This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the Bookable.live website and services (the "Service"). We process personal data in accordance with applicable laws, including the EU General Data Protection Regulation (GDPR) and, where applicable, the UK GDPR.
1. Who we are (Data Controller)
Controller: Bookable
Registered address: Raunas iela 45-k5, 254, Riga, Latvia
Contact email: info@bookable.live
2. What data we collect
- Account & authentication data: name, email, login identifiers, and security tokens.
- Business profile data: business name, logo, phone numbers, address, timezone, service configuration, appointment preferences, availability.
- Client & booking data: client contact details, appointment metadata (times, services, venue), rescheduling preferences, reminders, related communications.
- Calendar & integration data: connection status and settings for Google Calendar, Microsoft Outlook/Office 365, ICS; calendar identifiers and sync logs.
- Communications data: emails, WhatsApp messages, templates and delivery diagnostics you use within the Service.
- Payment and subscription data (if enabled): subscription status/plan, payment identifiers (card data handled by our payment provider).
- Device and usage data: IP address, browser info, device identifiers, and interaction events (including via Google Analytics on our marketing website) for security, diagnostics, and understanding website usage.
3. How we collect data
- Directly from you when creating an account, configuring your business, or using features.
- From connected providers (e.g., Google, Microsoft) when you authorize integrations.
- From your clients when they book or respond to communications initiated via the Service.
- Automatically via cookies or similar tech for security and basic analytics (see Cookies).
4. Purposes and legal bases
- Provide and operate the Service — GDPR Art. 6(1)(b) (contract) and 6(1)(f) (legitimate interests).
- Secure the Service and prevent abuse — GDPR Art. 6(1)(f) (legitimate interests).
- Communicate with you about updates/outages/support — GDPR Art. 6(1)(b)/(f).
- Comply with legal obligations — GDPR Art. 6(1)(c).
- Marketing communications (if any) — GDPR Art. 6(1)(a) (consent) or 6(1)(f) (legitimate interests).
If you book an appointment through a business using our Service, you may see an optional marketing consent checkbox in the final step. If you tick this checkbox, we will record your consent so that the business may send you marketing messages. You can withdraw your consent at any time by using the unsubscribe option in messages (where available) or by contacting the business.
5. Retention
We retain data only as long as necessary for the stated purposes and legal/accounting needs. Upon account deletion, we delete or anonymize personal data within a reasonable time unless longer retention is required by law or necessary to establish, exercise, or defend legal claims.
6. Sharing and processors
We use trusted service providers (processors) under appropriate contracts. They process data only on our instructions:
- Supabase (hosting, auth, DB, storage, serverless) — Privacy
- Google (OAuth, Google Calendar) — Privacy
- Google Analytics (website analytics for bookable.live marketing pages) — Privacy
- Microsoft (OAuth, Outlook/Office 365 via Graph) — Privacy
- Cloudflare Turnstile (anti‑abuse) — Privacy
- Stripe (payments/subscriptions, if enabled) — Privacy
- WhatsApp Business Platform (Meta) (if enabled) — Terms
We may disclose data if required by law or to protect our rights, users, or the public. We do not sell personal data.
7. International transfers
Your data may be processed outside your country, including outside the EEA/UK. We rely on appropriate safeguards (e.g., adequacy, SCCs) for such transfers.
8. Your rights (EEA/UK)
- Access, rectification, erasure, restriction, objection (including to direct marketing), portability.
- Withdraw consent where processing is based on consent (without affecting prior processing).
Contact us at info@bookable.live to exercise rights. You can also lodge a complaint with your local authority (EEA list: edpb.europa.eu; UK: ico.org.uk).
9. Cookies and similar technologies
We use necessary cookies and anti‑bot technologies (e.g., Cloudflare Turnstile) for security. We also use Google Analytics on our marketing website pages to understand how visitors use the site (e.g., pages viewed, approximate location derived from IP address, and device/browser information). Google Analytics may set cookies or use similar technologies. Where required by law, we will request your consent before placing analytics cookies.
You can also limit cookies through your browser settings. Google provides a browser add‑on to opt out of Google Analytics: https://tools.google.com/dlpage/gaoptout.
10. Children’s privacy
Our Service is not directed to children under 16. If you believe a child has provided personal data, contact us to delete it.
11. Data Deletion Instructions (for Facebook/Meta users)
If you have used Facebook Login to access Bookable.live and wish to delete your data from our systems, you can do so by:
- Automatic deletion: Log in to your Bookable.live account and go to Settings → Account → Delete Account. This will remove all your personal data from our systems.
- Manual request: If you cannot access your account, send an email to info@bookable.live with the subject "Data Deletion Request" and include the email address associated with your account.
We will process your deletion request within 30 days. Please note that some data may need to be retained for legal or accounting purposes as permitted under GDPR Article 6(1)(c).
12. Changes to this policy
We may update this policy from time to time. We will post updates here and, if significant, provide additional notice.
13. Contact
SIA ClearTech
Raunas iela 45-k5, 254, Riga, Latvia
info@bookable.live
This template is provided for convenience and does not constitute legal advice. Update the bracketed fields and processor list to match your setup.