Beta Preview — This is a test environment. Send Feedback
← Back to home

Privacy & Data Protection Policy

Last updated: April 5, 2026

1. Introduction

August Guest (“we”, “us”, “our”) operates a cloud-based waitlist and queue management platform for restaurants and barbershops. This Privacy & Data Protection Policy describes how we collect, use, store, and protect personal information when you use our Service. We are committed to transparency about our data practices. This policy applies to business owners who create accounts (“Customers”) and individuals who join queues (“Guests”).

2. Information We Collect

Business Owners (Customers)

  • Full name (first and last) and email address
  • Phone number (optional, provided at registration for account recovery and support)
  • Email verification status (we require email confirmation during registration)
  • Business information (name, type, address, phone number, operating hours)
  • Billing and payment information (processed and stored by Stripe; we do not store credit card numbers)
  • Account credentials
  • Usage data and analytics
  • IP address and device information

Queue Guests

  • Name (optional, depending on queue configuration)
  • Phone number (optional, required only for SMS notifications)
  • Email address (optional)
  • Party size
  • Queue join time and status
  • Token number (for token-based queues)
  • Device information and IP address (collected automatically)

Support Chat

  • When you use the in-app support chat widget and the assistant cannot answer your question, the following information is logged to help us improve our documentation:
  • Your role (Business Owner or Staff Member, as selected at chat start)
  • The text of your unanswered question
  • Which documentation section was searched
  • The assistant's response
  • Timestamp of the interaction

This data is used solely to identify gaps in our documentation and is not linked to your account or used for any other purpose. It is reviewed periodically and deleted on a rolling basis.

Information Collected Automatically

  • Browser type and version
  • Operating system
  • Pages visited and time spent
  • Referring website
  • IP address
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Service
  • Verify account ownership via email confirmation during registration
  • Contact account holders for support, security, or account recovery (using the phone number provided at registration, if any)
  • Process queue entries and send status notifications via SMS
  • Process payments and manage subscriptions
  • Send account-related communications (billing, security, service updates)
  • Monitor and analyze usage patterns to improve the Service
  • Detect, prevent, and address fraud, abuse, and technical issues
  • Comply with legal obligations
  • Generate anonymized, aggregated analytics for product improvement
  • Log unanswered support chat questions (without account linkage) to identify documentation gaps and improve the support assistant

We do NOT use your information to:

  • Sell personal data to third parties
  • Send marketing or promotional SMS through queue notifications
  • Build advertising profiles
  • Make automated decisions that produce legal effects concerning you

4. Data Retention & Lifecycle

We follow a strict aggregate-then-purge policy. Guest personal data is converted into anonymous aggregate statistics and then permanently deleted. We do not retain guest personal data longer than operationally necessary.

Our commitment: zero guest PII at rest

Once a queue visit, service request, or event concludes, we compute anonymous aggregate metrics (counts, averages, distributions) and permanently delete all personal information. No guest names, phone numbers, or email addresses are retained beyond their active session.

Data lifecycle by product

  • Queue guests: Personal data (name, phone, email) is aggregated into anonymous statistics and permanently deleted within 1 hour of the visit completing (seated, no-show, or left). Abandoned entries are deleted after 24 hours regardless.

What we keep

  • Aggregate analytics: Anonymous statistics only (e.g., “Tuesday 6pm: 12 parties, avg wait 8 min”). These contain no personal information and cannot be linked back to individuals. Retained indefinitely.
  • Customer account data: Business owner's own information (name, email, business details) retained for the duration of the account plus 90 days after deletion.
  • Server logs: IP addresses and access logs retained for 30 days.

Billing data

All payment and billing data is processed and stored exclusively by our payment provider, Stripe. August Guest does not store credit card numbers, bank account details, or payment credentials. Retention of billing records, invoices, and payment history is governed by Stripe's privacy policy and applicable tax law.

