BookingPage.ai

Privacy Policy

Last updated: 14 June 2026

BookingPage.ai (“we”, “us”, “our”) respects your privacy. This Privacy Policy explains how we collect, use, store, and protect personal information when you use our website at bookingpage.ai, register for a Google Business Profile Book Now button, use BookingPage Studio (branded booking pages and Google Calendar connection), pass through our Book Now redirect page, or otherwise interact with our services.

This policy is written for a global audience. If you are in the United Kingdom, European Economic Area (EEA), Switzerland, or another country with comprehensive privacy law, additional rights and obligations described below may apply to you.

1. Who we are and how to contact us

BookingPage.ai provides tools to help businesses connect their Google Business Profile to an online booking experience — including free Book Now registration (often via a BookingPage redirect), paid plans without our redirect or branding, and BookingPage Studio (hosted booking pages with Google Calendar sync).

For the purposes of UK GDPR, EU GDPR, and similar laws, BookingPage.ai is the data controller for personal information we collect about business registrants, Studio customers, and visitors to our website, except where we act as a data processor on behalf of a business (see section 3).

Privacy contact: support@bookingpage.ai (subject line “Privacy enquiry” or “Privacy rights request”). We aim to respond within one month (UK/EEA) or within the period required by your local law.

Business customers using Studio or paid services may request a Data Processing Agreement (DPA) describing our processor role — email us with the subject “DPA request”.

Registered businesses that want to turn Book Now off can follow the opt-out instructions (business dashboard toggle or removal request).

2. Our role: controller and processor

How we treat data depends on who you are:

  • Business owners and registrants — We are the controller for information you provide when registering for Book Now, using Studio, or contacting us (name, business details, email, booking page URL, etc.).
  • End customers booking with a Studio business — The business you book with is the controller for customer name, email, phone, and appointment details. Those details are sent to the business’s Google Calendar and are not stored by us as a central booking database. We process limited booking data only as a processor to operate the booking page and calendar integration on the business’s instructions.
  • Visitors to our redirect page — When someone clicks Book Now on Google and passes through /redirect, we log technical click data (see section 4) as controller for billing, analytics, and service operation.
  • Website visitors — We are controller for cookies and technical logs on bookingpage.ai.

If you are an end customer wanting to access or delete appointment data, contact the business you booked with first. We will assist the business where we act as their processor.

3. Information we collect

We may collect the following categories of information:

  • Registration and account details — your name, business name, business type, business address, telephone number, business email address, booking page URL, and related fields submitted on our registration or Studio builder forms.
  • Verification data — tokens and timestamps used to verify your business email before we process your Google Book Now request.
  • Studio configuration — branding (colours, fonts, template, logo URLs), services, working hours, timezone, currency, and publish status. Logos and service images are stored in our cloud storage.
  • Google Calendar connection data — OAuth tokens, calendar connection identifiers, and business metadata needed to show availability and create calendar events. We do not maintain a separate copy of your appointment history in our database.
  • Book Now and redirect data — redirect click timestamps, destination URL, referrer, user agent, and associated business identifiers used to measure Book Now traffic and apply free/paid tier limits.
  • Communications — messages you send us by email or through contact forms.
  • Technical data — IP address, browser type, device information, and pages visited, collected through server logs, cookies, and similar technologies where used.

We do not intentionally collect special category data (such as health information) through our registration forms. If your business category or service descriptions contain sensitive information, you are responsible for lawful grounds to publish that content on your booking page.

4. How we use your information

We use personal information to:

  • Process your registration and verify that you are a legitimate business owner.
  • Submit and maintain your Google Book Now button integration, linking to your booking page URL or Studio page.
  • Host and operate Studio booking pages, sync availability, and create events in your connected Google Calendar.
  • Send transactional emails (verification, booking alerts, URL-change confirmations) via our email provider.
  • Measure Book Now redirect clicks to operate free and paid tiers.
  • Communicate with you about your account, verification, service updates, and support requests.
  • Improve our website, services, and security; detect abuse and fraud.
  • Comply with legal obligations and enforce our Terms of Use.

