← Back to StrixBook

Privacy Policy

Effective date: May 30, 2026

1. Who we are

StrixBook is an appointment-booking platform operated by STRIX, LLC, a Virginia limited liability company ("STRIX," "we," "our," or "us"), reachable at contact@strixstudio.com. This Privacy Policy explains how we handle personal information.

Two roles. When you create a StrixBook account, we are the controller of your account and business information. When a business uses StrixBook to take bookings from its own clients, that business is the controller of its clients' booking data and StrixBook acts as a processor on the business's behalf — we process that data only to provide the service and per our agreement with that business.

2. Information we collect

  • Account and business information (name, email, phone, business details).
  • Booking information submitted through a business's widget (client name, email, phone, appointment details, and any preferences the client provides).
  • Payment information — processed by our payment provider (Stripe). We do not store full card numbers on our systems.
  • Usage and device data collected automatically (e.g., log data, approximate location from IP, and analytics) to operate and improve the service.

3. How we use information

  • To create and manage accounts and process appointments.
  • To send confirmations, reminders, and service-related messages.
  • To process subscriptions and payments.
  • To provide support and to maintain, secure, and improve the service.
  • To comply with legal obligations and enforce our terms.

4. Legal bases (EEA/UK)

Where the GDPR or UK GDPR applies, we rely on: performance of a contract (to provide the service), legitimate interests (to secure and improve the service), consent (where required, e.g., certain cookies), and legal obligation. Where StrixBook acts as a processor, the relevant business customer is responsible for the legal basis for its clients' data.

5. How we share information; subprocessors

We do not sell your personal information. We share it only with:

  • The business you book an appointment with (so it can fulfill your appointment).
  • Service providers ("subprocessors") who help us run StrixBook, under contract and only as needed:
    • Supabase — database and backend hosting
    • Vercel — application hosting and analytics
    • Stripe — payment processing
    • Resend — transactional email delivery
    • Cloudflare — bot protection (Turnstile)
    • Upstash — rate limiting
  • Legal authorities where required by law, or to protect rights and safety.
  • A successor entity in connection with a merger, acquisition, or asset sale.

6. Data retention

We keep account and booking data for as long as your account is active and as needed to provide the service, then for a reasonable period to meet legal, tax, and accounting obligations, after which it is deleted or anonymized. Business customers may request deletion of their data as described below.

7. International transfers

Our infrastructure is operated primarily in the United States. If you access StrixBook from outside the United States, your information may be transferred to and processed there. Where required, we rely on appropriate safeguards (such as the EU Standard Contractual Clauses) for cross-border transfers.

8. Security

We use technical and organizational measures appropriate to the risk, including encryption in transit, access controls, and trusted infrastructure providers. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Your rights

Depending on where you live, you may have the right to access, correct, delete, port, or restrict the processing of your personal information, to object to processing, and to withdraw consent.

EEA/UK (GDPR): you may exercise the rights above and lodge a complaint with your local supervisory authority.

California (CCPA/CPRA): you may request access to and deletion of your personal information and may correct it. We do not sell or "share" personal information for cross-context behavioral advertising, and we do not discriminate against you for exercising your rights.

To make a request, email contact@strixstudio.com. If your data was submitted through a business's booking widget, we will direct your request to that business (the controller) and assist as its processor.

10. Cookies and analytics

We use strictly necessary cookies to operate the service and limited analytics to understand usage. Where required by law, we will ask for your consent before using non-essential cookies. You can control cookies through your browser settings.

11. Children

StrixBook is not directed to children under 16, and we do not knowingly collect their personal information. If you believe a child has provided us information, contact us and we will delete it.

12. Business customers (data processing)

If you use StrixBook to collect your clients' data, you are the controller and we are your processor. A Data Processing Agreement (DPA) is available on request at contact@strixstudio.com.

13. Changes to this policy

We may update this policy from time to time. We will revise the effective date above and, for material changes, provide additional notice.

14. Contact

Questions or requests: contact@strixstudio.com.