← Back to home

Privacy Policy

Effective date: 11/03/26

1. Overview

This Privacy Policy describes how Book&Pay ("we", "us", or "our") collects, uses, processes, and protects personal information obtained from users of the Book&Pay reservation platform.

The platform allows customers to discover businesses, schedule services, and make advance payments for appointments.

This policy applies to all users of the service including:

  • Customers
  • Business administrators
  • Business staff
  • Visitors browsing the platform
  • Users authenticating via third-party providers such as Google

By using the platform, you consent to the practices described in this Privacy Policy.

2. Personal information we collect

We collect personal information necessary to operate the platform and provide reservation services.

2.1 Account information

When creating an account we may collect:

  • Full name
  • Email address
  • Phone number
  • User role (administrator, staff, customer)
  • Business affiliation (if applicable)

This information is used to create and manage user accounts.

2.2 Authentication information

Authentication may occur through:

  • Email and password login
  • OAuth authentication (Google Sign-In)

Authentication data may include:

  • Authentication provider identifiers
  • Login timestamps
  • Encrypted authentication tokens
  • Password hashes (never stored in plain text)

Authentication infrastructure may be handled through secure providers such as Supabase Authentication services.

2.3 Reservation information

When users schedule services we collect:

  • Selected service
  • Business associated with the reservation
  • Appointment date and time
  • Reservation status
  • Reservation notes
  • Reservation history

This data allows businesses to manage appointments and fulfill booked services.

2.4 Payment information

Some reservations require advance payments.

Payment processing may be handled through third-party providers such as Stripe.

We may store limited payment metadata including:

  • Transaction identifiers
  • Payment status
  • Payment method type
  • Amount and currency
  • Timestamp of payment

Sensitive payment details (such as credit card numbers) are never stored by our platform.

2.5 Business profile information

Business administrators may provide additional information including:

  • Business name
  • Business phone number
  • Business email address
  • Business time zone
  • Operating hours
  • Services offered
  • Service pricing
  • Deposit requirements
  • Business profile images

2.6 Technical information

We automatically collect certain technical information including:

  • IP address
  • Device information
  • Browser type
  • Operating system
  • Request logs
  • API usage logs

This information helps us monitor performance and maintain platform security.

3. How we use personal data

Personal data may be used for the following purposes:

Platform operation

To enable core platform functionality such as:

  • Account management
  • Service reservations
  • Business scheduling
  • Payment processing

Communication

To send:

  • Reservation confirmations
  • Appointment reminders
  • Support responses
  • Security alerts

Platform improvement

To analyze usage patterns and improve the system.

Security

To detect fraudulent activity, unauthorized access, or abuse.

Legal compliance

To comply with legal obligations and regulatory requirements.

4. Data sharing

We do not sell personal data.

Information may be shared only with:

Businesses using the platform

When a reservation is created, customer information may be shared with the business providing the service.

Service providers

Trusted providers assisting with:

  • Cloud infrastructure
  • Payment processing
  • Authentication
  • Analytics

Legal authorities

If required by law or legal processes.

5. Data security

We implement technical safeguards including:

  • HTTPS encrypted communication
  • Secure authentication tokens
  • Controlled database access
  • Role-based authorization
  • Infrastructure security monitoring

While we strive to protect personal information, no system can guarantee absolute security.

6. Data retention

Personal information is retained only for as long as necessary to provide services and comply with legal obligations.

Inactive accounts may eventually be deleted or anonymized.

7. User rights

Depending on applicable regulations, users may have the right to:

  • Access their personal data
  • Correct inaccurate data
  • Request deletion
  • Restrict processing
  • Request data portability

Requests may be submitted through the contact or support channels made available in the application or on the Book&Pay website.

8. Cookies and tracking

The platform may use cookies to:

  • Maintain authentication sessions
  • Improve user experience
  • Monitor system performance

Users can manage cookies through browser settings.

9. Third-party services

The platform integrates third-party services including:

  • Google OAuth for authentication
  • Stripe for payment processing
  • Cloud hosting infrastructure

These services operate under their own privacy policies.

10. Children's privacy

The platform is not intended for individuals under the age of 13.

We do not knowingly collect personal data from children.

11. Changes to this policy

We may update this Privacy Policy periodically.

Users will be notified of significant changes through the platform or email.