us at privacy@nuvbook.com.

Message & Data Rates

Standard message and data rates may apply depending on your mobile carrier. Nuvbook does not charge separately for SMS messages.

No Sharing of SMS Data

Mobile phone numbers and SMS opt-in records are never sold, shared, rented, or transferred to third parties for their own marketing purposes. This data is used solely to deliver messages the recipient has consented to receive.

Nuvbook’s messaging infrastructure is powered by Twilio, Inc. Message delivery is subject to Twilio’s Privacy Policy (https://www.twilio.com/en-us/legal/privacy) and Acceptable Use Policy (https://www.twilio.com/en-us/legal/aup).

Consent Records

Nuvbook maintains records of SMS consent, including:

Phone number
Date, time, and method of opt-in
The specific Provider the user consented to receive messages from
IP address (for web-based opt-ins)

Records are retained for a minimum of 4 years or as required by applicable law.

Compliance

Our SMS practices comply with the Telephone Consumer Protection Act (TCPA), CTIA Messaging Principles and Best Practices, Twilio’s Acceptable Use Policy, and all applicable federal and state laws.

equivalent service providers

Effective Date:

2025, November 01.

Last Updated:

2025, November 12.

Part 1: Introduction

Welcome to Aptlyflow (“Aptlyflow,” “we,” “our,” or “us”).

Your trust means everything to us. We’re committed to protecting your personal information and maintaining transparency in how we handle your data.

This Privacy Policy explains:

What types of information we collect from you,
How and why we collect it,
How it’s used, stored, and shared,
Your rights over that information, and
The laws that govern our data practices.

Aptlyflow provides digital tools that help businesses such as salons, barbershops, consultants, healthcare providers, and other service-based professionals manage their online bookings, client communications, payments, and AI-powered assistant tools.

By using Aptlyflow, you agree to this Privacy Policy and our Terms of Service. If you don’t agree, you should stop using our services and contact us with any questions before continuing.

Part 2: Information We Collect

A. Information You Provide Directly

This is data you willingly give to us when signing up, creating an account, scheduling an appointment, or using our tools.

1. For Business Owners

If you sign up as a business owner or service provider, we collect:

Basic details like your name, business name, email, address, and contact number;
Billing and payment information (through Stripe or PayPal; we never store full card details ourselves);
Business branding information, such as your logo, business description, and service categories;
Account security details, including your username and password;
Communication preferences and correspondence you send to us (for example, when you reach out to support).

2. For Clients of Businesses

If you’re a client booking through an Aptlyflow-powered page, we collect:

Contact details such as name, phone number, and email address;
Appointment and scheduling details, such as the date, time, and type of service booked;
Form responses or additional information, when business owners create custom intake questions (e.g., hair type, consultation goals, or fitness preferences);
Communication records, such as appointment reminders or confirmations.

3. AI and Communication Data

When you interact with Aptlyflow’s AI assistant, we may collect:

Chat transcripts or voice queries, to improve response quality, and
Metadata, such as time of interaction, feature usage, or device type.

These interactions are never used to build advertising profiles and are stored securely to enhance the assistant’s accuracy and reliability.

B. Information We Collect Automatically

Some information is automatically collected whenever you visit or use Aptlyflow.

This includes:

Device and browser data: IP address, operating system, browser version, and device identifiers.
Usage data: Pages viewed, buttons clicked, session duration, and navigation patterns.
Cookies and tracking technologies: Used for login sessions, analytics, and improving the user experience.
Error reports and diagnostic logs: So we can detect bugs, fix issues, and improve reliability.

Cookies can be managed or disabled in your browser settings, but some may be necessary for the platform to function properly.

C. Information from Third Parties

We may receive limited information about you from:

Payment processors like Stripe and PayPal (confirmation of completed transactions).
Email delivery services like Mailgun (to confirm delivery of system notifications).
Analytics tools (to understand user engagement and site performance).

We do not combine third-party information with personal data for marketing purposes unless you’ve explicitly opted in.

Part 3: How We Use the Information

We only use your data in ways that are necessary and beneficial to provide and improve Aptlyflow’s services.

A. Core Operational Uses

We process your information to:

Provide and maintain services: To create accounts, manage bookings, and deliver reminders or notifications.
Process payments and subscriptions: To verify and complete billing through secure third-party gateways.
Enable communication: To send confirmations, reminders, notifications, and service updates to clients and business owners.
Improve platform functionality: By analyzing aggregated, non-identifiable data on usage trends and preferences.
Ensure security and prevent fraud: To detect suspicious activity and protect user accounts.
Comply with legal obligations: Including tax, accounting, and law enforcement requests when required.

B. Communication and Marketing

We may use your contact information to send:

Product updates and feature announcements,
Educational content, newsletters, or best practices, or
Promotions or offers (only if you’ve opted in).

You can unsubscribe from marketing communications at any time by using the “unsubscribe” link in emails or updating your profile settings.

C. AI Data Usage

AI-related data, such as messages or interactions, is used exclusively to:

Train and refine Aptlyflow’s virtual assistant responses,
Enhance user experience through better contextual understanding, and
Identify trends in usage to improve automation capabilities.

We do not use AI conversation data for advertising or sell it to third parties.

Part 4: Legal Bases for Processing Personal Data

Because Aptlyflow serves both U.S. and international users, we operate under multiple privacy frameworks to ensure your data is handled lawfully and fairly.

A. Under U.S. Law

We comply with the Federal Trade Commission Act (FTC Act) by avoiding deceptive or unfair practices in how we collect and use information.

Depending on the services offered by business owners using Aptlyflow, the following laws may also apply:

Children’s Online Privacy Protection Act (COPPA):

Aptlyflow is not designed for children under 13. We do not knowingly collect data from minors. If such data is ever identified, it will be deleted immediately.
Gramm-Leach-Bliley Act (GLBA):

If a business owner provides financial or investment-related services (e.g., consulting, advising, or lending) through Aptlyflow, GLBA may apply.

Aptlyflow itself does not collect or use financial advice-related data, but we support business owners’ compliance by protecting client information and providing secure data handling tools. Business owners using Aptlyflow for financial services remain responsible for their individual GLBA compliance.
Health Insurance Portability and Accountability Act (HIPAA):

While Aptlyflow is not a covered entity or business associate under HIPAA, healthcare professionals who use Aptlyflow for bookings or patient communications are responsible for ensuring that any medical information shared complies with HIPAA rules.

