Why bother with deposits — won't they reduce conversion?

They will. The question is whether the conversion drop is smaller than the no-show drop. In our experience and in industry-standard discussions, no-show rates without deposits commonly fall in the 15–25% range for spa appointments; with a non-trivial deposit they typically drop into single digits. Whether a 2–3 percentage-point conversion drop is worth a 15-point no-show drop depends on your unit economics — but it usually is.

How big should the deposit be?

Big enough that walking away costs the guest something real, small enough that walking up to checkout doesn't feel adversarial. We default to 25% of treatment value or a flat $30–$50 floor, whichever is higher. We've seen full-prepay flows work for very high-end treatments where the operator wants the no-show signal to disappear entirely; we've seen $20 holds barely move no-show numbers at all. The right answer is bracketed by your no-show rate.

Can we use Calendly or a generic scheduling tool for the spa?

For a single therapist running a small practice, sometimes yes. For a multi-room spa with treatment-specific resource constraints (this treatment needs Room 2 because it's the only one with the steam shower; this therapist is the only one trained on that modality), generic tools fall down because they don't model the resource graph. You end up with double-bookings the system shouldn't have allowed.

What about no-shows even after the deposit is captured?

They still happen, just less often. The deposit doesn't fully refund on no-show — that's the policy, communicated clearly, enforced automatically. The friction-of-loss is the deterrent. We also send confirmation reminders 24h and 2h before the appointment. The 24h reminder catches forgetfulness; the 2h reminder catches genuine schedule conflicts where the guest will reach out to reschedule rather than no-show.

Does this work for non-spa appointment businesses (clinics, salons)?

Yes — the same patterns apply. The data model around treatments, resources, therapists, and deposit policies is general enough that we've used near-identical schema for adjacent appointment-driven verticals. The hospitality-specific lift is the integration with the rest of the property's stack (a single guest record across spa + restaurant + rooms), which standalone clinic/salon software doesn't give you.

ByDOT· Founder @ DOTxLabs

Published May 7, 202610 min read

TL;DRHow DOTxLabs designs spa booking flows with deposit capture, therapist + room resource allocation, and cancellation-policy enforcement. Real patterns, real trade-offs, no fabricated numbers.

Spa Booking Systems That Actually Work

A production spa booking system has three load-bearing parts: deposit capture at submission, resource scheduling that models therapists + rooms + treatment-specific equipment together, and a cancellation policy enforced as code. Built on Paystack or Stripe plus Supabase, the pattern pulls no-show rates from typical industry ranges of 15–25% into single digits — and surfaces a unified guest record off-the-shelf spa software can't.

Most spa-booking software is good at scheduling and bad at everything around scheduling. The scheduling part is the easy part. The hard parts are deposit capture without breaking conversion, resource modeling that prevents double-bookings, and cancellation enforcement that actually runs without front-desk staff doing math.

This is what a real one looks like.

Why deposits exist

The honest framing: deposits are a no-show insurance policy that the guest pays for.

Without deposits, the spa absorbs the cost of every no-show — a 90-minute room, a therapist on the clock, the consumables the room was prepped with. With deposits, the guest who actually shows up effectively gets their deposit applied to the bill, and the no-show pays for the room they didn't use. The deposit doesn't eliminate no-shows. It moves the cost of them from the operator to the person responsible.

The conversion-rate cost is real. Adding a deposit step adds friction to checkout, and a percentage of guests will abandon at that step. But the no-show-rate cost without deposits is also real, and tends to be larger. We see industry-wide discussions placing un-managed spa no-show rates in the 15–25% range; a moderate deposit typically pulls that into single digits. The trade-off math usually favors deposits.

The exception is high-trust loyalty contexts — repeat guests with verified records, members of the spa's own program. For those segments, skipping the deposit reduces friction without meaningfully increasing risk. Build the system to allow per-segment policies; the static "all bookings, all the time" policy is a tax on your best guests.

