Skip to content

Last updated: 2 July 2026

Privacy policy

Short version: we collect only what we need to run the service, we don't sell anything, we delete on request. Long version below.

1. Data we collect

From the businesses that subscribe to ChatBooker:

  • Account info: email, name, business name, phone number, password (hashed by Supabase Auth — we never see the plaintext).
  • Business config: services, hours, pricing, calendar integration tokens, AI workflow prompts.
  • Billing info: only the last 4 digits of the card; full card data lives with our payment processor.

From the customers of those businesses (people who message the AI):

  • Phone number, name (if they share it), WhatsApp/SMS message content, booking + appointment history.
  • Inferred metadata: lead score, tags ("new lead", "client"), language, consent state.

If you're messaging a clinic or health-related business: your message content and appointment details (service type, practitioner, times) may count as health or sensitive information. That content is processed by our AI systems to handle your booking, and as described in section 3, it may be sent overseas (via OpenRouter to a US-based LLM provider) to generate a response. It is not used to train any AI model.

2. How we use it

Only to run the service: route messages to the AI, send booking confirmations + reminders, show analytics to the business owner, and improve the system (aggregated, never per-customer).

We do NOT train any AI model on your conversation data. OpenRouter (which routes to the underlying LLMs) processes message content to generate responses, but does not retain it for training under our agreement.

3. Who we share data with

  • Supabase — database + auth host (Sydney, Australia).
  • Twilio — WhatsApp + SMS message delivery, routed through Twilio's US edge infrastructure.
  • OpenRouter — AI inference routing. OpenRouter sends message content to the underlying LLM provider selected for your account, which may include OpenAI, Anthropic, or Google, and those providers are US-based. This means message content is processed offshore during every AI reply.
  • Google Calendar / Cliniko / Jane App / Square — only when YOU enable that integration, only the appointment data they need. Cliniko is region-sharded per clinic account; if your Cliniko account is provisioned on a non-Australian shard, your patient data is read from and written to that region, not Australia. Check your Cliniko account settings if this matters to you.
  • Stripe — billing (when enabled).
  • Sentry — error tracking. We strip phone numbers and email addresses from error payloads before sending.

That's it. We don't sell data to anyone. We don't run ad pixels.

4. Where data lives

Database storage is in Supabase's Sydney region (ap-southeast-2). That's where your account data, business config, and message history are stored at rest.

The application server that processes messages while they're in transit — the AI pipeline and short-term conversation state — currently runs on infrastructure hosted in Singapore, not Australia. This means personal data (message content, phone numbers) passes through Singapore while a message is being handled, even though it's stored in Sydney afterwards. We're looking at moving this to an Australian region; it hasn't happened yet, and we won't claim it has until it does.

Twilio routes through US edge for global delivery — that's a Twilio constraint we can't move.

5. Retention

  • Active accounts: data is kept while the account is active.
  • Cancelled accounts: the business account and its data are deleted on cancellation.
  • Customer message content: kept for a configurable retention window set by the business (default 90 days), after which it's deleted on a schedule.

6. Your rights

You can — at any time — email hello@mellon.chat and ask us to:

  • Export your data (we send a JSON dump — currently a manual process, so give us up to 7 days).
  • Erase your data: for an individual customer/contact, we delete their record and associated message history on request. For a business account, everything is deleted on cancellation. We keep only what we're legally required to keep, and only as long as required.
  • Correct anything we have wrong.
  • Stop processing your data for any purpose other than legal compliance.

End-customers (people who messaged a business that uses ChatBooker) can do the same — we forward the request to the business owner, then comply.

7. Cookies

The marketing site uses no third-party cookies and no tracking pixels. The dashboard sets a session cookie for login. No advertising cookies.

8. Security

TLS everywhere. Passwords hashed by Supabase Auth (argon2). Customer phone numbers stored plaintext (we need to call the messaging providers with them) but hashed (sha256) in audit logs. Row-level security on every multi-tenant table so businesses can never see each other's data — even via a bug.

9. Breach notification

If a breach involving your data happens, we'll email you within 72 hours of confirming it, with what happened, what's affected, and what we're doing about it. We'll meet the Notifiable Data Breaches scheme requirements under the Australian Privacy Act.

10. Contact

Email hello@mellon.chat with any privacy concern. We answer within one business day.