We do not access or store sensitive medical data and recommend that business owners avoid entering Protected Health Information (PHI) in free-text fields.
State Privacy Laws (New York, New Jersey, California, and others):

Aptlyflow complies with relevant state-level privacy frameworks such as:
- California Consumer Privacy Act (CCPA/CPRA):
  
  Users can request access to, deletion of, or correction of their data and can opt out of data sharing for targeted advertising.
- New York Privacy Act & New Jersey Data Privacy Law (anticipated 2025 enforcement):
  
  Aptlyflow follows best practices consistent with these laws, ensuring transparency, user consent, and reasonable data protection measures.

B. Under GDPR (for EU/EEA & UK users)

If you are located in the European Union, European Economic Area, or the United Kingdom, we process your data under the following lawful bases:

Performance of a Contract: To provide the services you’ve requested.
Legitimate Interests: To maintain and improve our platform in ways that don’t override your rights.
Consent: For marketing emails or when collecting optional data (you can withdraw consent anytime).
Legal Obligations: To comply with laws and regulatory requirements.

Users in these regions also have specific rights, including access, correction, deletion, portability, and the right to lodge a complaint with a supervisory authority.

Part 5: How We Share Data

We value your privacy and never sell your personal information.

However, in order to operate effectively, we share limited data with trusted third parties, always under strict confidentiality and data-protection agreements.

A. Service Providers & Processors

We use the following categories of third parties:

Payment Processors – Stripe and PayPal

Used for subscription billing and secure payments. They handle all sensitive payment data directly and share only transaction confirmation details with us.

Both Stripe and PayPal comply with PCI DSS and GDPR standards.
Email Communication Providers – Mailgun

Used to send transactional messages such as booking confirmations, account verifications, and subscription receipts.

Mailgun processes email metadata (sender, recipient, time) but not email content beyond delivery purposes.
SMS Messaging Provider – Twilio Used to deliver appointment reminders, booking confirmations, and other SMS/MMS communications to clients who have opted in to receive text messages. Twilio processes phone numbers and message content solely for delivery purposes. No mobile opt-in data is shared with Twilio for their own marketing. Twilio complies with TCPA, CTIA guidelines, and GDPR standards.
Analytics and Performance Tools

Tools like Google Analytics or similar may track anonymized usage to help us understand how users interact with Aptlyflow. Data is aggregated and never used to identify individuals.
Legal & Compliance Entities

We may share information when required by law or to respond to lawful requests from public authorities, such as subpoenas or government inquiries.

B. Data Transfers

Because Aptlyflow may process data in multiple regions, information can be transferred and stored in the United States or other countries.

When transferring data internationally, we rely on:

Standard Contractual Clauses (SCCs) for EU users
Adequacy decisions by the European Commission (where applicable)
Strong encryption and access controls during transmission and storage

C. Business Changes

If Aptlyflow undergoes a merger, acquisition, or sale of assets, we will ensure your data remains protected under this Privacy Policy.

All users will be notified before any transfer of data ownership occurs.

Part 6: Data Security

We take data protection seriously and apply a mix of technical, necessary, administrative, and physical safeguards to protect personal data from unauthorized access, loss, or misuse.

A. Security Measures

Our security framework includes:

Encryption: All data is encrypted in transit (via HTTPS/TLS) and at rest.
Access Controls: Role-based permissions limit who can access user information internally.
Regular Security Audits: Systems are tested for vulnerabilities and compliance with security best practices.
Third-Party Certification: Stripe, PayPal, and Mailgun all hold recognized security certifications, including PCI DSS and ISO 27001 compliance.
Data Minimization: We only retain data necessary for ongoing business and legal operations.

B. Data Retention

We retain personal data only for as long as needed:

Business accounts: Retained for the duration of the subscription and up to 90 days after cancellation, unless otherwise required for legal or tax purposes.
Client bookings and interactions: Retained according to the business owner’s active relationship with their clients or applicable law.
AI chat logs: Stored securely for up to 12 months to improve functionality, after which they are anonymized or deleted.
Cookies and analytics data: Retained for 26 months or less, depending on browser settings.

You can request data deletion at any time by contacting our privacy team at privacy@aptlyflow.com.

Part 7: Your Rights and Choices

We believe users deserve transparency and control over their data. Depending on your location and applicable law, you have certain rights regarding your personal information.

A. Rights Under U.S. Laws

If you reside in states such as California, New York, or New Jersey, you have the following rights (under CCPA/CPRA and similar frameworks):

Right to Know:

You can request details about the personal data we collect, including what categories of information we hold and why we use it.
Right to Access:

You may request a copy of the personal data we maintain about you.
Right to Delete:

You may request that we delete your personal information, unless retention is required for legal or contractual reasons.
Right to Correct:

You may request correction of inaccurate or incomplete data.
Right to Opt-Out:

You can opt out of the sale or sharing of your data for targeted advertising or analytics purposes.

(Note: Aptlyflow does not sell user data, but we still honour “Do Not Sell or Share My Data” requests to ensure full compliance.)
Right to Non-Discrimination:

We will never deny services, charge different prices, or provide a different level of quality if you exercise your privacy rights.

Users can submit these requests by emailing privacy@aptlyflow.com.

B. Rights Under GDPR (for EU/EEA and UK Users)

If you are an EU or UK user, you have the following rights under the General Data Protection Regulation (GDPR) and UK GDPR:

Right of Access: To know what data we hold about you.
Right of Rectification: To correct inaccurate or incomplete data.
Right of Erasure (“Right to Be Forgotten”): To request deletion of your data.
Right to Restrict Processing: To limit how your data is used.
Right to Data Portability: To receive your data in a structured, machine-readable format.
Right to Object: To object to certain types of processing, such as marketing.
Right to Withdraw Consent: If processing is based on consent, you can withdraw it at any time.

If you believe your rights under GDPR have been violated, you may lodge a complaint with your local data protection authority.

Part 8: Opt-Out Mechanisms and Marketing Choices

We understand that communication preferences vary.

Here’s how you can manage your marketing and data preferences:

Email Communications:

You can unsubscribe from marketing or promotional emails by clicking the “Unsubscribe” link in any Aptlyflow message or by updating your preferences in your account settings.

