Privacy Policy

1.1. For Agencies (Our Customers): We collect your name, email address, and business information necessary to provide our service. We also store your stripe_account_id to facilitate Stripe Connect integrations.

1.2. For End-Clients (Agency's Clients): When an end-client uses an Intent Link to verify a booking, we collect their name and email address on behalf of the Agency. We do not collect, store, or process full credit card numbers. All payment and card verification data is transmitted directly to Stripe via Stripe Elements.

1.3. Role of the Agency: The Agency that created the Intent Link is the Data Controller for their clients' personal data. Intent acts as a Data Processor on behalf of the Agency. We process end-client data (name, email, booking details) solely as instructed by the Agency and in accordance with our Terms of Service. Intent is not responsible for how Agencies use or further process this data. End-clients with data requests should contact the Agency directly.

1.4. Cookies: We do not use tracking, analytics, or advertising cookies. Our platform relies on third-party infrastructure providers that may set strictly necessary cookies in accordance with their own privacy policies:

• Supabase — authentication and session management. Supabase Privacy Policy
• Stripe — secure payment processing and fraud prevention. Stripe Privacy Policy
• Cloudflare — content delivery, DDoS protection, and platform hosting. Cloudflare Privacy Policy

We use the collected data to:

• Provide, operate, and maintain our platform
• Send administrative emails and booking verifications
• Respond to customer support requests

We share information with trusted third parties exclusively for operating our service:

• Stripe: For payment processing, subscription management, and card verification via SetupIntents.
• Supabase (AWS): For secure database storage and authentication.
• Resend: For sending transactional emails.
• Cloudflare: For content delivery and DDoS protection. Our platform is hosted on Cloudflare Pages.

We retain your data for as long as your account is active. Upon account deletion, your personal data is removed within 90 days, except where retention is required by applicable law or for legitimate business purposes (e.g., financial records).

If you are a resident of the EEA or California, you have the right to access, update, or delete your personal data. Agencies can delete their accounts directly from the dashboard. End-clients wishing to delete their data should contact the respective Agency (the Data Controller), and we will assist the Agency in fulfilling the request.

If you have any questions about this Privacy Policy, please contact us at hello@timeintent.co .