Privacy Policy
This Privacy Policy explains what personal data OpenBook collects, why we collect it, how long we keep it, and what rights you have over it. We've written it to be readable, not just compliant.
OpenBook is operated by OpenHouse AI Limited (“we”, “us”), an Irish company. We are the data controller for the personal data described in this policy.
- Registered office: Ballinvarosig, Carrigaline, Co. Cork, Ireland
- Data contact: sam@openhouseai.ie
1. Who this policy covers
This policy covers two groups:
- Businesses — owners and staff who sign in to OpenBook to manage bookings.
- Consumers — people who use OpenBook (signed in, or as guests) to book services.
We treat both groups' data with the same level of care, but we collect different things from each.
2. What we collect, and why
From businesses (account holders)
| Data | Why we have it | Source |
|---|---|---|
| Name and email | To create the account and contact you | You provide it (or via Google/Apple sign-in) |
| Business name, address, phone, website | To list your business publicly | You provide it during onboarding |
| Logo, photos, descriptions | To display your booking page | You upload them |
| Business hours, services, pricing | To run the booking engine | You configure them |
| Stripe Connect account details | To pay you out for bookings | You authorise Stripe; we receive a Stripe ID, not bank details |
| Booking and customer data for your business | To run your business on the platform | Generated as your customers book |
| WhatsApp number and conversation history (if Pro tier) | To run the WhatsApp bot for you | Generated when customers message you |
| Subscription and billing data | To manage your subscription | Generated as you subscribe |
From consumers
| Data | Why we have it | Source |
|---|---|---|
| Name, phone, email | To confirm and remind about bookings | You provide it at checkout |
| Booking history | To show you upcoming and past bookings | Generated by your bookings |
| Saved businesses (favourites) | To populate your home screen | You favourite a business |
| Payment card details | To process the booking | Sent directly to Stripe — we never see or store these |
| Account credentials (if signed in) | To recognise you across visits | You provide via Google, Apple or magic link |
Automatically collected (both groups)
| Data | Why we have it |
|---|---|
| IP address, browser type, device | Security, fraud prevention, debugging |
| Page views (anonymous, no cookies) | To understand what's working — see Cookies section |
| Crash and error logs | To fix bugs |
3. Our lawful basis (GDPR Article 6)
We process personal data on these bases:
- Contract — most processing happens because you (consumer or business) have asked us to provide a service. Booking processing, account management, payment processing, sending booking confirmations.
- Legitimate interest — running the platform, fraud prevention, security, anonymous analytics. We've assessed that our interest doesn't override your rights.
- Consent — for any future marketing emails, optional cookies, or Instagram content pulling. We'll always ask first and you can withdraw at any time.
- Legal obligation — keeping financial records (Stripe transaction records) for tax purposes.
4. Where your data lives
Your data is stored in the European Union. Specifically:
- Database (Supabase) — Dublin, Ireland (AWS eu-west-1).
- Hosting (Vercel) — primarily served from Dublin (dub1) edge.
- Files (Supabase Storage) — Dublin, Ireland.
5. Who we share data with (sub-processors)
We use third parties to deliver parts of the service. Each one only gets the data they need to do their job, and each is contractually required to handle it according to GDPR.
| Sub-processor | What they do | Data they see | Where |
|---|---|---|---|
| Supabase | Database, auth, storage | All operational data | EU (Ireland) |
| Vercel | App hosting and edge functions | All data passing through requests | EU + global edge |
| Stripe | Payment processing, payouts | Card details, transaction data, business KYC | Global; EU contracts |
| Resend | Transactional email | Recipient email, message content | US (under SCCs) |
| OpenAI | AI insights, AI assistant features (Pro tier) | Aggregated booking data; never raw customer data | US (under SCCs); no model training on your data |
| Meta (WhatsApp Cloud API) | WhatsApp bot (Pro tier, opt-in) | WhatsApp messages, phone numbers | US (under SCCs) |
| AI assistants (ChatGPT, Claude, Gemini, others) | Pull public business data via our MCP server | Business name, services, prices, live availability, location | Global; queries originate from each provider |
AI assistants are not sub-processors in the strict GDPR sense — they query our public MCP server rather than processing data on our behalf. We've included them in this table so you can see where business-level data flows out of OpenBook. The MCP integration is a Pro-tier feature; businesses on Free or Growth tiers are not included in MCP responses.
We do not sell, rent, or share your data with advertisers, data brokers, or anyone else not listed above.
For US-based sub-processors (Stripe, Resend, OpenAI, Meta), data transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission. This is the legal mechanism under GDPR for sending personal data outside the EEA.
6. How the OpenBook MCP server shares data with AI assistants
OpenBook operates a public MCP (Model Context Protocol) server at mcp.openbook.ie. AI assistants like ChatGPT, Claude, and Gemini query this server when their users ask to find or book a service. This section explains exactly what data each tool exposes, so you can decide whether to enable AI distribution (Pro-tier feature; off by default on Free and Growth).
