Add notes
In the Notes tab, you can add and view notes specific to the guest. You can also set up staff alerts, which will display an alert in the appointment book or point of sale, during check-in, booking, check out, or taking payment.
On the guest profile, click the Notes tab.
In the Add a Note for this Guest field, enter a relevant note.
Note
To protect your data and comply with PCI DSS 4.0 standards, entering credit card numbers in this field is not permitted. For more information, refer to Zenoti Prevents Card Number Entry in Guest Notes section.
Select the appropriate options listed in the table below.
Click Add.
Note
You can also edit guest notes on the Notes tab of the guest profile.
Option | Alert Type | Example |
|---|---|---|
No check box selected | None (Generic notes) | ‘Guest is willing to share a good experience on Yelp’. |
Show on opening Guest History | Profile alert | ‘Collect alternative email address and area pin code from the guest’ |
Show during check-in | Check-in alert | ‘Guest likes green tea. Offer green tea after check-in' |
Show when booking an appointment | Booking alert | ‘Guest is allergic to lavender oil’ |
Show when taking payment | Payment alert | ‘Guest wants to use card-on-file to pay for massages’ |
Private | Private notes | ‘Guest wants all services done to be done by the provider Kate’ |
Other actions in the Notes tab
Actions | Perform these steps |
|---|---|
Delete note | Click the Delete Note icon. |
Edit note | In the Note column, edit the note. |
Change the type of alert | In the Note Type column, from the drop-down, select the appropriate alert type. |
Filter by note type | From the All Notes drop-down, select the appropriate note type. |
Zenoti Prevents Card Number Entry in Guest Notes
This article explains how Zenoti uses regular expressions (regex) to detect and block credit card numbers in the Guest Notes field. It supports understanding of Zenoti’s approach to meeting Payment Card Industry Data Security Standard (PCI DSS) 4.0 compliance requirements.
To help your business stay compliant with PCI DSS 4.0 (Payment Card Industry Data Security Standard), Zenoti automatically scans text entered in the Guest Notes field for any potential credit card numbers. This is done using regex (regular expressions)—a method that identifies specific numeric sequences based on BIN (Bank Identification Number) and IIN (Issuer Identification Number) patterns issued by major credit card providers such as Visa, Mastercard, and American Express.
This safeguard ensures that sensitive credit card data is not stored in guest notes field, reducing the risk of data exposure and helping your business stay PCI-compliant.
The following table lists common BIN and IIN prefixes used by major credit card brands. These prefixes help Zenoti’s system identify and block credit card numbers entered into non-secure fields, such as Guest Notes, as part of our PCI DSS 4.0 compliance measures.
BIN/IIN Prefix | Card Brand | Notes |
|---|---|---|
4XXXXX | Visa | All Visa cards begin with 4 |
51–55XXXX | Mastercard | Legacy BIN range |
2221–2720XXXX | Mastercard | New Mastercard BIN range |
34XXXX or 37XXXX | Amex | 15-digit card number format |
6011, 65, 644–649 | Discover | Multiple known starting sequences |
3528–3589 | JCB | Japanese Credit Bureau cards |
300–305, 36, 38–39 | Diner’s Club | Some cards may co-brand with Mastercard |
When adding a new note
If a user enters a credit card number:
Error message displayed:
“Entering credit card information in this field is not allowed as per security compliance norms.”
Action:
The note cannot be saved until the card information is removed.
When editing an existing note:
If a credit card number is detected:
Message displayed:
“Notes contain credit card information.”
Action:
The edited note cannot be saved until the sensitive data is deleted.
Zenoti automatically scans guest notes to detect and block sensitive information, such as credit card numbers. This detection works even when the number is split across lines or includes formatting characters like spaces, dashes, or other special symbols. If a credit card number is detected in the notes, the system displays an error message and prevents the note from being saved until the sensitive data is removed.
What to Know
Detection is not limited to standard number formats. Even if the credit card number is spread across multiple lines, Zenoti will identify and block it.
The system also detects numbers with separators such as spaces ( ), dashes (-), or other special characters.
Any combination of text that matches a credit card number pattern—regardless of line breaks or formatting—will be blocked.
Examples of Blocked Entries
Example 1: If the credit card number is spread across multiple lines, Zenoti will block it.
Text entered in the Guest Notes field:
4437
5895
4326
1235
Detected value: 4437589543261235
Zenoti interprets these separate four-digit numbers as a credit card number and the note is blocked.
Example 2: If the credit card number is separated with special characters, Zenoti will block it.
Text entered in the Guest Notes field:
4437- 5895-4326-1235
Detected value: 4437589543261235
Zenoti ignores the hyphens and interprets this as a credit card number, and the note is blocked.
Example 3: Any combination of text that matches a credit card number pattern will be blocked.
Text entered in the Guest Notes field:
Here's my phone number 9999999999 02:57PM
Detected value: 99999999990257
Zenoti interprets the timestamp (02:57PM) and the phone number as one continuous number. Since this matches the credit card number pattern, the note is blocked.
Examples of Accepted Entries
Example 1: Any combination of numbers clearly demarcated as separate units will be accepted.
Text entered in the Guest Notes field:
Pending balance from last session: $443 Phone number: 9999999999
In this case, Zenoti recognizes the dollar amount and the phone number as separate pieces of information. Because each number is clearly labeled, the system does not interpret them as a single sequence resembling a credit card number. As a result, the entry is allowed and can be saved without issue.