What capture-on-submission actually does

The deposit is captured at booking submission, not at appointment time. Three reasons.

Pre-authorization isn't enough. A pre-auth is a hold, not a charge — and pre-auths can quietly drop off after a few days. The hospitality industry standard is full capture, not hold; this matches how OpenTable's prepaid bookings work and how high-end restaurants charge no-show fees.

Failure-at-time-of-appointment is the worst possible UX. "Your card declined when we tried to charge it for the no-show fee" is a conversation no one wants. Capturing at submission means the card is verified working at the moment the guest is willing to pay. If the card is going to fail, it fails when the guest can fix it — not when the guest is already a no-show.

It locks the slot in the operator's mind. A deposit is psychologically a commitment. The guest has put money down. They are more likely to either show up or actively reschedule, both of which are outcomes the operator can plan around.

The Paystack + Stripe routing decision

For Canadian and US guests, Stripe is the default — better fraud tooling, stronger 3D Secure coverage, broader card support, and the SCA flow under PSD2 is well-handled. For Nigerian, Ghanaian, or South African guests, Paystack is the default — local-rail settlement, lower per-transaction fees, and CBN-compliant capture for NGN.

The routing decision happens at checkout, not in the form. The user chooses or auto-detects currency (geo-default + override); the currency determines the gateway:

type Gateway = 'stripe' | 'paystack';

function gatewayFor(currency: string): Gateway {
  if (['NGN', 'GHS', 'ZAR'].includes(currency)) return 'paystack';
  return 'stripe';
}

The two gateways write to two different tables (stripe_payments, paystack_payments) for reasons covered in the build-log entry on multi-currency hospitality booking. Webhooks are isolated; signature verification is gateway-specific; idempotency is per-gateway-reference.

The data model for resource scheduling

A spa booking is a tuple of (treatment, therapist, room, time). Off-the-shelf scheduling tools tend to model only (therapist, time), and that's where the double-bookings come from. The room is a resource; specific treatments require specific rooms; the system has to enforce all of it.

create table treatments (
  id uuid primary key default gen_random_uuid(),
  venue_id uuid not null references venues(id),
  slug text not null,
  name text not null,
  duration_minutes int not null,
  price_minor int not null,
  currency text not null,
  deposit_policy_id uuid references deposit_policies(id),
  unique (venue_id, slug)
);

create table spa_rooms (
  id uuid primary key default gen_random_uuid(),
  venue_id uuid not null references venues(id),
  name text not null,           -- 'Room 1', 'Steam Suite'
  capabilities text[] not null, -- ['steam', 'couples', 'wet']
  active boolean not null default true
);

create table treatment_room_requirements (
  treatment_id uuid not null references treatments(id) on delete cascade,
  required_capability text not null,
  primary key (treatment_id, required_capability)
);

create table therapists (
  id uuid primary key default gen_random_uuid(),
  venue_id uuid not null references venues(id),
  name text not null,
  active boolean not null default true
);

create table therapist_treatment_qualifications (
  therapist_id uuid not null references therapists(id) on delete cascade,
  treatment_id uuid not null references treatments(id) on delete cascade,
  primary key (therapist_id, treatment_id)
);

When a guest tries to book "Hot Stone, 90 min, with Aisha at 3pm Thursday," the system checks:

Is Aisha qualified for Hot Stone? (therapist_treatment_qualifications lookup)
Is there a room with the capabilities Hot Stone requires (steam capability), free at 3pm Thursday for 90 minutes? (spa_rooms × treatment_room_requirements × calendar lookup)
Is Aisha free at 3pm Thursday for 90 minutes? (her booking calendar)
Is the guest's payment method valid? (gateway pre-flight)

All four pass → booking created, deposit captured, room and therapist locked for the duration. Any one fails → specific error surfaced ("This treatment requires a steam room; both are booked. Earliest available is 5:30pm.").

The model is verbose. It's verbose because the domain is verbose. Generic scheduling tools shortcut on this and produce double-bookings; a specialty system models it exactly.