Transactional emails (e.g., billing notices, password resets, and booking confirmations) are not optional as they’re necessary to provide the service.
Cookies and Tracking Technologies:

You can manage cookies through your browser settings or by using our in-site cookie consent manager.

Essential cookies (for security and functionality) cannot be disabled, but analytics and advertising cookies can be turned off.
Do Not Track (DNT) & Global Privacy Control (GPC):

Aptlyflow respects “Do Not Track” browser signals and Global Privacy Control opt-outs wherever required by law.
SMS/Text Messages: You can opt out of text messages at any time by replying STOP to any message you receive from AptlyFlow or a Provider on our platform. You will receive a single confirmation message and no further texts will be sent. Standard opt-out applies per sender — opting out from one Provider's messages does not automatically opt you out from another Provider's messages.

Part 9: Children’s Privacy

Aptlyflow is not directed toward children under 13 years of age, and we do not knowingly collect personal information from them.

If a parent or guardian believes that their child’s information has been submitted to us, they should contact privacy@aptlyflow.com immediately, and we will take prompt action to remove the data.

For users in the EU, our platform is not intended for individuals under 16 unless consent is provided by a parent or guardian.

Part 10: Policy Updates and Notifications

We may update this Privacy Policy periodically to reflect:

Changes in our services or integrations,
Evolving industry standards and best practices,
Updates in applicable law, and/or
Enhancements to data security or functionality.

When we make significant updates, we will:

Notify users via email or an in-app alert before the changes take effect, and
Update the Effective Date at the top of the policy

Continued use of the platform after updates constitutes acceptance of the revised policy.

Part 11: Contact Information

If you have questions, concerns, or requests related to privacy, data protection, or this policy, you can reach our Data Protection Team directly at:

418 Broadway STE 8805 Albany, NY, 12207, USA

📧 support@aptlyflow.com

📞 +19143718990

We aim to respond to all verified privacy requests within 30 days or as required by law.

Part 12: Summary of Your Data Protection

To make our stance crystal clear:

Category	Our Commitment
Transparency	You will always know what data we collect and why.
Control	You can access, modify, or delete your data anytime.
Security	All data is encrypted and stored securely.
Fair Use	We only collect what’s necessary to improve your experience.
Compliance	We follow U.S. federal, state, and international privacy laws.

Part 13: Summary of Your Data Protection

How We Collect Consent to Receive Text Messages

AptlyFlow collects explicit, affirmative opt-in consent before sending any SMS or MMS messages to end users. We never send text messages without a clear opt-in action from the recipient.

Consent is collected through one or more of the following methods:

Web form opt-in: During account registration or appointment booking, users check a checkbox (unchecked by default) agreeing to receive SMS messages. The opt-in clearly states the message type, frequency, and how to opt out.
In-person or written consent: Providers may collect consent at their place of business via paper form or verbal agreement, with records maintained accordingly.
Double opt-in (where applicable): For certain message types, users may receive a confirmation text and must reply YES to activate messaging.

Consent collected for one Provider on the AptlyFlow platform is not shared with other Providers or used for AptlyFlow's own marketing.

Types of Messages Sent

Users who opt in may receive:

Appointment confirmations and reminders
Booking updates, cancellations, and rescheduling notifications
Follow-up communications related to their appointment or service
Promotional messages from the specific Provider they opted into (where applicable)

How to Opt Out

Reply STOP to any text message at any time. You will receive one final confirmation and no further messages will be sent. To opt back in, reply START or re-enter consent at the point of booking.

Help

Reply HELP to any message, or contact us at support@aptlyflow.com.

Message & Data Rates

Standard message and data rates may apply depending on your mobile carrier. AptlyFlow does not charge separately for SMS messages.

No Sharing of SMS Data

AptlyFlow's messaging infrastructure is powered by Twilio, Inc. Message delivery is subject to Twilio's Privacy Policy and Acceptable Use Policy.

Consent Records

AptlyFlow maintains records of SMS consent, including:

Phone number
Date, time, and method of opt-in
The specific Provider the user consented to receive messages from
IP address (for web-based opt-ins)

Records are retained for a minimum of 4 years or as required by applicable law.

Compliance

Our SMS practices comply with the Telephone Consumer Protection Act (TCPA), CTIA Messaging Principles and Best Practices, Twilio's Acceptable Use Policy, and all applicable federal and state laws.

Nuvbook Privacy Policy

Effective Date: 2025, November 01

Last Updated: 2026, May 01

Part 1: Introduction

Welcome to Nuvbook (“Nuvbook,” “we,” “our,” or “us”).

Your trust means everything to us. We’re committed to protecting your personal information and maintaining transparency in how we handle your data.

This Privacy Policy explains:

What types of information we collect from you,
How and why we collect it,
How it’s used, stored, and shared,
Your rights over that information, and
The laws that govern our data practices.

By using Nuvbook, you agree to this Privacy Policy and our Terms of Service. If you don’t agree, you should stop using our services and contact us with any questions before continuing.

Part 2: Information We Collect

A. Information You Provide Directly

This is data you willingly give to us when signing up, creating an account, scheduling an appointment, or using our tools.

1. For Business Owners

If you sign up as a business owner or service provider, we collect:

Basic details like your name, business name, email, address, and contact number;
Billing and payment information (through Stripe or PayPal; we never store full card details ourselves);
Business branding information, such as your logo, business description, and service categories;
Account security details, including your username and password;
Communication preferences and correspondence you send to us (for example, when you reach out to support).

2. For Clients of Businesses

If you’re a client booking through a Nuvbook-powered page, we collect:

Contact details such as name, phone number, and email address;
Appointment and scheduling details, such as the date, time, and type of service booked;
Form responses or additional information, when business owners create custom intake questions (e.g., hair type, consultation goals, or fitness preferences);
Communication records, such as appointment reminders or confirmations.

3. AI and Communication Data

When you interact with Nuvbook’s AI assistant, we may collect:

Chat transcripts or voice queries, to improve response quality, and
Metadata, such as time of interaction, feature usage, or device type.

These interactions are never used to build advertising profiles and are stored securely to enhance the assistant’s accuracy and reliability.

B. Information We Collect Automatically

Some information is automatically collected whenever you visit or use Nuvbook.