The MCP server is anonymous-first — assistants do not authenticate to use it. Anyone, including bad actors, can query the server. The data exposed has therefore been designed to be safe-by-default to share publicly:
Tools that read public business data only:
- search_businesses, get_business_info, get_availability, get_promoted_inventory: return business name, slug, category, location summary (city), services with names, durations and prices, opening hours, public ratings and review count, and recent review highlights (already redacted of any reviewer-identifying detail).
Tools that touch a specific user's data:
- hold_and_checkout: when a user (via their assistant) wants to book, they may pass their name, email, phone, and a short note in ‘customer_hints’. We use these to pre-fill the checkout form and to identify the user if they ask the assistant to follow up. The hints are stored on the booking row only after the user actually completes the booking on our checkout page.
- check_booking_status: returns the booking's status, and if the booking is confirmed, returns the email address the user entered at checkout (so the assistant can confirm to the user). This is the only field across all tools where user PII flows back to the calling assistant. Users who do not want this disclosed should ask their assistant to forget the booking after confirmation.
- join_waitlist: the user provides email/phone to be notified when a slot opens. We store these on the waitlist row. Notifications are sent by us (via Resend for email; SMS deferred to a future release) and not by the assistant.
- record_post_booking_feedback: the user's verbatim words and rating are stored on the booking. This data is never shared with the assistant beyond a short acknowledgement message.
Logging: we keep a server-side log of MCP queries for operational and analytics purposes. The log includes the query text (e.g. ‘haircut in Dublin tomorrow’), the identifier of the calling assistant if known, the businesses returned, and a timestamp. We do not log the customer_hints payload of hold_and_checkout. Logs are retained for 90 days and are not shared with third parties.
Caching: to keep response times fast and costs predictable, we cache the output of our intent classifier (which uses OpenAI to interpret natural-language queries) for 24 hours. The cache is keyed on the canonicalised query text. The cache contains query text only — no user-identifying information.
7. AI and your data
This deserves its own section because people ask.
- OpenAI is used for AI insights (analysing your business's anonymised aggregated data to surface “you have 3 empty slots Friday — try a flash sale”) and the AI assistant. We send OpenAI summaries and aggregates, not raw customer records.
- OpenAI does not train on data sent through their API, per their published API data policy. We do not opt into any “improve our models” setting.
- We never use your data, your customers' data, or anyone's bookings to train our own AI models. We don't have AI models — we use third-party APIs.
- See Section 6 for a complete description of how the OpenBook MCP server shares data.
8. How long we keep your data
| Data | Retention |
|---|---|
| Active account data | For as long as your account is active |
| Booking records | 7 years (Irish tax/accounting requirement) |
| Customer-facing booking page after account closure | 30 days, then archived for 12 months, then deleted |
| Backups | 30 days rolling |
| Payment transaction records (Stripe) | Per Stripe's policy, typically 7+ years |
| WhatsApp conversation history | 24 months from last activity |
| Anonymous analytics | Indefinite (no personal data) |
When you ask us to delete your data, we delete it from our active systems within 30 days, and from backups within a further 30 days. We may retain records we're legally required to keep (tax records, fraud investigations).
9. Your rights
Under GDPR you have the right to:
- Access — ask for a copy of the personal data we hold about you.
- Rectify — correct anything that's wrong.
- Erase — ask us to delete your data (“right to be forgotten”), subject to legal retention rules above.
- Restrict processing — ask us to stop processing while a query is being resolved.
- Portability — get your data in a structured machine-readable format. (You can do this directly from the dashboard at any time — full CSV export.)
- Object — object to processing based on legitimate interest.
- Withdraw consent — for anything we do based on consent (marketing, etc.).
- Lodge a complaint — with the Irish Data Protection Commission (dataprotection.ie) if you think we've handled your data wrongly.
To exercise any of these, email sam@openhouseai.ie. We'll respond within 30 days.
10. Security
We protect data with:
- HTTPS everywhere (TLS 1.3)
- Row-level security on every database table
- Authentication via Google, Apple, or signed magic-link emails (no passwords for us to leak)
- Card data never touches our servers (handled directly by Stripe)
- Restricted access to production data — only Sam Donworth currently has it
- Encrypted at rest (Supabase default)
If we ever discover a personal data breach, we'll notify the Irish DPC within 72 hours and tell affected users without undue delay, as required by GDPR.
11. Children
OpenBook is not intended for users under 16. We don't knowingly collect data from anyone under 16. If you believe we've inadvertently collected such data, email sam@openhouseai.ie and we'll delete it.
12. International users
OpenBook is targeted at the Irish market. If you're using it from outside Ireland (e.g. a tourist booking an Irish service), the same protections apply — your data is still hosted in the EU.
13. Changes to this policy
If we change this policy in a material way, we'll email you and show the changes at openbook.ie/privacy with a new effective date. Minor wording fixes won't trigger a notification.
14. Contact
Data queries: sam@openhouseai.ie
Post: OpenHouse AI Limited, Ballinvarosig, Carrigaline, Co. Cork, Ireland
Supervisory authority (Ireland):
Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28
dataprotection.ie