How we protect your data

Merchant accounts are protected by email + password sign-in and optional Google sign-in. Sessions use signed JWT tokens issued by our managed authentication backend, with automatic token refresh and idle-session logout in the merchant dashboard.

Administrative areas are gated by server-side role checks; client code cannot grant itself elevated access.

Application data is stored in a managed Postgres database with row-level security enabled on user-owned tables. Policies scope read and write access to the signed-in account that owns the record. Privileged server operations run only through server-side functions, never directly from the browser.

Public card pages expose only the fields a merchant has chosen to publish. Suspended cards stop serving public booking configuration and reject new analytics, contact, and booking submissions.

The site is delivered over HTTPS via a global edge network. Backend storage, authentication, and serverless functions run on managed cloud infrastructure operated by our hosting providers, under their shared-responsibility model.

For merchants: account email, business profile information you enter, cards and content you create, and operational logs needed to run the service (sign-ins, sends, errors).

For visitors of a merchant card: optional contact details you submit (name, email, phone, message), and basic analytics events (page visits, link taps) tied to the card you viewed.

We use functional cookies and local storage required for sign-in sessions and language preference. We do not sell personal information.

Merchants can edit or delete their cards and customer messages from the dashboard at any time. To request full account deletion or an export of data associated with your account, contact us at the address below.

Security questions or suspected vulnerabilities can be reported by emailing hello@thank-you.today. Please include steps to reproduce so we can act quickly.