Privacy Policy

Last updated: May 15, 2026

North Star Booking (the “Service”) is an appointment scheduling application operated by North Star Integrations (“North Star Integrations,” “we,” “us,” or “our”), a business based in Omaha, Nebraska, United States. This Privacy Policy explains what information the Service collects, how we use it, who we share it with, and the choices you have.

This policy applies to the North Star Booking application hosted at booking.nsintegrations.com and its booking pages and embeddable widget. It is separate from the privacy policy of the North Star Integrations marketing website at nsintegrations.com.

Who This Policy Covers

The Service is used by two kinds of people:

  • Account holders— business owners and operators who create an account to manage appointment types, availability, and bookings.
  • Customers— people who book an appointment through an account holder’s booking page. When a customer books an appointment, the account holder is the controller of that customer’s information, and North Star Integrations processes it on the account holder’s behalf.

Information We Collect from Account Holders

  • Account details— your name, email address, and, if you sign up with a password, a securely hashed password.
  • Business profile — your business name, time zone, logo image, brand color, appointment types, and availability settings.
  • Google sign-in data — if you sign up or sign in with Google, we receive your name, email address, and Google account identifier. See Information Accessed Through Google APIs below.
  • Operational records — basic logs needed to run the Service, such as email delivery counts and security and rate-limiting events.

Information We Collect from Customers

When a customer books an appointment through an account holder’s booking page, we collect the information needed to create and manage that booking:

  • Name, email address, and phone number
  • Any message or answers to questions the account holder has added to their booking form
  • The appointment type, date, and time, and any later cancellation or reschedule

This information is used to confirm the appointment, send related emails, and let the account holder manage their schedule.

Information Accessed Through Google APIs

If you choose to sign in with Google or connect your Gmail account, the Service accesses a limited set of Google data through Google APIs. We request only the permissions described here.

Sign-in (OpenID, email, profile)

We use your Google account’s basic profile information — name, email address, and account identifier — to create and identify your North Star Booking account.

Sending email on your behalf (gmail.send)

If you connect Gmail, the Service requests the https://www.googleapis.com/auth/gmail.send permission. This permission is used for one purpose only: to send your customers’ appointment confirmation, reminder, and cancellation emails from your own Gmail address, so the emails come from you rather than from a generic system address.

The gmail.send permission only allows sending. The Service does not read, search, import, download, modify, or delete any message in your mailbox, and it does not access your Gmail inbox, drafts, labels, or contacts.

To send these emails, Google issues the Service an access token and a refresh token for your account. Refresh tokens are stored encrypted (AES-256-GCM) and are used only to obtain new access tokens for sending email. You can disconnect Gmail at any time from your account settings, which revokes the stored token.

Limited Use Disclosure

North Star Booking’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, data obtained through Google APIs is used solely to provide and improve the user-facing features described above. We do not use this data for advertising, we do not sell it, and we do not transfer it to others except as needed to provide the Service, to comply with applicable law, or as part of a merger or acquisition. We do not allow humans to read this data unless we have your consent for a specific message, it is necessary for security purposes or to comply with applicable law, or the data has been aggregated and anonymized.

How We Use Information

  • To create and operate account holders’ accounts
  • To display booking pages and process appointment bookings
  • To send transactional emails — confirmations, reminders, and cancellation or reschedule notices
  • To secure the Service, prevent abuse, and enforce rate limits
  • To diagnose problems and improve the Service

We do not use your information for advertising, and we do not sell or rent it to anyone.

How Information Is Shared

We share information only with service providers that help us operate the Service, each of which handles data under its own privacy and security commitments:

  • Supabase— secure database hosting and authentication for account and booking data.
  • Vercel— application hosting and infrastructure.
  • Google— sign-in and, for connected accounts, Gmail email delivery.

We may also disclose information if required by law or to protect the rights, safety, and security of our users and the Service. Booking information is shared with the account holder whose booking page received the booking, as described above.

Data Retention

We retain account and booking information for as long as an account remains active and as needed to provide the Service. When an account is deleted, its data is removed within a reasonable period, except where we are required to retain certain records to comply with legal obligations.

Your Choices and Data Deletion

  • You can review and update your account and business profile information at any time from within the Service.
  • You can disconnect Gmail from your account settings, which revokes the Service’s ability to send email on your behalf.
  • You can request deletion of your account and associated data by contacting us at communications@nsintegrations.com. We will remove your information within 30 days of a verified request.
  • Customers who booked an appointment can request correction or deletion of their booking information by contacting the business they booked with, or by contacting us at the address above.

Security

We take reasonable measures to protect your information. Connections to the Service are encrypted in transit, Google refresh tokens are stored encrypted at rest using AES-256-GCM, and access to data is restricted to what is needed to operate the Service. No method of transmission or storage is completely secure, but we work to protect your information and to address vulnerabilities promptly.

Children’s Privacy

The Service is intended for businesses and adults. It is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. We encourage you to review this page periodically.

Contact Us

If you have questions about this Privacy Policy or how your information is handled, contact us at communications@nsintegrations.com.

See also our Terms of Service.