Legal

Privacy Policy

Last updated: April 19, 2026

The short version. You're a service pro. You signed up so your customers can book you directly. We collect only what we need to make that happen, we use it only for that, and we don't sell it. Not to advertisers, not to anyone. Your customer data belongs to you. Full details below, no legalese.

1. Who we are

This site and the platform behind it are operated by Service Pro Stream, LLC (also serviceprostream.com). When this policy says "we," "us," or "the platform," we mean Service Pro Stream, LLC (also serviceprostream.com). When we say "you" or "your account," we mean the service business (tenant) that signs up to use the platform. We'll call your customers (the people booking appointments with you) "customers" throughout.

2. What we collect

From you (the business)

  • Your name, business name, email address, and phone number.
  • Your business address, service area, and operating hours.
  • Technician profiles you add (names, contact info, availability).
  • Payment details: handled by Stripe, never stored by us (see Section 5).
  • Anything you type into the dashboard: service catalog items, notes, custom pricing.

From your customers (on your behalf)

  • Name, phone number, email address.
  • Service address and appointment details.
  • Notes they share when booking (e.g. "the fridge is making a grinding noise").
  • Optionally, photos or dataplate images if they choose to upload them.

Your customers provide this information to you, through your booking portal or booking widget, and we process it on your behalf to run the appointment. You're the data controller for your customer records; we're a sub-processor.

Automatically, when anyone uses the platform

  • IP address, browser type, and device type.
  • Approximate location derived from IP (city-level, not pinpoint).
  • Pages visited and actions taken: used for debugging and security.
  • Session cookies to keep you logged in.

3. How we use the data

  • Running your service. Dispatching appointments, managing your schedule, showing customers their confirmations, running the booking widget on your website.
  • Operational messages. Appointment confirmations, reminders, and status updates, only about a specific customer's appointment. Never marketing.
  • Billing. Stripe charges your subscription; we pass along plan and usage context.
  • Security. Detecting abuse, preventing fraud, enforcing rate limits.
  • Improving the platform. Anonymised, aggregated usage metrics so we know which features work and which don't.

We do not use your data or your customers' data to train general-purpose AI models, target ads, or build shadow profiles. That's not our business and it never will be.

4. Notifications to your customers

Every message we send on your behalf, text or email, is about a specific customer's specific appointment. A booking confirmation, a reminder, a tech-on-the-way ping, a follow-up. That's the whole list.

No marketing. No promotions. No "just checking in." You choose which events fire notifications inside your location's settings. If you turn them all off, we send nothing.

5. Third-party services we use

A service platform works because it plugs into other services. Here are the ones we hand data to, and why:

  • Stripe: processes your subscription payment. Card data lives with Stripe and is PCI DSS compliant on their side. We never see or store raw card numbers.
  • Twilio: sends the SMS messages you enable.
  • Email delivery partner: sends the email messages you enable.
  • Mapping and geocoding: turns addresses into coordinates so the routing engine can decide which tech is in range.
  • Cloud storage: holds uploaded photos and dataplate images. Private buckets; access is granted per-request via short-lived signed URLs.
  • Cloud hosting: runs the servers and databases that make the platform go.

Each of these receives only the data it needs to do its job. They're contractually bound to handle it per their own terms and applicable law.

6. Your data stays yours

Your customer records are yours. Your appointment history is yours. If you cancel your subscription, you can export everything. If you ask us to delete it, we delete it (subject to short legal/accounting retention where the law requires it).

We don't sell your data. We don't rent it. We don't share it with third parties for their own marketing.

7. Security

  • Traffic is encrypted in transit with HTTPS. Plain HTTP is refused outright.
  • Passwords are hashed with industry-standard algorithms; we can't recover a password, only reset it.
  • API keys are hashed at rest; the raw key is shown once at generation and then only the hash is stored.
  • Database backups are encrypted.
  • Tenant isolation is enforced at every query; one business's data never leaks into another's surface.

No system is unbreakable. If we ever discover an incident that affects your data, we'll tell you: fast, clearly, and with specifics.

8. How long we keep it

  • Active account: as long as you use the platform.
  • Cancelled account: we keep a soft-deleted copy for 90 days in case you change your mind, then we purge operational data.
  • Billing records: retained for 7 years as required by tax and accounting rules.
  • Security logs: retained for up to 1 year for incident response.

9. Cookies

We use a small number of cookies, all first-party, all essential:

  • A session cookie to keep you logged in.
  • A CSRF cookie to protect against cross-site request forgery.
  • If we ever run analytics (Google Analytics 4, disabled by default), it only starts when enabled and respects Do Not Track.

No third-party ad trackers. Ever.

10. Your rights

You can:

  • Access and correct your own account information from the dashboard.
  • Export your data on request.
  • Delete your account and associated data.
  • Opt your customers out of messages at any time (the "send reminders" master toggles in Notifications).

If you're a customer of one of our tenants, talk to the business that booked your appointment first; they control your record. If you can't reach them, email us and we'll help.

11. Children

The platform isn't directed at children under 13 (or 16 where local law sets the threshold higher). We don't knowingly collect data from children. If a child's data ends up in our system because a parent booked an appointment, it's incidental and handled under the normal rules above.

12. International data

Our servers are based in the United States. If you access the platform from outside the US, your data will be transferred here and processed under US law. We work with vendors who offer standard contractual clauses for cross-border transfers where applicable.

13. Changes to this policy

We'll update this policy when the platform changes meaningfully: a new processor, a new data type, a new retention schedule. When that happens, we'll bump the "Last updated" date at the top and send active accounts an email pointing to the change.

14. Contact

Questions, concerns, requests? Email Jason@serviceprostream.com. Real human, usually in a van between jobs, but we'll get back to you.

Read the Terms of Service