Legal
Membership, Entitlements & Eligibility
Effective date: April 15, 2026
1. How Access Works
CoreBookin separates access control into four independent concerns:
- Membership — defines who belongs to a business and in what role.
- Authorization — defines what actions a role is permitted to perform within that business.
- Entitlements — defines which premium features the business account has access to, based on its current subscription state.
- Payments — billing events that change entitlement state only. Payments never create, change, or remove memberships.
The core access rule: for any premium action to proceed, both the role capability and the business entitlement must be satisfied. Either alone is insufficient.
2. Roles and Capabilities
Each account is assigned exactly one role within a business context. The four roles are:
Owner
Full control over a single business tenant. One owner per business. Owners can manage all bookings, services, staff, hours, and business settings. Owners are the only role permitted to manage notification channels, view billing usage, manage payments, and invite or remove staff members.
Staff
Operational access within the business: create and manage bookings, view schedules, view notification delivery logs. Staff members cannot access billing information, change channel settings, or manage other staff members. Staff accounts are created by owner invitation only.
Customer
Customers can view and manage their own bookings, respond to attendance RSVPs, and update their own notification preferences (including SMS consent and opt-out). Customers have no access to business operational data or other customers' records.
Platform Administrator
Internal CoreBookin operators only. Platform admins have cross-tenant read access for support and compliance purposes, can perform manual entitlement grants and revocations (with full audit trail), and can override role-based access where required. This role cannot be self-assigned and is not available to business owners or customers.
3. Permission Summary
| Action | Owner | Staff | Customer |
|---|---|---|---|
| Manage bookings | ✓ | ✓ | Own only |
| Manage services and hours | ✓ | ✓ | — |
| Manage staff members | ✓ | — | — |
| Configure notification channels (email/SMS) | ✓ | — | — |
| View notification delivery logs | ✓ | ✓ | — |
| Manage billing and payments | ✓ | — | — |
| Update own notification preferences | ✓ | ✓ | ✓ |
4. Entitlement Catalog
Entitlements are held at the business level. All staff of a business share the same entitlement state.
SMS Notifications
A binary (on/off) business-level entitlement. When active, the business may send SMS booking confirmations, reminders, and update messages to customers who have provided explicit consent. Requires both an active entitlement and the appropriate business channel settings to be enabled.
Staff Seats
A quota-based entitlement that controls the maximum number of active staff members permitted on the account. The base plan includes a standard allowance. Purchasing additional staff seat capacity raises this quota. Seat limits are enforced on staff create, reactivate, and invite-create actions.
Advanced Reporting (Planned)
Not available in the current release phase. Access-gated stubs are visible in the admin interface for owners.
Premium Automations (Planned)
Not available in the current release phase. Access-gated stubs are visible in the admin interface for owners.
5. Entitlement Lifecycle States
| State | Meaning |
|---|---|
| trialing | Feature is active under a time-limited trial. No charge until trial expires. |
| active | Fully paid and operational. All premium features within the entitlement are available. |
| grace_period | Renewal payment failed. Feature remains active temporarily while payment is retried. Stricter quota limits may apply. |
| expired | Entitlement is inactive. Premium execution is blocked. Configuration is preserved. |
| manually_granted | Granted by an internal CoreBookin operator for support, promotional, or audit purposes. Carries full audit metadata. |
6. Eligibility Requirements
- You must be 18 years of age or older to create or manage a business account.
- SMS add-on eligibility requires a valid registered US phone number and compliance with carrier campaign registration requirements (10DLC). Businesses using SMS are responsible for meeting all applicable telecommunications regulations.
- Staff seat expansions take effect immediately upon successful payment. Seat count reductions take effect immediately on downgrade or expiry.
- Manual entitlement grants are available at CoreBookin's discretion and must carry documented operator identity, reason, and timestamp. They cannot be self-requested.
7. Enforcement
Entitlement and authorization rules are enforced at multiple layers: API route handlers, service-layer business logic, background workers, and webhook-triggered workflows. The frontend (web interface) provides display and navigation guidance only and is never the sole enforcement point.
Business owners and staff cannot self-override premium access. Only internal platform administrators may perform manual overrides, subject to audit requirements.
8. Changes to This Policy
CoreBookin may update role capabilities or entitlement rules as new features are released. Significant changes will be communicated via email or in-app notice before they take effect.
9. Contact
Questions about membership or entitlements: [email protected]