This includes:

Device and browser data: IP address, operating system, browser version, and device identifiers.
Usage data: Pages viewed, buttons clicked, session duration, and navigation patterns.
Cookies and tracking technologies: Used for login sessions, analytics, and improving the user experience.
Error reports and diagnostic logs: So we can detect bugs, fix issues, and improve reliability.

Cookies can be managed or disabled in your browser settings, but some may be necessary for the platform to function properly.

C. Information from Third Parties

We may receive limited information about you from:

Payment processors like Stripe and PayPal (confirmation of completed transactions).
Email delivery services like Mailgun (to confirm delivery of system notifications).
Analytics tools (to understand user engagement and site performance).

We do not combine third-party information with personal data for marketing purposes unless you’ve explicitly opted in.

Part 3: How We Use the Information

We only use your data in ways that are necessary and beneficial to provide and improve Nuvbook’s services.

A. Core Operational Uses

We process your information to:

Provide and maintain services: To create accounts, manage bookings, and deliver reminders or notifications.
Process payments and subscriptions: To verify and complete billing through secure third-party gateways.
Enable communication: To send confirmations, reminders, notifications, and service updates to clients and business owners.
Improve platform functionality: By analyzing aggregated, non-identifiable data on usage trends and preferences.
Ensure security and prevent fraud: To detect suspicious activity and protect user accounts.
Comply with legal obligations: Including tax, accounting, and law enforcement requests when required.

B. Communication and Marketing

We may use your contact information to send:

Product updates and feature announcements,
Educational content, newsletters, or best practices, or
Promotions or offers (only if you’ve opted in).

You can unsubscribe from marketing communications at any time by using the “unsubscribe” link in emails or updating your profile settings.

C. AI Data Usage

AI-related data, such as messages or interactions, is used exclusively to:

Train and refine Nuvbook’s virtual assistant responses,
Enhance user experience through better contextual understanding, and
Identify trends in usage to improve automation capabilities.

We do not use AI conversation data for advertising or sell it to third parties.

Part 4: Legal Bases for Processing Personal Data

Because Nuvbook serves both U.S. and international users, we operate under multiple privacy frameworks to ensure your data is handled lawfully and fairly.

A. Under U.S. Law

We comply with the Federal Trade Commission Act (FTC Act) by avoiding deceptive or unfair practices in how we collect and use information.

Depending on the services offered by business owners using Nuvbook, the following laws may also apply:

Children’s Online Privacy Protection Act (COPPA): Nuvbook is not designed for children under 13. We do not knowingly collect data from minors. If such data is ever identified, it will be deleted immediately.
Gramm-Leach-Bliley Act (GLBA): If a business owner provides financial or investment-related services (e.g., consulting, advising, etc) through Nuvbook, GLBA may apply. Nuvbook itself does not collect or use financial advice-related data, but we support business owners’ compliance by protecting client information and providing secure data handling tools. Business owners using Nuvbook for financial services remain responsible for their individual GLBA compliance.
State Privacy Laws (New York, New Jersey, California, and others): Nuvbook complies with relevant state-level privacy frameworks such as:

California Consumer Privacy Act (CCPA/CPRA): Users can request access to, deletion of, or correction of their data and can opt out of data sharing for targeted advertising.
New York Privacy Act & New Jersey Data Privacy Law: Nuvbook follows best practices consistent with these laws, ensuring transparency, user consent, and reasonable data protection measures.

B. Under GDPR (for EU/EEA & UK users)

If you are located in the European Union, European Economic Area, or the United Kingdom, we process your data under the following lawful bases:

Performance of a Contract: To provide the services you’ve requested.
Legitimate Interests: To maintain and improve our platform in ways that don’t override your rights.
Consent: For marketing emails or when collecting optional data (you can withdraw consent anytime).
Legal Obligations: To comply with laws and regulatory requirements.

Users in these regions also have specific rights, including access, correction, deletion, portability, and the right to lodge a complaint with a supervisory authority.

C. EU Representative (GDPR Article 27)

As Nuvbook is established in the United States, we have designated an EU representative for GDPR purposes. EU users may contact our representative for any privacy-related inquiries at:

privacy@nuvbook.com.

We will respond to all verified GDPR requests within 30 days as required by law.

Part 5: How We Share Data

We value your privacy and never sell your personal information.

However, in order to operate effectively, we share limited data with trusted third parties, always under strict confidentiality and data-protection agreements.

A. Service Providers & Processors

We use the following categories of third parties:

Payment Processors – Stripe and PayPal: Used for subscription billing and secure payments. They handle all sensitive payment data directly and share only transaction confirmation details with us. Both Stripe and PayPal comply with PCI DSS and GDPR standards.
Email Communication Providers – Mailgun: Used to send transactional messages such as booking confirmations, account verifications, and subscription receipts. Mailgun processes email metadata (sender, recipient, time) but not email content beyond delivery purposes.
SMS Messaging Provider – Twilio: Used to deliver appointment reminders, booking confirmations, and other SMS/MMS communications to clients who have opted in to receive text messages. Twilio processes phone numbers and message content solely for delivery purposes. No mobile opt-in data is shared with Twilio for their own marketing. Twilio complies with TCPA, CTIA guidelines, and GDPR standards.
Analytics and Performance Tools: Tools like Google Analytics or similar may track anonymized usage to help us understand how users interact with Nuvbook. Data is aggregated and never used to identify individuals.
Legal & Compliance Entities: We may share information when required by law or to respond to lawful requests from public authorities, such as subpoenas or government inquiries.

B. Data Transfers

Because Nuvbook may process data in multiple regions, information can be transferred and stored in the United States or other countries.

When transferring data internationally, we rely on:

Standard Contractual Clauses (SCCs) for EU users.
Adequacy decisions by the European Commission (where applicable).
Strong encryption and access controls during transmission and storage.

C. Business Changes

If Nuvbook undergoes a merger, acquisition, or sale of assets, we will ensure your data remains protected under this Privacy Policy.

All users will be notified before any transfer of data ownership occurs.

Part 6: Data Security

We take data protection seriously and apply a mix of technical, necessary, administrative, and physical safeguards to protect personal data from unauthorized access, loss, or misuse.