Cancellation policies as code

The spa industry standard runs something like:

More than 24 hours before appointment: full deposit refunded
12–24 hours: 50% of deposit refunded
Under 12 hours: deposit forfeited, full no-show fee applies

That's three rules. A real spa often has six or seven, varying by treatment type, by guest segment (members vs walk-ins), by package (single treatment vs day pass). Hand-writing the math at the front desk every time is how policies get inconsistently enforced and refund disputes happen.

The policy as a typed config:

export type CancellationPolicy = {
  id: string;
  segments: GuestSegment[];      // ['walkin', 'member', 'corporate']
  windows: Array<{
    minHoursBefore: number;
    refundPercent: number;       // 0-100
  }>;
  applies_to_treatments: string[]; // empty = all
};

export const SPA_DEFAULT_POLICY: CancellationPolicy = {
  id: 'spa-default-2026',
  segments: ['walkin'],
  windows: [
    { minHoursBefore: 24, refundPercent: 100 },
    { minHoursBefore: 12, refundPercent: 50 },
    { minHoursBefore: 0,  refundPercent: 0  },
  ],
  applies_to_treatments: [],
};

The cancellation handler is a pure function:

export function refundFor(
  policy: CancellationPolicy,
  appointmentAt: Date,
  cancelledAt: Date,
  depositMinor: number,
): { refundMinor: number; reason: string } {
  const hoursBefore = (appointmentAt.getTime() - cancelledAt.getTime()) / 3_600_000;
  const window = policy.windows.find(w => hoursBefore >= w.minHoursBefore);
  if (!window) return { refundMinor: 0, reason: 'no matching window' };
  return {
    refundMinor: Math.round((depositMinor * window.refundPercent) / 100),
    reason: `>${window.minHoursBefore}h before appointment → ${window.refundPercent}% refund`,
  };
}

Tests cover the boundary cases. Production runs the function on every cancellation request, surfaces the refund amount in the cancellation confirmation email, and queues the gateway-side refund. No front-desk math.

What no-show prevention actually looks like in production

Three signals working together.

The deposit at submission. Already covered. The single biggest lever.

The reminder cadence. Confirmation email at booking. Reminder email + SMS 24 hours before. Final reminder email 2 hours before. The 24-hour catches forgetfulness — guests who genuinely meant to come and lost track of the calendar. The 2-hour catches conflicts — guests who realize they can't make it and reach out to reschedule rather than ghost.

The cancellation friction-of-doing-the-right-thing. If cancelling on time gets the guest a full refund, and ghosting gets them nothing, the right behavior is rewarded and the wrong behavior is punished — but neither requires staff intervention. The system enforces the policy automatically.

The combination of these three pulls the no-show rate into single digits in our experience. Industry-standard ranges for spa no-shows without these systems are commonly cited in the 15–25% range; with the system, well under 10%. We don't publish a single point estimate because spa-specific volume varies; the directional improvement is consistent.

What we would not do

A few patterns we've seen go wrong on other builds.

Letting the spa software handle the data and the property handle the brand. The split creates two records for one guest, and the marketing follow-up — "we hope you enjoyed your treatment, here's a complimentary appetizer at the restaurant" — falls apart because neither system knows the guest exists in the other. Build the spa booking inside the property's data model, not adjacent to it.

Hard-coding the cancellation policy in form copy. The day the operator changes "24 hours" to "48 hours" for the holiday season, you'll find five places in the codebase that need to update. Make the policy data, not text.

Treating SMS reminders as optional. They're not. Email open rates hover in the 20–30% range; SMS open rates run upwards of 90%. A 2-hour reminder via email is largely ignored; the same reminder via SMS catches genuine conflicts in time to reschedule.

Skipping 3D Secure on Stripe. SCA enforcement under PSD2 means a meaningful share of European cards will fail without 3DS. Even outside the EU, 3DS reduces fraud and chargebacks. Default 3DS to required on the spa flow; the conversion friction is dwarfed by the dispute risk reduction.