5. Legal bases and regional privacy laws

We process personal information lawfully and fairly. The rules that apply depend on where you live and where you do business. This section explains our main legal bases for users in the UK and EEA, how we approach users in other countries, and additional notice for United States residents where relevant.

United Kingdom (UK GDPR)

If UK data protection law applies, we rely on: contract (providing services you request); legitimate interests (operating BookingPage.ai securely, measuring redirect clicks, preventing fraud, and ensuring genuine business registrations — balanced against your rights); consent where required (optional marketing, non-essential cookies); and legal obligation where we must retain or disclose information.

European Economic Area (EU GDPR)

If EU GDPR applies, we use the same legal bases as above. Where we process end-customer booking details on behalf of a Studio business, we do so under contract with that business (Article 28 processor terms; DPA available on request).

Switzerland (FADP)

If you are in Switzerland, Swiss Federal Act on Data Protection may apply. You have broadly similar rights to access, rectify, and delete personal data. Contact us to exercise your rights; you may also complain to the Federal Data Protection and Information Commissioner (FDPIC).

Canada (PIPEDA and provincial laws)

If you are in Canada, we collect, use, and disclose personal information with your consent or as permitted by applicable law (for example, where necessary to provide the service). You may request access to and correction of your personal information. Contact our privacy email above. You may complain to the Office of the Privacy Commissioner of Canada or your provincial privacy regulator where applicable.

Australia (Privacy Act 1988)

If you are in Australia, we handle personal information in line with the Australian Privacy Principles where they apply to us. You may request access to or correction of your personal information, or complain to the Office of the Australian Information Commissioner (OAIC).

Other countries

If you register from another country, local privacy laws may still apply. Where UK or EU GDPR does not apply, we generally process your data because it is necessary to perform our agreement with you, we have a legitimate business need that does not override your rights, you have given permission where required, or we must comply with the law. Contact us to exercise rights available in your jurisdiction.

United States residents

We do not sell personal information and do not share it for cross-context behavioural advertising as those terms are commonly defined under US state privacy laws. In the preceding twelve months we have not “sold” personal information within the meaning of the California Consumer Privacy Act (CCPA), as amended by the CPRA.

Categories of personal information we collect (for business registrants) may include: identifiers (name, email, phone); commercial information (business name and address); internet or network activity (technical logs); and professional information (business details you provide). We use this information for the purposes described in sections 2 and 3 of this policy.

If you are a resident of California, Colorado, Connecticut, Virginia, or another US state with a comprehensive privacy law, you may have additional rights — such as to know what we collect, to delete certain information, to correct inaccurate information, and to opt out of sale or certain sharing (which we do not conduct). To submit a request, email support@bookingpage.ai with the subject line “US privacy request”. We will verify your identity before responding. You may designate an authorised agent where your state law allows. We will not discriminate against you for exercising privacy rights.

6. Sharing your information and subprocessors

We may share information with:

  • Google — to register or update your Book Now action, authenticate Calendar access (Studio), and use Google Places in the Studio builder where enabled.
  • Service providers (subprocessors) — who process data on our instructions under written commitments to protect it. Key categories include:
Provider / category Purpose Typical location
Cloud hosting (e.g. Netlify) Website and API hosting United States / global CDN
Database (Supabase) Registrations, Studio config, redirect click logs, OAuth tokens EU / UK / US (project region)
Email (Brevo) Verification, transactional, and admin emails EU / global
Google (OAuth, Calendar, Maps Places) Book Now, Studio calendar sync, address autocomplete Global

A current list of subprocessors is available on request. We will notify business customers of material changes where required by contract or law.

  • Authorities — if required by law or to protect our rights, users, or the public.
  • Professional advisers — lawyers, accountants, or insurers where necessary and subject to confidentiality.

We do not sell your personal information.

7. International transfers

We are based in the United Kingdom. Your information may be processed in the UK and in other countries where our service providers operate (which may include the United States, European Union, or other regions).

