ClearBook Privacy Policy

1. Who we are

ClearBook AB provides scheduling and booking tools that allow our business customers (“Tenants”) to manage services, staff, and end-customer appointments. We act both as a data controller for our own account management, and as a data processor for tenant content stored in ClearBook.

2. Information we collect

We collect the following categories of personal data:

1. Account & profile data – tenant account details (name, company name, email, role), authentication identifiers, and billing contacts.
2. Booking data – appointment metadata, customer contact details, service preferences, payment references, and notes supplied by tenants.
3. Staff information – names, roles, contact details, availability, and employment metadata created by the tenant.
4. Usage & device data – log records, IP address, browser/OS information, timestamps, and feature usage for security and analytics.
5. Support communications – messages and attachments submitted to our support channels.

Tenants are responsible for ensuring they have a legal basis to submit their customers’ personal data.

3. How we use personal data

We do not sell personal data.

4. Data sharing

We share personal data only with:

• Authorized tenant users designated by the tenant administrator.
• Sub-processors that operate infrastructure or integrations (e.g., cloud hosting, email delivery, payment gateways). We maintain an up-to-date list at /legal/subprocessors and reference it in our Data Processing Agreement.
• Professional advisors (lawyers, accountants) under confidentiality obligations.
• Public authorities when required by law or to protect rights, safety, or property.

Each sub-processor is subject to a written agreement and security review.

5. International transfers

We store primary production systems in the European Economic Area (EEA). If we transfer data outside the EEA we rely on appropriate safeguards such as Standard Contractual Clauses and continue to monitor regulatory guidance.

6. Data retention

• Active customer and staff records remain until the tenant deletes them or their account terminates.
• Soft deletions are retained for 30 days (configurable) before being purged by automated cleanup routines.
• Audit logs are stored to evidence compliance and security actions and may be retained indefinitely.
• Legal, billing, and financial records are retained for the duration required under Swedish and EU law.

When data is no longer required, it is securely deleted or anonymized.

7. Security measures

We employ role-based access controls, encryption in transit and at rest, network monitoring, vulnerability management, and regular backups. Administrative actions are logged and staff complete recurring security awareness training.

8. Your rights

Data subjects in the EEA have the right to:

• Access, correct, delete, or port their personal data.
• Restrict or object to processing in certain circumstances.
• Withdraw consent where processing is based on consent.

Requests should be directed to the relevant tenant (the data controller). If you cannot reach them or believe ClearBook is the controller, contact us at privacy@clearbook.dev. We respond within one month as required by GDPR.

9. Children’s data

ClearBook is not directed to individuals under 16. Tenants must not submit children’s data without appropriate consent and a lawful basis.

10. Changes to this policy

We may update this policy to reflect operational or regulatory changes. Material updates will be announced via the app or email at least 14 days before taking effect.

11. Contact

ClearBook AB
Attn: Data Protection Officer
privacy@clearbook.dev
Fleminggatan 5, 112 26 Stockholm, Sweden

If you believe your rights have been violated, you may lodge a complaint with your local supervisory authority or the Swedish Authority for Privacy Protection (IMY).