Privacy Policy

Last Updated: December 12, 2025

Privacy Policy

This Privacy Policy explains how BookKei (“Company”, “we”, “us” or “our”) collects, uses, discloses and protects your information when you use our website, platform, and related services (collectively, the “Services”). By accessing or using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

1. Who We Are

BookKei is an online booking and scheduling platform that allows businesses (“Owners”) to manage appointments, services and customers, and allows end users (“Customers”) to book services with those businesses. This Privacy Policy applies to both Owners and Customers, as well as staff members and other users who interact with our platform.

2. Scope of This Policy

This Privacy Policy applies to information we collect:

  • Through our website and web-based dashboard.
  • Through public booking pages and landing pages created with our platform.
  • Through our integrations with third-party services such as calendar providers, payment gateways and communication tools.
  • Through email, SMS or other communications related to our Services.

This Policy does not apply to any third-party websites, services or applications that are not controlled by us, even if they are linked to or integrated with our Services. Those third parties have their own privacy policies, which we recommend you review.

3. Information We Collect

3.1 Information You Provide to Us

  • Account Information (Owners & Staff). When you create an account, we may collect your name, business name, email address, phone number, password, time zone and other profile details you choose to provide.
  • Business Profile Information. Owners may provide information about their business such as logo, branding, services, descriptions, pricing, duration, staff profiles, images and other content displayed to Customers.
  • Booking & Customer Information. When Customers make a booking through our platform, we may collect their name, contact details (email, phone number), selected service, selected staff member, date and time, notes, and other details requested by the Owner in the booking form.
  • Payment Information. Payment card information is processed by third-party payment processors (such as Stripe, PayPal or others configured by the Owner). We do not store full credit card numbers on our servers. We may receive limited payment-related information such as transaction IDs, the last four digits of the card, card type, and billing status to help the Owner manage bookings and payments.
  • Communication Content. If you contact us or an Owner through the platform (for example via email, in-app messaging, contact forms or SMS), we may collect the content of those communications and any attachments you provide.
  • Support & Feedback. When you request support, fill out surveys or send feedback, we collect the information you choose to provide to help us respond and improve our Services.

3.2 Information We Collect Automatically

When you use the Services, we may automatically collect certain information about your device and usage:

  • Usage Data. Information about how you interact with the Services, such as pages viewed, actions taken (e.g., creating bookings, editing services), time spent, and links clicked.
  • Device & Log Information. IP address, browser type, operating system, device identifiers, referring/exit pages, and date/time stamps.
  • Cookies & Similar Technologies. We may use cookies, web beacons and similar technologies to store your preferences, keep you logged in, analyze usage and personalize content. You can manage cookies through your browser settings, but disabling cookies may affect certain features.

3.3 Information from Third-Party Services

  • Calendar Integrations (Google Calendar, Outlook / Microsoft 365).
    When you connect an external calendar, we receive information necessary to provide two-way sync, such as:
    • OAuth tokens and refresh tokens (stored securely and, where applicable, encrypted).
    • Calendar metadata (e.g., calendar ID, account email, provider type).
    • Events and busy times within a configurable date range (e.g., upcoming days or weeks) to prevent double-booking.
    We use this information only to synchronize bookings, show availability and manage conflicts according to your configuration.
  • Payment Processors. When you make a payment or connect a payment gateway, we may receive information from payment providers about your account and transactions in order to match payments to bookings and handle refunds or disputes.
  • Communication Providers (Email & SMS). When SMS or email integrations are enabled, we may receive delivery status and technical metadata (for example: sent, delivered, failed) to log and monitor notifications.
  • Authentication & Social Login. If we offer and you use social login (e.g., Google, Facebook, etc.), we may receive your name, email address and profile picture from those providers, subject to their privacy settings and permissions.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • To create and manage user accounts and business profiles.
  • To provide, operate and maintain the booking and scheduling platform.
  • To display services, availability and prices to Customers and allow them to make bookings.
  • To process and manage bookings, cancellations, reminders and follow-up notifications.
  • To synchronize bookings with connected calendars and to import busy times to prevent double-booking.
  • To send transactional communications, such as booking confirmations, reminders, invoices and important service updates.
  • To send optional marketing or promotional communications (where permitted by law and your preferences).
  • To monitor and analyze usage, improve performance, enhance user experience and develop new features.
  • To protect the security and integrity of the platform, prevent fraud and enforce our Terms of Service.
  • To comply with legal obligations and respond to lawful requests from authorities.

5. Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases (as applicable):

  • Contractual Necessity: To provide the Services to you and fulfill our contractual obligations.
  • Legitimate Interests: To operate, secure and improve the Services, communicate with you about non-marketing matters, and prevent misuse.
  • Consent: For specific purposes such as certain marketing communications or optional integrations, where required.
  • Legal Obligations: To comply with applicable laws, regulations and legal processes.

6. Cookies & Tracking Technologies

We use cookies and similar technologies to:

  • Keep you signed in and maintain session security.
  • Remember your preferences and language settings.
  • Analyze how users interact with the platform to improve performance and usability.
  • Support certain features such as analytics and error tracking.

