Skip to content
goldenhour

Trust & security

Your clients are yours.

No jargon, no fear-mongering. Here's how we keep your work — and your clients' details — safe, in plain words.

You own your client list

Export everything to CSV anytime — contacts and visit history included. We're the ops layer that runs your booking and payments, never a middleman between you and your clients.

Payments handled by Stripe

Card details are processed by Stripe and never touch our servers (PCI-DSS handled on their side). Payouts go straight to your bank — we don't hold your money in between.

Encrypted secrets

Third-party tokens — like your calendar credentials — are encrypted at rest with AES-256-GCM, so a connection you grant stays sealed.

Texting done right

Clients opt in explicitly, every message identifies you, and replying STOP unsubscribes instantly. The program is A2P 10DLC registered, so reminders keep landing the right way.

Privacy by law

We respect GDPR and CCPA, honor the Global Privacy Control signal, and offer a clear “Do Not Sell or Share” option. The defaults lean toward your clients' privacy, not against it.

An audit trail

Sensitive actions — exports, payouts, permission changes — are written to an append-only log, so there's always a record of what happened and when.

What we don'tdo: we don't sell your data, and we don't sit between you and your clients. The relationship is yours — we just keep the lights on.

The fine print, when you want it

Read the policies.

Still have a question?

Ask anything before you trust us with it.

We'll answer plainly — and if something's still on the roadmap, we'll say so.