A. Security Measures

Our security framework includes:

Encryption: All data is encrypted in transit (via HTTPS/TLS) and at rest.
Access Controls: Role-based permissions limit who can access user information internally.
Regular Security Audits: Systems are tested for vulnerabilities and compliance with security best practices.
Third-Party Certification: Stripe, PayPal, and Mailgun all hold recognized security certifications, including PCI DSS and ISO 27001 compliance.
Data Minimization: We only retain data necessary for ongoing business and legal operations.

B. Data Retention

We retain personal data only for as long as needed:

Business accounts: Retained for the duration of the subscription and up to 90 days after cancellation, unless otherwise required for legal or tax purposes.
Client bookings and interactions: Retained according to the business owner’s active relationship with their clients or applicable law.
AI chat logs: Stored securely for up to 24 months to improve functionality, after which they are anonymized or deleted.
Cookies and analytics data: Retained for 26 months or less, depending on browser settings.

You can request data deletion at any time by contacting our privacy team at privacy@nuvbook.com.

Part 7: Your Rights and Choices

We believe users deserve transparency and control over their data. Depending on your location and applicable law, you have certain rights regarding your personal information.

A. Rights Under U.S. Laws

If you reside in states such as California, New York, or New Jersey, you have the following rights (under CCPA/CPRA and similar frameworks):

Right to Know: You can request details about the personal data we collect, including what categories of information we hold and why we use it.
Right to Access: You may request a copy of the personal data we maintain about you.
Right to Delete: You may request that we delete your personal information, unless retention is required for legal or contractual reasons.
Right to Correct: You may request correction of inaccurate or incomplete data.
Right to Opt-Out: You can opt out of the sale or sharing of your data for targeted advertising or analytics purposes. (Note: Nuvbook does not sell user data, but we still honour “Do Not Sell or Share My Data” requests to ensure full compliance.)
Right to Non-Discrimination: We will never deny services, charge different prices, or provide a different level of quality if you exercise your privacy rights.

Users can submit these requests by emailing privacy@nuvbook.com.

B. Rights Under GDPR (for EU/EEA and UK Users)

If you are an EU or UK user, you have the following rights under the General Data Protection Regulation (GDPR) and UK GDPR:

Right of Access: To know what data we hold about you.
Right of Rectification: To correct inaccurate or incomplete data.
Right of Erasure (“Right to Be Forgotten”): To request deletion of your data.
Right to Restrict Processing: To limit how your data is used.
Right to Data Portability: To receive your data in a structured, machine-readable format.
Right to Object: To object to certain types of processing, such as marketing.
Right to Withdraw Consent: If processing is based on consent, you can withdraw it at any time.

If you believe your rights under GDPR have been violated, you may lodge a complaint with your local data protection authority.

Part 8: Opt-Out Mechanisms and Marketing Choices

We understand that communication preferences vary. Here’s how you can manage your marketing and data preferences:

Email Communications: You can unsubscribe from marketing or promotional emails by clicking the “Unsubscribe” link in any Nuvbook message or by updating your preferences in your account settings. Transactional emails (e.g., billing notices, password resets, and booking confirmations) are not optional as they’re necessary to provide the service.
Cookies and Tracking Technologies: You can manage cookies through your browser settings or by using our in-site cookie consent manager. Essential cookies (for security and functionality) cannot be disabled, but analytics and advertising cookies can be turned off.
Do Not Track (DNT) & Global Privacy Control (GPC): Nuvbook respects “Do Not Track” browser signals and Global Privacy Control opt-outs wherever required by law.
SMS/Text Messages: You can opt out of text messages at any time by replying STOP to any message you receive from Nuvbook or a Provider on our platform. You will receive a single confirmation message and no further texts will be sent. Standard opt-out applies per sender — opting out from one Provider’s messages does not automatically opt you out from another Provider’s messages.

Part 9: Children’s Privacy

Nuvbook is not directed toward children under 13 years of age, and we do not knowingly collect personal information from them.

If a parent or guardian believes that their child’s information has been submitted to us, they should contact privacy@nuvbook.com immediately, and we will take prompt action to remove the data.

For users in the EU, our platform is not intended for individuals under 16 unless consent is provided by a parent or guardian.

Part 10: Policy Updates and Notifications

We may update this Privacy Policy periodically to reflect:

Changes in our services or integrations,
Evolving industry standards and best practices,
Updates in applicable law, and/or
Enhancements to data security or functionality.

When we make significant updates, we will:

Notify users via email or an in-app alert before the changes take effect, and
Update the Effective Date at the top of the policy.

Continued use of the platform after updates constitutes acceptance of the revised policy.

Part 11: Contact Information

If you have questions, concerns, or requests related to privacy, data protection, or this policy, you can reach our Data Protection Team directly at:

418 Broadway STE 8805

Albany, NY, 12207, USA

📧 privacy@nuvbook.com

📞 +19143718990

We aim to respond to all verified privacy requests within 30 days or as required by law.

Part 12: Summary of Your Data Protection

To make our stance crystal clear:

Category	Our Commitment
Transparency	You will always know what data we collect and why.
Control	You can access, modify, or delete your data anytime.
Security	All data is encrypted and stored securely.
Fair Use	We only collect what’s necessary to improve your experience.
Compliance	We follow U.S. federal, state, and international privacy laws.

Part 13: SMS Consent and Text Messaging Practices

How We Collect Consent to Receive Text Messages

Nuvbook collects explicit, affirmative opt-in consent before sending any SMS or MMS messages to end users. We never send text messages without a clear opt-in action from the recipient.

Consent is collected through one or more of the following methods:

Web form opt-in: During account registration or appointment booking, users check a checkbox (unchecked by default) agreeing to receive SMS messages. The opt-in clearly states the message type, frequency, and how to opt out.
In-person or written consent: Providers may collect consent at their place of business via paper form or verbal agreement, with records maintained accordingly.
Double opt-in (where applicable): For certain message types, users may receive a confirmation text and must reply YES to activate messaging.

Consent collected for one Provider on the Nuvbook platform is not shared with other Providers or used for Nuvbook’s own marketing.

Types of Messages Sent

Users who opt in may receive:

Appointment confirmations and reminders
Booking updates, cancellations, and rescheduling notifications
Follow-up communications related to their appointment or service
Promotional messages from the specific Provider they opted into (where applicable)

How to Opt Out

Reply STOP to any text message at any time. You will receive one final confirmation and no further messages will be sent. To opt back in, reply START or re-enter consent at the point of booking.

