Privacy policy

Effective 21 May 2026

Pencilme (“Pencilme,” “we,” “our”) is appointment-booking software for service businesses. This policy explains what data we collect, why we collect it, how we use it, and the rights you have over it. It applies to pencilme.app.

Who we serve

Pencilme has two kinds of users:

Business owners who sign up to manage bookings, customers, and messages for their service business.
Customersof those businesses who book appointments through a business’s Pencilme booking page.

Data we collect

From business owners

Account details: name, email, password (hashed by our auth provider), business name, address, and phone number.
Business operating data you choose to add: services, prices, staff, hours, photos, and notes.
Usage data: pages visited inside the dashboard and basic device information, used to keep the product working.

From booking customers

Booking details you enter: name, phone number, optional email, chosen service, and time.
Anonymous analytics: a daily-rotated hashed visitor identifier used to count unique page views. We do not set tracking cookies and we cannot identify you from this hash.

How we use data

To provide booking and calendar functionality.
To send transactional notifications about bookings (for example, booking confirmations via WhatsApp deep links).
To keep the product secure and to detect abuse.
To answer support requests from business owners.

We do not sell personal data. We do not use your data for advertising or to train machine-learning models.

Sharing

We share data only with infrastructure providers required to run the service, under data-processing agreements:

Vercel— web hosting and serverless compute.
Neon— managed Postgres database.
Supabase— file storage for business photos.
Clerk— business-owner authentication.

We may also disclose data if compelled by valid legal process.

Retention

Account and booking data is kept while the account is active. If you delete your account, we delete it within 30 days.
Backups containing deleted data are overwritten within 90 days.

Your rights

You can request a copy of the personal data we hold about you, ask us to correct it, or ask us to delete it. See Data deletion instructions for the deletion process.

Security

Data is transmitted over HTTPS and stored on encrypted volumes. Access tokens are stored encrypted at rest.

Children

Pencilme is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

Changes

We will update this policy from time to time. The effective date at the top of the page reflects the most recent change. Material changes will be announced to business owners by email.

Contact

Questions or requests about this policy: beevekmgr@gmail.com.

Data we collect

From business owners

Account details: name, email, password (hashed by our auth provider), business name, address, and phone number.

Business operating data you choose to add: services, prices, staff, hours, photos, and notes.

Usage data: pages visited inside the dashboard and basic device information, used to keep the product working.

From booking customers

Booking details you enter: name, phone number, optional email, chosen service, and time.

Anonymous analytics: a daily-rotated hashed visitor identifier used to count unique page views. We do not set tracking cookies and we cannot identify you from this hash.

How we use data

To provide booking and calendar functionality.

To send transactional notifications about bookings (for example, booking confirmations via WhatsApp deep links).

To keep the product secure and to detect abuse.

To answer support requests from business owners.

We do not sell personal data. We do not use your data for advertising or to train machine-learning models.

Sharing

We share data only with infrastructure providers required to run the service, under data-processing agreements:

Vercel— web hosting and serverless compute.

Neon— managed Postgres database.

Supabase— file storage for business photos.

Clerk— business-owner authentication.

We may also disclose data if compelled by valid legal process.