1. What Bookedtify Is and Who Controls Data
Bookedtify is a technology platform that helps clients discover, request, schedule, manage, and pay for services offered by independent service providers.
Bookedtify does not itself provide the listed services. The actual service is provided by the independent provider chosen by the client.
For platform account, marketplace, booking, security, support, billing, reporting, and administration data, Bookedtify acts as the data controller unless another role is stated. Providers may act as independent controllers for client data they receive and use outside Bookedtify to deliver their own services.
2. Who This Policy Applies To
- Clients who create an account, browse providers, request bookings, pay for services, leave reviews, or contact support.
- Service providers who create a provider account, list services, manage bookings, receive payments, or use provider tools.
- Visitors who browse the website or app.
- Users who contact us by email, form, chat, or other support channels.
3. Personal Data We Collect
Depending on how you use Bookedtify, we may collect account data, booking data, provider business data, payment data, communications and support data, technical usage data, and location-related data.
- Account data may include name, email, phone, login credentials, role, account settings, profile image, and communication preferences.
- Booking data may include selected service, provider, performer or team member, date and time, status, cancellation or rescheduling reason, notes, duration, price, provider-created guest booking details, and availability records.
- Provider business data may include business name, business description, address or service area, services, pricing, opening hours, team members, and tax or registration information where required.
- Payment data may include payment status, amount, currency, transaction IDs, refund status, dispute status, Stripe customer or connected account IDs, invoices, subscriptions, platform fees, and commission records.
- Security, report, and enforcement data may include login events, device identifiers, abuse reports, suspension reasons, appeal status, chargeback risk signals, fraud indicators, moderation records, and investigation notes.
- Technical data may include IP address, device type, browser, operating system, pages visited, actions taken, login timestamps, crash reports, approximate IP-based location, cookies, local storage, session storage, and similar technologies.
4. Data We Receive From Providers or Other Users
A provider or provider team member may create a booking on behalf of a client and enter the client's name, email, phone number, selected service, appointment time, and booking notes. We process that information so the provider can manage the appointment and so the client can receive booking-related support where applicable.
Users may also provide information about other users when submitting reports, reviews, booking messages, cancellation reasons, dispute evidence, or support requests. Users must only submit personal data that is relevant, lawful, and necessary for the platform purpose.
5. How We Use Personal Data
We use personal data to operate accounts, power search and booking features, process payments and refunds, show provider profiles, send booking notifications, provide support, investigate fraud or abuse, improve the platform, comply with legal obligations, and enforce platform rules.
We may also send marketing communications where permitted by law or where you have given consent.
6. Legal Bases for Processing
Depending on the situation, we process personal data based on performance of a contract, legal obligation, legitimate interests, or consent.
Legitimate interests may include platform security, fraud prevention, dispute handling, chargeback management, provider verification, abuse prevention, service improvement, and enforcement of our Terms.
- Contract: account operation, booking workflows, provider tools, payment-related functionality, support, and requested platform services.
- Legal obligation: tax, accounting, fraud, sanctions, payment compliance, consumer protection, data protection requests, and lawful authority requests.
- Legitimate interests: security, fraud prevention, platform integrity, dispute handling, service improvement, enforcement, ranking quality, and business administration.
- Consent: optional cookies, optional marketing, precise browser geolocation where required, and any other processing where consent is legally required.
7. Payments and Payment Providers
Bookedtify may use third-party payment providers, such as Stripe, to process payments, provider payouts, subscriptions, refunds, invoices, and disputes.
We do not store full card numbers on our own servers. Payment providers may process payment information according to their own legal terms and privacy policies.
9. Service Providers and Subprocessors
Bookedtify uses trusted third-party providers to host, secure, operate, and improve the platform. These may include Vercel for application hosting and deployment, Supabase or PostgreSQL infrastructure for database services, Stripe for payments and billing, Resend for transactional email, Cloudflare Turnstile for bot and abuse prevention, Mapbox for maps and location features, and other operational providers that support the platform.
These providers may process personal data only as needed to provide their services to Bookedtify or as otherwise described in their own terms and privacy policies. Stripe may act as an independent controller or processor depending on the payment activity.
10. Provider Use of Client Data
Providers are independent professionals or businesses. When a provider receives client data through Bookedtify, the provider is responsible for using that data lawfully and only for managing and delivering the booked service.
- Providers must not sell client data.
- Providers must not use client data for unrelated marketing without permission.
- Providers must not misuse client data, request unnecessary sensitive data, or store client data insecurely.
12. Ranking, Safety Signals, and Automated Tools
Bookedtify may use automated rules and platform signals to support search ranking, provider visibility, fraud prevention, rate limiting, safety checks, chargeback risk flags, prohibited service checks, and account security.
These tools help operate the marketplace, but Bookedtify does not intend to make legally significant decisions about users based solely on automated processing without human review where such review is required by law.
13. Retention and Deletion
We keep personal data only as long as necessary for the purposes described in this policy, including legal, tax, accounting, payment, dispute, fraud-prevention, and platform-security obligations.
When an account is deleted, some information may be deleted, anonymised, or retained where necessary for legal, tax, accounting, payment, fraud-prevention, dispute, security, chargeback, enforcement, or legitimate business reasons.
14. GDPR and Privacy Rights
Depending on your location and applicable law, including the GDPR where it applies, you may have rights to access, correct, delete, restrict, object to processing, receive a portable copy of your data, withdraw consent, or lodge a complaint with a data protection authority.
You can make privacy requests through the contact page or privacy contact email. We may need to verify your identity before responding, and some requests may be limited where data must be retained for legal, payment, dispute, safety, fraud-prevention, or another lawful reason.
For more detail, see the GDPR and Data Protection Rights page.
15. Security, International Transfers, Children, and Changes
We use reasonable technical and organisational measures to protect personal data, including access controls, secure hosting, encryption where appropriate, monitoring, and internal security practices.
If personal data is transferred outside the European Economic Area, the United Kingdom, or Switzerland, we will use appropriate safeguards where required, such as adequacy decisions, standard contractual clauses, contractual protections, or other lawful transfer mechanisms.
Bookedtify is not intended for children under the age required to create a legally valid account in their location.
We may update this Privacy Policy from time to time and will notify users of material changes where required by law.
16. Contact
For privacy questions, requests, or complaints, contact Bookedtify through the contact page or the privacy/contact email shown in your account or legal notices.