Where UK or EU law requires it, we use appropriate safeguards for transfers outside the UK or EEA — such as UK International Data Transfer Agreements, EU Standard Contractual Clauses, or adequacy decisions. For users in other countries, we take reasonable steps to ensure your information receives a comparable level of protection through contractual commitments with our providers.

8. Data retention

We keep information only as long as needed for the purposes above:

  • Active registrations and Studio sites — while your Book Now integration or Studio page is active, plus a reasonable period afterwards for support, billing disputes, and legal compliance.
  • Verification tokens — until verification completes or the registration expires, typically within 90 days if unused.
  • Redirect click logs — retained for tier billing and analytics; aggregated statistics may be kept longer.
  • OAuth tokens — while your Calendar connection is active; revoked or deleted when you disconnect or delete your Studio site, subject to backup cycles.
  • Support emails — typically up to three years unless a longer period is required by law.

You may request deletion where you have the right to erasure. We may retain certain records where required by law or for establishing, exercising, or defending legal claims.

9. Security

We use appropriate technical and organisational measures to protect personal information. No method of transmission over the internet is completely secure; we cannot guarantee absolute security.

10. Your privacy rights

Depending on your location, you may have some or all of the following rights:

  • Access — to obtain a copy of personal information we hold about you.
  • Correction — to ask us to correct inaccurate or incomplete information.
  • Deletion — to ask us to delete your information, subject to legal exceptions.
  • Restriction — to ask us to limit how we use your information in certain cases.
  • Objection — to object to processing based on legitimate interests (UK/EEA/Switzerland).
  • Portability — to receive your data in a structured, machine-readable format where applicable.
  • Withdraw consent — where processing is based on consent (for example optional marketing or non-essential cookies).
  • Opt out of certain processing — under US state laws (we do not sell personal information).
  • Complaint — to lodge a complaint with a supervisory authority or regulator in your country.

Supervisory authorities (examples)

  • United Kingdom: Information Commissioner’s Office (ICO) — ico.org.uk
  • EEA: your local data protection authority — EDPB member list
  • Switzerland: FDPIC — edoeb.admin.ch
  • Canada: Office of the Privacy Commissioner — priv.gc.ca
  • Australia: OAIC — oaic.gov.au

To exercise any right, email support@bookingpage.ai with the subject line “Privacy rights request”. Tell us which right you are exercising and enough information to identify your account. We will respond within the time required by applicable law (for example, one month under UK/EU GDPR, or 45 days for many US state requests). We may need to verify your identity before responding. We will not discriminate against you for exercising privacy rights.

Automated decision-making: We do not make solely automated decisions with legal or similarly significant effects about business registrants. Redirect click counts may inform tier eligibility; you may contact us to discuss your account if you believe a threshold was applied incorrectly.

11. Cookies and similar technologies

Our website uses cookies and similar technologies. When you first visit our homepage, you can choose Accept all or Essential only in our cookie banner.

  • Essential cookies — required for the site to function (for example remembering your cookie choice). These are always used.
  • Analytics cookies — optional; used only if you click Accept all, to help us understand how visitors use our pages. We do not use analytics cookies if you choose Essential only.

You can also control cookies through your browser settings. Removing or blocking cookies may affect how the site works.

12. BookingPage Studio and end-customer privacy

If you use Studio, you are responsible for providing your own privacy notice to end customers who book through your page, including: who the controller is; what data you collect; legal bases; how long you keep data; and customer rights. You must have a lawful basis to collect customer name, contact details, and appointment information and to instruct us to create calendar events on your behalf.

You remain the data controller for end-customer booking data. BookingPage.ai acts as your data processor for that data submitted through your Studio page. A DPA is available on request. Customer appointment details are stored in your Google Calendar, not in a BookingPage.ai booking database.

13. Third-party links

Our site may link to third-party websites (including Google and your own booking page). We are not responsible for their privacy practices. Please review their policies separately.

14. Children

Our services are intended for businesses and are not directed at children under 16. We do not knowingly collect data from children.

15. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will change when we do. Continued use of our services after changes constitutes acceptance of the updated policy where permitted by law.

← Back to home · Opt out · Terms of Use