← Back to Login

Privacy Policy

Last updated: May 15, 2025

My-Bookings.com ("we", "us", "our") operates a calendar booking platform that helps service-based businesses manage appointments through multiple communication channels. This Privacy Policy explains what data we collect, how we use it, how we protect it, and your rights regarding that data.

1. Information We Collect

We collect only the information necessary to provide our booking and scheduling services:

  • Account information — name, email address, and credentials for authentication and role-based access (administrators, specialists, organisation managers)
  • Booking and client data — client name, phone number, appointment date/time, selected service, and the specialist or location associated with the booking
  • Conversation data — text messages, voice call transcripts, and conversation summaries generated during automated or assisted booking interactions via phone, SMS, WhatsApp, Facebook Messenger, or email
  • Voice data — audio recordings of phone calls when automated voice booking is enabled, used for transcription, booking processing, and to allow account holders to review conversations and booking outcomes for service quality assessment
  • Google Calendar data — when a user connects their Google Calendar, we access calendar event data (event titles, times, and calendar list) exclusively to synchronise bookings. See Section 5 below for details
  • Payment information — billing details are processed by our payment providers (Stripe, Revolut) and are not stored on our servers
  • Technical logs — IP addresses, browser type, session data, and operational logs for reliability, auditing, and security
2. How We Use Your Data
  • To operate the booking platform — creating, updating, and managing appointments
  • To provide automated booking assistance via AI-powered voice and text interactions
  • To synchronise appointments with connected Google Calendar accounts
  • To send booking confirmations, reminders, and notifications
  • To provide customer support, troubleshoot issues, and improve service quality
  • To prevent abuse, detect fraud, and ensure system security
  • To comply with applicable legal obligations
3. AI-Powered Services

Our platform uses third-party artificial intelligence (AI) services to provide automated booking assistance through voice calls and text-based messaging. These services include:

  • AI language model providers — to understand customer requests and conduct booking conversations in natural language
  • Speech-to-text providers — to transcribe voice calls into text for processing
  • Text-to-speech providers — to generate spoken responses during automated voice calls

When these AI services are used, the following data may be transmitted to them for processing:

  • Conversation text (messages exchanged during a booking interaction)
  • Audio data from voice calls (for transcription only)
  • Client name and booking details shared during the conversation

We do not send Google Calendar data, payment information, or account credentials to any AI service. All AI providers we use are bound by their own data processing agreements and are contractually prohibited from using your data for training their models or for purposes other than providing the requested service. A detailed list of our third-party sub-processors is available upon request by contacting us.

4. Data Protection & Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:

  • Encryption in transit — all data transmitted between your browser and our servers, and between our servers and third-party services, is encrypted using TLS/HTTPS (Transport Layer Security)
  • Secure credential storage — passwords are hashed using industry-standard algorithms and are never stored in plain text. OAuth tokens (such as Google Calendar tokens) are stored encrypted on our servers
  • Access controls — access to personal data is restricted through role-based permissions. Only authorised personnel with a legitimate business need can access user data. Administrative, specialist, and organisation-level accounts each have access limited to their respective scope
  • Database security — our databases are protected by firewalls, restricted network access, and parameterised queries to prevent SQL injection and other attacks
  • Session management — user sessions are secured with unique tokens and automatic expiration to prevent unauthorised access
  • Regular monitoring — we maintain audit logs of system activity and perform regular reviews to detect and respond to potential security incidents
  • Incident response — in the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and the relevant supervisory authority without undue delay, in accordance with applicable law
5. Google Calendar Integration

When you choose to connect your Google Calendar account, we request the following permissions:

  • Calendar Events (read/write) — to create, update, and delete booking events on your selected calendar
  • Calendar List (read-only) — to display your available calendars so you can choose which one to synchronise with

Our use of Google Calendar data is subject to the following commitments:

  • We access Google Calendar data only to synchronise bookings between our platform and your calendar
  • We do not use Google Calendar data for advertising, analytics, or any purpose unrelated to the booking service
  • We do not share Google Calendar data with third parties, including AI service providers
  • Google Calendar OAuth tokens are stored securely on our servers and are used only to maintain the calendar connection
  • You can disconnect your Google Calendar at any time from your account settings, which revokes our access and deletes stored tokens

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

6. Data Sharing & Third-Party Processors

We do not sell, rent, or trade your personal data. We share data only in the following circumstances:

  • Third-party service providers — we use carefully selected third-party providers for AI language processing, speech recognition, speech synthesis, payment processing, and email delivery. These providers process data solely on our behalf and under contractual obligations to protect your data
  • Legal requirements — we may disclose data when required by law, court order, or governmental regulation
  • Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, with equivalent protections maintained

A complete list of our current sub-processors and the categories of data they process is available upon request. Please contact us to obtain it.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:

  • Account data — retained while your account is active and for a reasonable period after closure to handle any outstanding matters
  • Booking records — retained for the period required by applicable tax and commercial regulations
  • Conversation data — conversation transcripts and summaries are automatically deleted after 100 days
  • Cancelled booking records — automatically deleted after 100 days
  • Technical and operational logs — webhook logs, synchronisation queues, and SMS delivery logs are automatically deleted after 6 days

When data is no longer needed, it is securely deleted or anonymised.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your personal data (subject to legal retention obligations)
  • Restriction — request that we limit the processing of your data in certain circumstances
  • Data portability — request your data in a structured, machine-readable format
  • Objection — object to data processing based on legitimate interests
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us or use the data deletion request form linked below. We will respond to your request within 30 days.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify registered users via email or an in-app notice. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us.

Ownership Notice: All rights of this application belong to My-Bookings.com and cannot be used without the owner's accord.

Request data deletion and account removal

Terms and Conditions

NotificationBridge Privacy Policy