Privacy Policy
This policy explains what personal data Bookuno collects, how we use it, who we share it with, and what rights you have. We are committed to protecting your privacy and complying with UK GDPR and the Data Protection Act 2018.
We never sell your personal data.
CONTENTS
1. Who we are
Bookuno Ltd is the data controller for personal data processed through the Bookuno platform at bookuno.co.uk. To contact us about privacy, email hello@bookuno.co.uk.
2. What data we collect
Customers
- Account data: name, email address, password (hashed), phone number (optional).
- Booking data: services booked, dates and times, business details, booking status, notes added to bookings.
- Payment status: whether a payment has been made and its outcome. We do not store raw card numbers — these are held by Stripe.
- Reviews: review text and star rating you submit after a completed booking.
- Communications: messages you send via in-app messaging, and support emails.
- Usage data: pages visited, search queries, device/browser type, IP address, approximate location (city level) derived from IP.
Business owners
- Account data: name, email address, password (hashed), phone number.
- Business profile: business name, address, service descriptions, pricing, opening hours, photos, and any other information you add to your storefront.
- Booking and revenue data: bookings received, customer names, appointment times, payment amounts.
- Stripe Connect data: Stripe account ID and payout status. Stripe processes and holds your financial data under their own privacy policy.
- Communications: messages exchanged with customers and support interactions.
Data we do not collect
- We do not collect or store raw card numbers, CVV codes or full bank account details.
- We do not knowingly collect data from anyone under 18.
3. How we use your data
| Purpose | Data used |
|---|---|
| Creating and managing your account | Account data |
| Processing and managing bookings | Booking data, account data |
| Processing payments and issuing refunds | Payment status data (via Stripe) |
| Sending booking confirmations, reminders and receipts | Email address, booking data |
| Providing customer support | Account data, booking data, communications |
| Enabling business owners to manage their listings and bookings | Business profile data, booking data |
| Displaying verified reviews | Review content, first name and initial only |
| Improving and debugging the platform | Usage data (anonymised where possible) |
| Fraud prevention and platform security | Account data, usage data, IP address |
| Complying with legal obligations | As required by applicable law |
We do not use your data for automated decision-making that produces legal or similarly significant effects.
4. Lawful bases for processing
- Contract: Processing necessary to perform our agreement with you — creating accounts, facilitating bookings, processing payments.
- Legitimate interests: Platform security, fraud prevention, product improvement, and responding to support requests — balanced against your interests and rights.
- Legal obligation: Where we are required to retain or disclose data by law.
- Consent: For any optional marketing communications — you can withdraw consent at any time.
5. Who we share data with
We do not sell your data. We share it only as necessary to operate the platform:
| Recipient | Purpose | Location |
|---|---|---|
| Stripe | Payment processing and payouts | USA (adequacy) |
| Supabase | Database and authentication hosting | EU / EEA |
| Vercel | Platform hosting and delivery | EU / USA (SCCs) |
| The booking business | To fulfil your booking request | UK |
We may disclose personal data to law enforcement or regulatory bodies where required to do so by law, court order or to protect the safety of users or the public.
Where data is transferred outside the UK, we ensure appropriate safeguards are in place (adequacy decisions or Standard Contractual Clauses).
6. How long we keep data
| Data type | Retention period |
|---|---|
| Account data | Until account deletion, then 30 days for recovery, then permanently deleted |
| Booking records | 7 years from booking date (for financial and legal compliance) |
| Payment records | 7 years (HMRC requirements) |
| Support communications | 3 years from last contact |
| Usage and analytics data | Up to 24 months, then anonymised or deleted |
7. Your rights
Under UK GDPR you have the following rights. To exercise any of them, contact hello@bookuno.co.uk. We will respond within one month.
- Access: request a copy of the personal data we hold about you.
- Rectification: ask us to correct inaccurate or incomplete data.
- Erasure: request deletion of your personal data (subject to legal retention requirements).
- Restriction: ask us to restrict processing in certain circumstances.
- Portability: receive your data in a machine-readable format where technically feasible.
- Object: object to processing based on legitimate interests.
- Withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting prior processing.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk · 0303 123 1113.
To delete your Bookuno account, go to your account settings or email hello@bookuno.co.uk.
8. Cookies and local storage
Bookuno uses browser local storage and session storage (not traditional cookies) to maintain your session and app preferences. This is strictly necessary for the platform to function and does not require consent.
We do not currently use third-party advertising or tracking cookies. If we add analytics in the future, we will update this section and obtain consent where required.
What we store locally
- Session authentication token (cleared on sign out)
- UI preferences (e.g. demo mode, last search)
- Locally-saved bookings for offline reference
You can clear stored data at any time through your browser's privacy settings.
9. Security
We protect your data using industry-standard measures including:
- HTTPS/TLS encryption for all data in transit.
- Encrypted passwords — we store only a cryptographic hash, never the plaintext.
- Row-level security on our database so each user can only access their own data.
- Payment data handled exclusively by Stripe — we never touch raw card details.
No system is 100% secure. If you believe your account has been compromised, contact us immediately at hello@bookuno.co.uk.
10. Children
Bookuno is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
11. Changes to this policy
We may update this privacy policy from time to time. We will notify you of significant changes by email and update the "Last updated" date at the top of this page. Continued use of the platform after the effective date constitutes acceptance.
12. Contact us
For any privacy questions, data requests or complaints:
- Email: hello@bookuno.co.uk
- Subject line: "Privacy request" or "Data deletion"
We aim to respond to all privacy requests within 5 working days and will complete them within one month as required by UK GDPR.