5. Data Sharing and Third-Party Services

We share personal information only with the following categories of service providers, solely to operate the Service:

Supabase

Database hostingAll Service data

Stripe

Payment processingCustomer billing info

Twilio

SMS deliveryGuest phone numbers, message content

Vercel

Application hostingServer logs, IP addresses

When a host enables ticketed events, guest payment data (name and email as provided during Stripe Checkout) is processed by Stripe on behalf of the host through the host's own connected Stripe account. August Guest receives only payment confirmation status (paid, pending, or refunded) via Stripe webhooks — we do not receive or store payment card details, billing addresses, or other financial information from guest ticket purchases.

We do not sell, rent, or trade personal information to third parties for their marketing purposes.

We may disclose information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect personal information, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of data at rest
  • Access controls and authentication
  • Regular security monitoring
  • Secure API key management

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

7. SMS Notifications and Consent

When a Guest provides their phone number to join a queue:

  • Mobile opt-in data and phone numbers collected through August Guest are never shared with third parties or affiliates for marketing or promotional purposes at any time.
  • The Guest consents to receiving transactional SMS notifications related to their queue status
  • Message frequency: typically 1–3 messages per queue session
  • Message and data rates may apply
  • Guests may opt out at any time by replying STOP
  • SMS notifications are transactional only — we never send marketing messages through queue notifications
  • The business Customer is responsible for ensuring proper consent is obtained from Guests

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Right to Access: Request a copy of personal information we hold about you
  • Right to Correction: Request correction of inaccurate personal information
  • Right to Deletion: Request deletion of your personal information
  • Right to Data Portability: Request your data in a machine-readable format
  • Right to Opt Out: Opt out of certain data processing activities
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise any of these rights, contact us at hello@augustguest.com.

For Guest data: Queue and service request data is automatically aggregated and permanently deleted within hours of your visit. If you need immediate deletion, use the deletion request form below or contact us.

9. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • We do not sell your personal information
  • We do not share your personal information for cross-context behavioral advertising
  • You have the right to know what personal information we collect, use, and disclose
  • You have the right to request deletion of your personal information
  • You have the right to opt out of the sale or sharing of your personal information (not applicable as we do not sell or share)
  • You will not be discriminated against for exercising your rights

Categories of personal information collected: Identifiers (name, email, phone number, IP address), commercial information (billing records), internet activity (usage data), and professional information (business details).

11. Children's Privacy

The Service is not directed at individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at hello@augustguest.com.

12. Cookies and Tracking

We use essential cookies to maintain session state and authentication. We do not use third-party advertising cookies or cross-site tracking technologies. You can configure your browser to refuse cookies, but some features of the Service may not function properly without them.

13. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected individuals without unreasonable delay, and in any event within 72 hours of becoming aware of the breach
  • Notify applicable state authorities as required by law
  • Provide information about the nature of the breach, the types of information involved, and steps being taken to address it

14. Geographic Restriction

The Service is intended for use in the United States only. August Guest does not offer the Service to residents of the European Economic Area (“EEA”), the United Kingdom, or Switzerland. If you are located in any of these jurisdictions, you are prohibited from creating an account or using the Service.

As a result, August Guest does not represent or warrant compliance with the General Data Protection Regulation (GDPR), the UK GDPR, the Swiss Federal Act on Data Protection (FADP), or any other data protection law specific to EEA member states, the United Kingdom, or Switzerland. If you access the Service from outside the United States in violation of this restriction, you do so at your own risk and August Guest assumes no responsibility for compliance with your local laws.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. For material changes, we will provide notice via email or within the Service at least 30 days before the changes take effect. Continued use of the Service after changes take effect constitutes acceptance.

16. Contact Us

For privacy-related questions or to exercise your rights:

Email: hello@augustguest.com

17. Data Deletion

Business owner account deletion

To delete your business account and all associated data, go to your Dashboard → Billing → Delete Account.

Guest data deletion request

Guest personal data is automatically aggregated into anonymous statistics and permanently deleted within hours of your visit completing. If it has been more than a few hours, your personal data has already been removed from our servers.