Privacy Policy – Bookairy
Bookairy is operated by Ghekko Development, established at Willem Buytewechstraat 187 C, 3024 XH Rotterdam, the Netherlands, registered with the Dutch Chamber of Commerce under number 70485437, establishment number 000028452003, VAT number NL858338543B01. Contact: .
1. Who we are and which role we have
Bookairy provides a multilingual booking, scheduling and business platform available on web, mobile and desktop.
For visitors to the Bookairy website, account registration, billing, support and direct communication with Bookairy, Bookairy acts as controller. For personal data processed inside a customer's Bookairy workspace on behalf of that customer, the customer is normally the controller and Bookairy acts as processor under the Data Processing Agreement.
2. Personal data we process
Depending on how Bookairy is used, we may process the following categories of personal data:
- Identity and contact data, such as name, email address, phone number and address details.
- Business and account data, such as company name, staff users, roles, permissions, subscription details, billing details and support history.
- Booking and appointment data, such as services, dates, times, staff member, location, notes, booking history, waiting list entries and cancellation or no-show information.
- Customer records, preferences, form answers, uploaded files and messages entered by a Bookairy customer or its end customers.
- Possible health, treatment, wellness or intake data if a customer chooses to collect that information through forms, notes or booking flows.
- Payment-related data, such as payment status, transaction reference, invoice data and refund or chargeback information. Full payment details are handled by payment providers such as Mollie.
- Communication data, such as email, push, SMS or support messages and delivery status.
- Technical and usage data, such as IP address, device identifiers, browser data, app version, log data, security events, cookie choices and analytics data where consent is required and given.
3. Why we process data
- To provide, maintain, secure and improve the Bookairy platform.
- To create and manage accounts, subscriptions, invoices, payments and customer support.
- To manage bookings, calendars, staff, customers, services, products, events, POS, notifications, reports and multilingual booking flows.
- To send transactional messages, service notifications, security messages and support replies.
- To prevent misuse, fraud, spam, unauthorized access and other security incidents.
- To comply with legal, tax, accounting and regulatory obligations.
- To analyze website use and improve pages and content, only where analytics are legally permitted or consent has been given.
4. Legal bases under the GDPR
We process personal data on one or more of the following legal bases: performance of a contract, legal obligation, legitimate interest, consent and, where a Bookairy customer instructs processing in its workspace, the customer's processing instruction under the Data Processing Agreement.
Where sensitive data such as health or wellness information is processed because a customer configured Bookairy to collect it, the customer is responsible for determining and documenting the applicable legal basis and any required explicit consent or other GDPR Article 9 condition.
5. Data retention
We retain personal data only for as long as necessary for the purposes described in this policy, unless a longer period is required by law or needed to establish, exercise or defend legal claims.
| Data category | Typical retention |
|---|---|
| Account, workspace and booking data | During the customer relationship and for a reasonable export, backup and deletion period after termination. |
| Billing, tax and invoice records | As long as required by applicable tax and accounting law. |
| Support and communication records | As long as needed to handle the request, improve support and keep a reasonable business record. |
| Security logs and technical logs | As long as needed for security, abuse prevention, troubleshooting and audit purposes. |
| Cookie consent records and analytics data | According to the Cookie Policy and the settings of the relevant analytics or consent tools. |
6. Subprocessors and third parties
We may use third-party service providers where needed to provide and secure Bookairy. These include:
- Google Cloud / Firebase for hosting, database, authentication, cloud functions, storage and infrastructure.
- Cloudflare for DNS, CDN, network security, DDoS protection, firewall functionality, bot protection, Turnstile and traffic filtering.
- MailerSend for transactional email and email notifications.
- Mollie for online payments, payment status, refunds and payment processing.
- DeepL for automatic translations if translation features are enabled.
- Apple and Google for app distribution, platform services and push notification infrastructure where applicable.
- Support, hosting, monitoring or communication tools where reasonably needed to provide the services.
When Bookairy acts as processor, these providers are subprocessors as described in the Data Processing Agreement. When a customer connects an external integration, that provider may also process data under its own terms and privacy policy.
7. International transfers
We aim to use providers and regions that support GDPR-compliant processing. Some providers or support operations may involve transfers outside the European Economic Area. Where required, we use appropriate safeguards such as Standard Contractual Clauses, transfer impact assessments, supplementary measures or adequacy decisions.
8. Security measures
We use technical and organizational measures appropriate to the risk, including HTTPS/TLS, access controls, role-based permissions, authentication controls, logging and monitoring, security rules, restricted production access, infrastructure security, Cloudflare protection, backups or recovery mechanisms where available and internal confidentiality obligations.
No system is completely secure. Customers remain responsible for their own account security, staff access, device security, export handling and lawful configuration of forms and booking flows.
9. Your rights
Depending on the situation and applicable law, you may have the right to access, rectification, erasure, restriction, data portability, objection, withdrawal of consent and the right not to be subject to solely automated decisions with legal or similarly significant effects.
If your data is processed by one of our customers in that customer's Bookairy workspace, we may refer your request to that customer because the customer is normally the controller for that data.
10. Cookies and tracking
Our website uses necessary cookies for security, Cloudflare protection, consent storage and basic operation. Analytics cookies are used only where legally permitted or after consent. See the Cookie Policy for details and preference management.
11. Complaints
You may contact us first at . You also have the right to lodge a complaint with a supervisory authority, including the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) in the Netherlands.
12. Changes
We may update this Privacy Policy when our services, providers, legal obligations or processing activities change. The latest version is published on this page.