We understand Boulevard services a wide audience of businesses, from employee based to booth rentals. From a business owners perspective, we need to be protective of our information, ie guest contact info, and this issue creates a back door that anyone can access, regardless of privilege groups, and there is currently no way to limit its access.

Privilege groups can be set up which will limit access to what each group has access to. We have chosen not to allow access to the mobile app as it is a liability for our company to allow employee access to schedule and customer information on their personal devices. We have also limited access to Boulevard to the static ip of the salon. There’s a huge back door to this information in the “My Settings” drop down, specifically Calendar Integrations. Employees can copy the Boulevard URL into their personal calendars, and it displays appointments, customer full name, and phone numbers. This completely bypasses any privilege groups that are set up to limit access.

To close this security loophole, we would like to request that this feature be a toggle switch in privilege groups.