Help

Reply HELP to any message, or contact us at privacy@nuvbook.com.

Message & Data Rates

Standard message and data rates may apply depending on your mobile carrier. Nuvbook does not charge separately for SMS messages.

No Sharing of SMS Data

Consent Records

Nuvbook maintains records of SMS consent, including:

Phone number
Date, time, and method of opt-in
The specific Provider the user consented to receive messages from
IP address (for web-based opt-ins)

Records are retained for a minimum of 4 years or as required by applicable law.

Compliance

Our SMS practices comply with the Telephone Consumer Protection Act (TCPA), CTIA Messaging Principles and Best Practices, Twilio’s Acceptable Use Policy, and all applicable federal and state laws.

equivalent service providers

Effective Date:

2025, November 01.

Last Updated:

2025, November 12.

Part 1: Introduction

Welcome to Aptlyflow (“Aptlyflow,” “we,” “our,” or “us”).

Your trust means everything to us. We’re committed to protecting your personal information and maintaining transparency in how we handle your data.

This Privacy Policy explains:

What types of information we collect from you,
How and why we collect it,
How it’s used, stored, and shared,
Your rights over that information, and
The laws that govern our data practices.

By using Aptlyflow, you agree to this Privacy Policy and our Terms of Service. If you don’t agree, you should stop using our services and contact us with any questions before continuing.

Part 2: Information We Collect

A. Information You Provide Directly

This is data you willingly give to us when signing up, creating an account, scheduling an appointment, or using our tools.

1. For Business Owners

If you sign up as a business owner or service provider, we collect:

Basic details like your name, business name, email, address, and contact number;
Billing and payment information (through Stripe or PayPal; we never store full card details ourselves);
Business branding information, such as your logo, business description, and service categories;
Account security details, including your username and password;
Communication preferences and correspondence you send to us (for example, when you reach out to support).

2. For Clients of Businesses

If you’re a client booking through an Aptlyflow-powered page, we collect:

Contact details such as name, phone number, and email address;
Appointment and scheduling details, such as the date, time, and type of service booked;
Form responses or additional information, when business owners create custom intake questions (e.g., hair type, consultation goals, or fitness preferences);
Communication records, such as appointment reminders or confirmations.

3. AI and Communication Data

When you interact with Aptlyflow’s AI assistant, we may collect:

Chat transcripts or voice queries, to improve response quality, and
Metadata, such as time of interaction, feature usage, or device type.

These interactions are never used to build advertising profiles and are stored securely to enhance the assistant’s accuracy and reliability.

B. Information We Collect Automatically

Some information is automatically collected whenever you visit or use Aptlyflow.

This includes:

Device and browser data: IP address, operating system, browser version, and device identifiers.
Usage data: Pages viewed, buttons clicked, session duration, and navigation patterns.
Cookies and tracking technologies: Used for login sessions, analytics, and improving the user experience.
Error reports and diagnostic logs: So we can detect bugs, fix issues, and improve reliability.

Cookies can be managed or disabled in your browser settings, but some may be necessary for the platform to function properly.

C. Information from Third Parties

We may receive limited information about you from:

Payment processors like Stripe and PayPal (confirmation of completed transactions).
Email delivery services like Mailgun (to confirm delivery of system notifications).
Analytics tools (to understand user engagement and site performance).

We do not combine third-party information with personal data for marketing purposes unless you’ve explicitly opted in.

Part 3: How We Use the Information

We only use your data in ways that are necessary and beneficial to provide and improve Aptlyflow’s services.

A. Core Operational Uses

We process your information to:

Provide and maintain services: To create accounts, manage bookings, and deliver reminders or notifications.
Process payments and subscriptions: To verify and complete billing through secure third-party gateways.
Enable communication: To send confirmations, reminders, notifications, and service updates to clients and business owners.
Improve platform functionality: By analyzing aggregated, non-identifiable data on usage trends and preferences.
Ensure security and prevent fraud: To detect suspicious activity and protect user accounts.
Comply with legal obligations: Including tax, accounting, and law enforcement requests when required.

B. Communication and Marketing

We may use your contact information to send:

Product updates and feature announcements,
Educational content, newsletters, or best practices, or
Promotions or offers (only if you’ve opted in).

You can unsubscribe from marketing communications at any time by using the “unsubscribe” link in emails or updating your profile settings.

C. AI Data Usage

AI-related data, such as messages or interactions, is used exclusively to:

Train and refine Aptlyflow’s virtual assistant responses,
Enhance user experience through better contextual understanding, and
Identify trends in usage to improve automation capabilities.

We do not use AI conversation data for advertising or sell it to third parties.

Part 4: Legal Bases for Processing Personal Data

Because Aptlyflow serves both U.S. and international users, we operate under multiple privacy frameworks to ensure your data is handled lawfully and fairly.

A. Under U.S. Law

We comply with the Federal Trade Commission Act (FTC Act) by avoiding deceptive or unfair practices in how we collect and use information.

Depending on the services offered by business owners using Aptlyflow, the following laws may also apply:

Children’s Online Privacy Protection Act (COPPA):

Aptlyflow is not designed for children under 13. We do not knowingly collect data from minors. If such data is ever identified, it will be deleted immediately.
Gramm-Leach-Bliley Act (GLBA):

If a business owner provides financial or investment-related services (e.g., consulting, advising, or lending) through Aptlyflow, GLBA may apply.

Aptlyflow itself does not collect or use financial advice-related data, but we support business owners’ compliance by protecting client information and providing secure data handling tools. Business owners using Aptlyflow for financial services remain responsible for their individual GLBA compliance.
Health Insurance Portability and Accountability Act (HIPAA):

While Aptlyflow is not a covered entity or business associate under HIPAA, healthcare professionals who use Aptlyflow for bookings or patient communications are responsible for ensuring that any medical information shared complies with HIPAA rules.

We do not access or store sensitive medical data and recommend that business owners avoid entering Protected Health Information (PHI) in free-text fields.
State Privacy Laws (New York, New Jersey, California, and others):

Aptlyflow complies with relevant state-level privacy frameworks such as:
- California Consumer Privacy Act (CCPA/CPRA):
  
  Users can request access to, deletion of, or correction of their data and can opt out of data sharing for targeted advertising.
- New York Privacy Act & New Jersey Data Privacy Law (anticipated 2025 enforcement):
  
  Aptlyflow follows best practices consistent with these laws, ensuring transparency, user consent, and reasonable data protection measures.

