Privacy Policy
Last updated: 6/13/2026
1. Data we collect
JouBook collects the data needed to provide the service: name, email, phone number, business information, booking data, and billing information. We never store payment card data on our servers — payments are processed by our PCI-DSS certified provider.
1 bis. Excluded data categories
JouBook is not designed for regulated healthcare professionals and is not certified as a health-data hosting platform (no HDS / HIPAA / BAA). Users must not upload or store special-category personal data under GDPR Article 9 — in particular health data, medical records, diagnoses, prescriptions, or biometric/genetic data. Any account found storing such data may be suspended without refund. The "client notes" field is intended for general business notes only (preferences, scheduling context, etc.).
2. How we use your data
Your data is used solely to: operate the platform, send notifications related to your activity (reminders, confirmations), improve the service, and comply with our legal obligations. We never sell your data.
3. Retention
Data is retained while your account is active and deleted within 30 days of account closure, except where legal obligations require longer retention (e.g. invoicing records: 10 years).
4. Your rights (GDPR)
You have the right to access, rectify, erase, port, and object to the processing of your data. To exercise these rights, contact us at privacy@joubook.com.
5. Security
All data is encrypted in transit (TLS) and at rest. Access is restricted and logged.
6. Sub-processors & DPA
JouBook relies on a limited set of GDPR-compliant sub-processors (cloud hosting, database, payment processing, transactional email). A Data Processing Agreement (DPA) is available for business customers handling personal data of EU residents — request a copy at privacy@joubook.com and we will send the signed DPA within 5 business days.
7. California residents (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the CPRA, grants you the following rights regarding your personal information: the right to know what we collect and how we use it, the right to delete it, the right to correct inaccurate information, the right to limit the use of sensitive personal information, and the right to opt out of the sale or sharing of personal information. JouBook does not sell or share your personal information as those terms are defined under the CCPA/CPRA, and we have not done so in the preceding 12 months. To exercise any of these rights, email privacy@joubook.com. We will not discriminate against you for exercising your privacy rights.
8. Canadian residents (PIPEDA / Loi 25)
Canadian residents have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), and Quebec residents have additional rights under Quebec's Law 25. You may access, correct or request deletion of your personal information by contacting privacy@joubook.com. You may also file a complaint with the Office of the Privacy Commissioner of Canada or, for Quebec residents, the Commission d'accès à l'information du Québec.
9. Contact & complaints
For any question: privacy@joubook.com. EU residents may also lodge a complaint with their local data protection authority (e.g. the CNIL in France).