Customer data exposed

There is a bug that exposes customer data to service providers in the web version

I'm not sure how to file a bug report to square so here it is

Here are permission settings for Service Provider:

Screen Shot 2021-11-23 at 1.18.16 PM.png


In the settings above: Customer data should be hidden for Service Providers


When logged in as Service Provider in the Appointments iOS app, it works as expected, phone and email are hidden with dots:

IMG_7414 2.jpg



When logging in web version in Safari or clicking an appointment link in SMS notification message for Service Provider (that are sent for every new appointment) you can see the phone number and email of the customer (under red paint there is real data exposed, painted over for privacy reasons)


IMG_7415 2.jpg

Message 1 of 1