Privacy Policy

Last updated: February 16, 2026

1. Introduction

Lapdog Booking ("we," "our," or "us") operates a booking and invoicing platform for traveling instructors and coaches. This Privacy Policy describes how we collect, use, and protect your personal information when you use our platform.

2. Information We Collect

Information you provide:

• Account information: Name, email address, and phone number when you create an account or are added as a client.
• Booking information: Dates, locations, session types, and booking preferences.
• Payment information: Payment method preferences (Venmo, Zelle, etc.). We do not process or store credit card numbers.
• Communications: Messages sent through the platform, including booking confirmations and invoices.

Information collected automatically:

• Usage data: Pages visited, features used, and general interaction patterns.
• Device information: Browser type, operating system, and device identifiers.
• Cookies: Session cookies required for authentication and security (CSRF protection).

Information from third parties:

• Google Calendar: When an instructor connects their Google Calendar, we access calendar event data to manage availability and scheduling. We store encrypted OAuth tokens to maintain this connection.

3. How We Use Your Information

• Process and manage bookings between instructors and clients
• Generate and send invoices
• Send booking confirmations, reminders, and notifications via email
• Sync bookings with Google Calendar when connected
• Provide customer support
• Maintain platform security and prevent fraud

4. Information Sharing

We do not sell your personal information. We share information only in the following circumstances:

• Between instructor and client: Booking details are shared between the parties involved in a booking.
• Service providers: We use third-party services for email delivery (SMTP), hosting (Heroku), and calendar integration (Google Calendar API).
• Legal requirements: When required by law, court order, or governmental authority.

5. Data Security

We implement industry-standard security measures to protect your data, including:

• AES-256-GCM encryption for sensitive credentials (SMTP passwords, Google OAuth tokens)
• HTTPS encryption for all data in transit
• Secure session management with HTTP-only cookies
• CSRF protection on all state-changing operations
• Rate limiting to prevent abuse

6. Google API Services

Our use of Google Calendar data complies with the Google API Services User Data Policy, including the Limited Use requirements. We only access Google Calendar data to:

• Display instructor availability
• Create, update, and delete booking events
• List available calendars for selection

We do not use Google Calendar data for advertising or share it with unrelated third parties.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Booking and invoice records are retained for business and legal compliance purposes. You may request deletion of your account and personal data by contacting us.

8. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Disconnect Google Calendar integration at any time through the admin settings

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify affected users of material changes via email or platform notification.

10. Contact Us

If you have questions about this Privacy Policy, please contact us at evan@lapdogmarketing.com.