B. Under GDPR (for EU/EEA & UK users)

If you are located in the European Union, European Economic Area, or the United Kingdom, we process your data under the following lawful bases:

Performance of a Contract: To provide the services you’ve requested.
Legitimate Interests: To maintain and improve our platform in ways that don’t override your rights.
Consent: For marketing emails or when collecting optional data (you can withdraw consent anytime).
Legal Obligations: To comply with laws and regulatory requirements.

Users in these regions also have specific rights, including access, correction, deletion, portability, and the right to lodge a complaint with a supervisory authority.

Part 5: How We Share Data

We value your privacy and never sell your personal information.

However, in order to operate effectively, we share limited data with trusted third parties, always under strict confidentiality and data-protection agreements.

A. Service Providers & Processors

We use the following categories of third parties:

Payment Processors – Stripe and PayPal

Used for subscription billing and secure payments. They handle all sensitive payment data directly and share only transaction confirmation details with us.

Both Stripe and PayPal comply with PCI DSS and GDPR standards.
Email Communication Providers – Mailgun

Used to send transactional messages such as booking confirmations, account verifications, and subscription receipts.

Mailgun processes email metadata (sender, recipient, time) but not email content beyond delivery purposes.
SMS Messaging Provider – Twilio Used to deliver appointment reminders, booking confirmations, and other SMS/MMS communications to clients who have opted in to receive text messages. Twilio processes phone numbers and message content solely for delivery purposes. No mobile opt-in data is shared with Twilio for their own marketing. Twilio complies with TCPA, CTIA guidelines, and GDPR standards.
Analytics and Performance Tools

Tools like Google Analytics or similar may track anonymized usage to help us understand how users interact with Aptlyflow. Data is aggregated and never used to identify individuals.
Legal & Compliance Entities

We may share information when required by law or to respond to lawful requests from public authorities, such as subpoenas or government inquiries.

B. Data Transfers

Because Aptlyflow may process data in multiple regions, information can be transferred and stored in the United States or other countries.

When transferring data internationally, we rely on:

Standard Contractual Clauses (SCCs) for EU users
Adequacy decisions by the European Commission (where applicable)
Strong encryption and access controls during transmission and storage

C. Business Changes

If Aptlyflow undergoes a merger, acquisition, or sale of assets, we will ensure your data remains protected under this Privacy Policy.

All users will be notified before any transfer of data ownership occurs.

Part 6: Data Security

We take data protection seriously and apply a mix of technical, necessary, administrative, and physical safeguards to protect personal data from unauthorized access, loss, or misuse.

A. Security Measures

Our security framework includes:

Encryption: All data is encrypted in transit (via HTTPS/TLS) and at rest.
Access Controls: Role-based permissions limit who can access user information internally.
Regular Security Audits: Systems are tested for vulnerabilities and compliance with security best practices.
Third-Party Certification: Stripe, PayPal, and Mailgun all hold recognized security certifications, including PCI DSS and ISO 27001 compliance.
Data Minimization: We only retain data necessary for ongoing business and legal operations.

B. Data Retention

We retain personal data only for as long as needed:

Business accounts: Retained for the duration of the subscription and up to 90 days after cancellation, unless otherwise required for legal or tax purposes.
Client bookings and interactions: Retained according to the business owner’s active relationship with their clients or applicable law.
AI chat logs: Stored securely for up to 12 months to improve functionality, after which they are anonymized or deleted.
Cookies and analytics data: Retained for 26 months or less, depending on browser settings.

You can request data deletion at any time by contacting our privacy team at privacy@aptlyflow.com.

Part 7: Your Rights and Choices

We believe users deserve transparency and control over their data. Depending on your location and applicable law, you have certain rights regarding your personal information.

A. Rights Under U.S. Laws

If you reside in states such as California, New York, or New Jersey, you have the following rights (under CCPA/CPRA and similar frameworks):

Right to Know:

You can request details about the personal data we collect, including what categories of information we hold and why we use it.
Right to Access:

You may request a copy of the personal data we maintain about you.
Right to Delete:

You may request that we delete your personal information, unless retention is required for legal or contractual reasons.
Right to Correct:

You may request correction of inaccurate or incomplete data.
Right to Opt-Out:

You can opt out of the sale or sharing of your data for targeted advertising or analytics purposes.

(Note: Aptlyflow does not sell user data, but we still honour “Do Not Sell or Share My Data” requests to ensure full compliance.)
Right to Non-Discrimination:

We will never deny services, charge different prices, or provide a different level of quality if you exercise your privacy rights.

Users can submit these requests by emailing privacy@aptlyflow.com.

B. Rights Under GDPR (for EU/EEA and UK Users)

If you are an EU or UK user, you have the following rights under the General Data Protection Regulation (GDPR) and UK GDPR:

Right of Access: To know what data we hold about you.
Right of Rectification: To correct inaccurate or incomplete data.
Right of Erasure (“Right to Be Forgotten”): To request deletion of your data.
Right to Restrict Processing: To limit how your data is used.
Right to Data Portability: To receive your data in a structured, machine-readable format.
Right to Object: To object to certain types of processing, such as marketing.
Right to Withdraw Consent: If processing is based on consent, you can withdraw it at any time.

If you believe your rights under GDPR have been violated, you may lodge a complaint with your local data protection authority.

Part 8: Opt-Out Mechanisms and Marketing Choices

We understand that communication preferences vary.

Here’s how you can manage your marketing and data preferences:

Email Communications:

You can unsubscribe from marketing or promotional emails by clicking the “Unsubscribe” link in any Aptlyflow message or by updating your preferences in your account settings.

Transactional emails (e.g., billing notices, password resets, and booking confirmations) are not optional as they’re necessary to provide the service.
Cookies and Tracking Technologies:

You can manage cookies through your browser settings or by using our in-site cookie consent manager.

Essential cookies (for security and functionality) cannot be disabled, but analytics and advertising cookies can be turned off.
Do Not Track (DNT) & Global Privacy Control (GPC):

Aptlyflow respects “Do Not Track” browser signals and Global Privacy Control opt-outs wherever required by law.
SMS/Text Messages: You can opt out of text messages at any time by replying STOP to any message you receive from AptlyFlow or a Provider on our platform. You will receive a single confirmation message and no further texts will be sent. Standard opt-out applies per sender — opting out from one Provider's messages does not automatically opt you out from another Provider's messages.

