Introduction
Your business runs on the data you keep in Bella Booking — client records, appointments, notes and payments. This page explains, in plain terms, how that data is protected and where it lives. If you work in a clinical, allied-health or med-spa setting and need something more formal for your own compliance, get in touch at hello@bellabooking.com.Sign-in and accounts
Authentication is handled by Auth0, a specialist identity provider, on its Australian region. You can sign in with Google, Apple, or email and password. Passwords are never stored by Bella Booking — Auth0 manages credentials, and card entry never touches our own systems (see Payments). Access inside your business is role-based: each team member’s permissions are set by their role, so people only see and do what their role allows. You manage this from Team Permissions, and a team member can only sign in once you’ve given them App Access.Encryption
- In transit: all traffic between your browser or device and Bella Booking is encrypted over HTTPS/TLS (1.2 or higher) — data is never sent in the clear.
- At rest: client and business data is encrypted at rest (AES-256) by our database and storage providers.
- Tokens: payment and integration tokens are additionally wrapped with encryption keys held in Azure Key Vault, which only the application’s managed identity can use — not individuals.