You can control cookies through your browser settings. Some cookies are essential to the functioning of the Services and cannot be disabled without impacting basic features.

7. How We Share Your Information

We do not sell your personal information. We may share information in the following situations:

  • With Service Providers. We may share information with third-party vendors that help us operate the Services, including hosting providers, payment processors, email and SMS providers, analytics providers, and customer support tools. These providers are authorized to use your information only as necessary to provide services to us.
  • With Business Owners & Staff. If you are a Customer booking with a particular business, your relevant booking information (such as name, contact details, selected service, date/time, and any notes you provide) is shared with that Owner and their staff so they can manage your appointment. The Owner is responsible for their own use of that information.
  • With Calendar Providers. If you connect Google Calendar, Outlook or another calendar provider, we share booking data with that provider in order to create, update or cancel events in your external calendar, according to your configuration.
  • For Legal Reasons. We may disclose information if required by law, court order or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety or the safety of others, or to investigate fraud or security issues.
  • Business Transfers. If we are involved in a merger, acquisition, reorganization or sale of all or part of our assets, your information may be transferred as part of that transaction, subject to continued protection consistent with this Policy.
  • With Your Consent. We may share information with third parties when you give us your explicit consent to do so.

8. International Data Transfers

We may process and store information in countries other than your own, which may have different data protection laws. Where required by law, we take appropriate safeguards to protect your information when it is transferred internationally, such as using standard contractual clauses or equivalent mechanisms.

9. Data Retention

We retain your information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes and enforce our agreements. Retention periods may vary depending on the type of data and the context in which it was collected. When information is no longer required, we will delete or anonymize it in a secure manner, unless we are legally required to keep it for a longer period.

10. Data Security

We implement reasonable technical and organizational measures to protect your information against unauthorized access, loss, misuse or disclosure. These measures include, where appropriate:

  • Use of secure connections (HTTPS) for data transmission.
  • Encryption of sensitive credentials such as OAuth tokens and API keys.
  • Access controls and authentication requirements for staff and administrators.
  • Regular monitoring, logging and security updates.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

11. Your Rights & Choices

Depending on your location and applicable law, you may have the following rights regarding your personal information:

  • The right to access and obtain a copy of your personal data.
  • The right to request correction of inaccurate or incomplete data.
  • The right to request deletion of your data in certain circumstances.
  • The right to object to or restrict certain processing activities.
  • The right to data portability (where technically feasible).
  • The right to withdraw consent where processing is based on consent.

To exercise these rights, please contact us using the information in the Contact Us section below. We may need to verify your identity before responding to your request. In some cases, we may be unable to fully comply with your request if it would conflict with our legal obligations or legitimate business needs.

If you are a Customer who made a booking with an Owner using our platform, certain requests (such as accessing or deleting booking records) may need to be directed to that Owner, as they are the controller of your data for those bookings. We will assist the Owner where applicable.

12. Children’s Privacy

Our Services are not directed to children under the age of 13 (or the relevant minimum age in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without appropriate consent, we will take steps to delete it. If you believe a child has provided us with personal information, please contact us.

13. Third-Party Links & Integrations

The Services may contain links to third-party websites or allow you to enable third-party integrations (such as Google, Microsoft, payment gateways or communication tools). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before connecting or using their services.

14. Calendar & Communication Integrations

14.1 Calendar Integrations

When you connect an external calendar (such as Google Calendar or Outlook), we:

  • Request only the permissions necessary to synchronize events and busy times.
  • Store access tokens securely and, where applicable, in encrypted form.
  • Use the data solely to provide calendar synchronization, prevent double-booking, and display availability according to your configuration.
  • Respect your decision if you revoke permissions in the calendar provider’s account settings. If access is revoked, synchronization will stop and we will mark the connection as revoked in your settings.

14.2 SMS & Email Communications

Our platform can send SMS or email notifications (such as confirmations, reminders, cancellations and updates) on behalf of Owners. When these features are enabled:

  • We process Customer contact details (such as phone number and email address) for the purpose of sending the notifications.
  • We may log delivery status and technical metadata to help diagnose issues (e.g., delivered, failed, reason for failure).
  • Owners are responsible for ensuring that they have the necessary consent to contact their Customers through SMS or email where required by law.

15. Owners’ Responsibilities

If you are an Owner using BookKei to manage bookings and Customers, you are responsible for:

  • Providing your own privacy notice to your Customers where required by law.
  • Ensuring that the personal data you collect and enter into the platform is collected lawfully and that you have a valid legal basis for processing it.
  • Complying with all applicable data protection and privacy laws in your jurisdiction.

We act as a service provider or processor for certain processing activities performed on behalf of Owners.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors. When we make material changes, we will update the “Last Updated” date at the top of this page and, where appropriate, provide additional notice (such as through the dashboard or by email). Your continued use of the Services after any changes become effective constitutes your acceptance of the revised Policy.

17. Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or our privacy practices, you can contact us at:

BookKei – Privacy Inquiries
Email: info@bookkei.com
Website: https://bookkei.com

We will do our best to respond to your inquiry in a timely manner.