Part 9: Children’s Privacy

Aptlyflow is not directed toward children under 13 years of age, and we do not knowingly collect personal information from them.

For users in the EU, our platform is not intended for individuals under 16 unless consent is provided by a parent or guardian.

Part 10: Policy Updates and Notifications

We may update this Privacy Policy periodically to reflect:

Changes in our services or integrations,
Evolving industry standards and best practices,
Updates in applicable law, and/or
Enhancements to data security or functionality.

When we make significant updates, we will:

Notify users via email or an in-app alert before the changes take effect, and
Update the Effective Date at the top of the policy

Continued use of the platform after updates constitutes acceptance of the revised policy.

Part 11: Contact Information

If you have questions, concerns, or requests related to privacy, data protection, or this policy, you can reach our Data Protection Team directly at:

418 Broadway STE 8805 Albany, NY, 12207, USA

📧 support@aptlyflow.com

📞 +19143718990

We aim to respond to all verified privacy requests within 30 days or as required by law.

Part 12: Summary of Your Data Protection

To make our stance crystal clear:

Category	Our Commitment
Transparency	You will always know what data we collect and why.
Control	You can access, modify, or delete your data anytime.
Security	All data is encrypted and stored securely.
Fair Use	We only collect what’s necessary to improve your experience.
Compliance	We follow U.S. federal, state, and international privacy laws.

Part 13: Summary of Your Data Protection

How We Collect Consent to Receive Text Messages

AptlyFlow collects explicit, affirmative opt-in consent before sending any SMS or MMS messages to end users. We never send text messages without a clear opt-in action from the recipient.

Consent is collected through one or more of the following methods:

Web form opt-in: During account registration or appointment booking, users check a checkbox (unchecked by default) agreeing to receive SMS messages. The opt-in clearly states the message type, frequency, and how to opt out.
In-person or written consent: Providers may collect consent at their place of business via paper form or verbal agreement, with records maintained accordingly.
Double opt-in (where applicable): For certain message types, users may receive a confirmation text and must reply YES to activate messaging.

Consent collected for one Provider on the AptlyFlow platform is not shared with other Providers or used for AptlyFlow's own marketing.

Types of Messages Sent

Users who opt in may receive:

Appointment confirmations and reminders
Booking updates, cancellations, and rescheduling notifications
Follow-up communications related to their appointment or service
Promotional messages from the specific Provider they opted into (where applicable)

How to Opt Out

Reply STOP to any text message at any time. You will receive one final confirmation and no further messages will be sent. To opt back in, reply START or re-enter consent at the point of booking.

Help

Reply HELP to any message, or contact us at support@aptlyflow.com.

Message & Data Rates

Standard message and data rates may apply depending on your mobile carrier. AptlyFlow does not charge separately for SMS messages.

No Sharing of SMS Data

AptlyFlow's messaging infrastructure is powered by Twilio, Inc. Message delivery is subject to Twilio's Privacy Policy and Acceptable Use Policy.

Consent Records

AptlyFlow maintains records of SMS consent, including:

Phone number
Date, time, and method of opt-in
The specific Provider the user consented to receive messages from
IP address (for web-based opt-ins)

Records are retained for a minimum of 4 years or as required by applicable law.

Compliance

Our SMS practices comply with the Telephone Consumer Protection Act (TCPA), CTIA Messaging Principles and Best Practices, Twilio's Acceptable Use Policy, and all applicable federal and state laws.

Privacy Policy

Nuvbook Privacy Policy

Part 1: Introduction

Part 2: Information We Collect

A. Information You Provide Directly

B. Information We Collect Automatically

C. Information from Third Parties

Part 3: How We Use the Information

A. Core Operational Uses

B. Communication and Marketing

C. AI Data Usage

Part 4: Legal Bases for Processing Personal Data

A. Under U.S. Law

B. Under GDPR (for EU/EEA & UK users)

C. EU Representative (GDPR Article 27)

Part 5: How We Share Data

A. Service Providers & Processors

B. Data Transfers

C. Business Changes

Part 6: Data Security

A. Security Measures

B. Data Retention

Part 7: Your Rights and Choices

A. Rights Under U.S. Laws

B. Rights Under GDPR (for EU/EEA and UK Users)

Part 8: Opt-Out Mechanisms and Marketing Choices

Part 9: Children’s Privacy

Part 10: Policy Updates and Notifications

Part 11: Contact Information

Part 12: Summary of Your Data Protection

Part 13: SMS Consent and Text Messaging Practices

Part 1: Introduction

Part 2: Information We Collect

A. Information You Provide Directly

1. For Business Owners

2. For Clients of Businesses

3. AI and Communication Data

B. Information We Collect Automatically

C. Information from Third Parties

Part 3: How We Use the Information

A. Core Operational Uses

B. Communication and Marketing

C. AI Data Usage

Part 4: Legal Bases for Processing Personal Data

A. Under U.S. Law

B. Under GDPR (for EU/EEA & UK users)

Part 5: How We Share Data

A. Service Providers & Processors

B. Data Transfers

C. Business Changes

Part 6: Data Security

A. Security Measures

B. Data Retention

Part 7: Your Rights and Choices

A. Rights Under U.S. Laws

B. Rights Under GDPR (for EU/EEA and UK Users)

Part 8: Opt-Out Mechanisms and Marketing Choices

Part 9: Children’s Privacy

Part 10: Policy Updates and Notifications

Part 11: Contact Information

Part 12: Summary of Your Data Protection

Part 13: Summary of Your Data Protection

Questions or Concerns?

Privacy Policy

Nuvbook Privacy Policy

Part 1: Introduction

Part 2: Information We Collect

A. Information You Provide Directly

B. Information We Collect Automatically

C. Information from Third Parties

Part 3: How We Use the Information

A. Core Operational Uses

B. Communication and Marketing

C. AI Data Usage

Part 4: Legal Bases for Processing Personal Data

A. Under U.S. Law

B. Under GDPR (for EU/EEA & UK users)

C. EU Representative (GDPR Article 27)

Part 5: How We Share Data

A. Service Providers & Processors