Where this gets harder

Two cases.

Membership pricing. A spa member pays a different rate, may skip the deposit, may have a cancellation grace different from walk-ins. The system needs the segment-aware policy machinery up front; retrofitting it after a year of operation is painful because the existing bookings have to be re-classified.

Add-ons and retail. Spa appointments often grow at checkout — a guest books a massage, then adds a manicure, then adds a product purchase. The booking record needs to either expand into a "session" with multiple line items or split across a primary booking and ancillary records. We default to the latter because it keeps the resource-scheduling model clean, but the trade-off is reporting complexity.

What we ship for hospitality spa builds

The components we'd reach for, in shipping order:

The treatments, spa_rooms, therapists schema with capabilities and qualifications joined in
The booking-creation server action with deposit-at-submission and gateway routing
The cancellation handler running the policy as code, with the refund amount surfaced to the guest before they confirm
The reminder cadence (24h email + SMS, 2h email + SMS) running on a Vercel Cron
The unified guest record so the rest of the property knows this guest exists
The admin views — therapist day-grid, room day-grid, today's bookings, no-show rate week-over-week

Build time on a focused spa scope is on the order of three to five weeks of engineering — shorter when the property already has a unified guest record from a multi-venue admin build, longer when the spa is being added as the first system and the surrounding integration work has to happen in parallel.

If you're operating a spa whose no-show rate is hurting the unit economics, or a hospitality group that wants the spa to live inside the same brand experience as the rest of the property, we'd scope it. The companion piece on multi-venue architecture covers how this fits into a larger property's data layer.

Frequently asked questions

Why bother with deposits — won't they reduce conversion?
They will. The question is whether the conversion drop is smaller than the no-show drop. In our experience and in industry-standard discussions, no-show rates without deposits commonly fall in the 15–25% range for spa appointments; with a non-trivial deposit they typically drop into single digits. Whether a 2–3 percentage-point conversion drop is worth a 15-point no-show drop depends on your unit economics — but it usually is.
How big should the deposit be?
Big enough that walking away costs the guest something real, small enough that walking up to checkout doesn't feel adversarial. We default to 25% of treatment value or a flat $30–$50 floor, whichever is higher. We've seen full-prepay flows work for very high-end treatments where the operator wants the no-show signal to disappear entirely; we've seen $20 holds barely move no-show numbers at all. The right answer is bracketed by your no-show rate.
Can we use Calendly or a generic scheduling tool for the spa?
For a single therapist running a small practice, sometimes yes. For a multi-room spa with treatment-specific resource constraints (this treatment needs Room 2 because it's the only one with the steam shower; this therapist is the only one trained on that modality), generic tools fall down because they don't model the resource graph. You end up with double-bookings the system shouldn't have allowed.
What about no-shows even after the deposit is captured?
They still happen, just less often. The deposit doesn't fully refund on no-show — that's the policy, communicated clearly, enforced automatically. The friction-of-loss is the deterrent. We also send confirmation reminders 24h and 2h before the appointment. The 24h reminder catches forgetfulness; the 2h reminder catches genuine schedule conflicts where the guest will reach out to reschedule rather than no-show.
Does this work for non-spa appointment businesses (clinics, salons)?
Yes — the same patterns apply. The data model around treatments, resources, therapists, and deposit policies is general enough that we've used near-identical schema for adjacent appointment-driven verticals. The hospitality-specific lift is the integration with the rest of the property's stack (a single guest record across spa + restaurant + rooms), which standalone clinic/salon software doesn't give you.

Building or rebuilding your hospitality stack?

Start with a Stack Diagnostic. We'll scope what you have, what's breaking, and what to ship next.

Book a Stack Diagnostic

← All hospitality articles

Spa Booking Systems That Actually Work: Deposit Capture, Resource Scheduling, and No-Show Prevention