BooknuaBack to home

Privacy Policy

Booknua Privacy Policy Effective Date: 28 February 2026 Last Updated: 28 February 2026 Booknua (“Booknua,” “we,” “our,” or “us”) provides software and digital services for beauty and wellness businesses, including online booking, customer relationship management, scheduling, messaging, social media tools, advertising features, payment workflows, analytics, and related support services (collectively, the “Services”). This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you use our Services via our websites, web applications, widgets, APIs, and connected third-party platforms. If you do not agree with this Privacy Policy, please do not use the Services. 1. Scope and Applicability This Policy applies to personal information processed by Booknua in connection with: Booknua-operated websites, dashboards, and applications; booking widgets and hosted booking pages; social inbox, messaging, and customer engagement features; social publishing and advertising workflows; billing, payment, and reconciliation features; integrations with third-party platforms you authorize. This Policy does not apply to third-party products or platforms not controlled by Booknua (for example, Meta, Stripe, and other providers’ own services), which are governed by their own privacy policies. 2. Roles: Controller vs Processor Depending on context, Booknua may act as: Data Controller for personal information about our own users, account administrators, billing contacts, and operational/security logs. Data Processor / Service Provider when we process customer data on behalf of a business using Booknua (for example, appointments, client notes, staff roster data entered by a salon). If you are an end-customer of a business that uses Booknua, that business is generally the primary controller of your booking and service records. 3. Information We Collect 3.1 Information You Provide Account and identity data (name, email, role, login credentials). Business profile data (business name, service list, operating hours, location details, branding assets). Team/staff data (staff profiles, scheduling, time-off/availability data). Client/customer data entered by business users (name, phone/email, notes, booking history). User-generated content (messages, campaign copy, uploaded images/files, website content). Billing and subscription data needed to activate and manage paid services. 3.2 Information from Connected Platforms When you authorize integrations, we may receive data from providers such as Meta/Facebook/Instagram, Stripe, and other connected systems. This can include: account/page/profile identifiers; permission metadata; messaging events and conversation metadata; ad/campaign configuration and reporting objects; transaction/payment status and webhook events. 3.3 Automatically Collected Information Device and browser data (IP address, user agent, device identifiers where applicable). Product usage data (features used, interactions, timestamps, diagnostics). Security and authentication data (session tokens, login events, audit logs). Cookie and similar technology data for session management, security, and analytics. 3.4 Sensitive Information Booknua is not intended to collect highly sensitive personal information unless explicitly required for a supported lawful use case. Do not submit government IDs, biometric data, medical data, or other sensitive categories unless specifically requested and legally permitted. 4. How We Use Information We use personal information to: provide, operate, and secure the Services; create and manage user accounts; process bookings, schedules, and client workflows; enable communications and messaging features; support social posting, campaign setup, and ad-related workflows; process payments, receipts, refunds, and related financial operations; provide technical support and account communications; monitor reliability, troubleshoot issues, and improve Service quality; detect, prevent, and investigate fraud, abuse, and unauthorized access; comply with legal obligations and enforce contractual terms; provide AI-assisted functionality requested by users. 5. Legal Bases for Processing (Where Applicable) Where required under laws such as GDPR/UK GDPR, Booknua relies on one or more legal bases: performance of a contract; legitimate interests (e.g., security, fraud prevention, service improvement); legal obligation; consent (for specific optional activities where required). 6. How We Share Information Booknua does not sell personal information. We may share personal information: With service providers/subprocessors that support hosting, infrastructure, analytics, communications, security, support, and payment operations. With integration partners you choose to connect (e.g., Meta/Facebook/Instagram, payment providers) to perform requested features. Within your organization/account with authorized administrators and users. For legal/safety reasons (e.g., legal process, lawful requests, rights protection, fraud/security investigation). In corporate transactions (e.g., merger, acquisition, financing, asset transfer), subject to confidentiality and legal safeguards. 7. Meta/Facebook/Instagram Data Handling If you connect Meta services, Booknua processes permitted data to provide requested messaging, publishing, and advertising capabilities. 7.1 Meta Permissions We May Request Depending on enabled features, Booknua may request permissions such as: ads_management, ads_read, business_management (ads and reporting operations); pages_show_list, pages_manage_metadata (Page connection/management metadata); pages_messaging, instagram_basic, instagram_manage_messages (inbox and messaging functionality). We request only permissions necessary for selected features. If permissions are not granted, related features may not function. 7.2 Meta Data Deletion Requests To request deletion of Meta-connected data processed by Booknua, contact: privacy@booknua.com Subject: Meta Data Deletion Request Please include sufficient verification details (e.g., business/account identity and connected page/profile identifiers). Booknua deletion handling commitments: acknowledgment of verified requests within 7 days; deletion or de-identification initiated without undue delay after verification; if acting as processor, coordination with the relevant Booknua business account owner; retention of limited records only where legally required (e.g., legal hold, fraud prevention, accounting, dispute resolution). If you provide a dedicated Meta Data Deletion Instructions URL in your App Dashboard, ensure it matches this process. 7.3 Meta Retention Windows (Default) Unless a longer period is required by law or active legal/security matters: OAuth state/session artifacts: up to 10 minutes. Meta token and connection metadata: while integration is active; removal within 30 days of disconnection or verified deletion request. Synced messaging/conversation records: up to 24 months from last activity, unless earlier deletion is requested by the business user. Campaign/reporting records used for reconciliation and analytics: up to 36 months. Security/audit logs related to Meta integration access: up to 12 months. 8. AI and Automated Processing Booknua may provide AI-assisted features (e.g., drafting, summarization, content/campaign suggestions, structured parsing). These features may process prompts, uploaded content, and related metadata to generate outputs. Users are responsible for reviewing AI-generated outputs before use. AI interaction data may be retained for quality assurance, abuse prevention, and service improvement, subject to this Policy and applicable law. 9. Data Retention (General) We retain personal information for as long as necessary to: provide and support Services; comply with legal, tax, accounting, and regulatory obligations; maintain security, auditability, and fraud controls; resolve disputes and enforce agreements. When data is no longer needed, we delete, anonymize, or de-identify it in accordance with our retention practices. 10. Security Booknua implements technical and organizational safeguards designed to protect personal information, including access controls, authentication protections, encryption in transit where appropriate, and logging/monitoring controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. 11. International Data Transfers Booknua and its providers may process personal information in countries outside your own. Where required, we implement appropriate safeguards (e.g., contractual transfer mechanisms and comparable legal protections). 12. Privacy Rights and Choices Depending on your jurisdiction, you may have rights to: access your personal information; correct inaccurate data; request deletion; restrict or object to certain processing; request data portability; withdraw consent where processing depends on consent. To exercise rights, contact privacy@booknua.com. If Booknua processes your data on behalf of a business customer, we may direct your request to that business as the primary controller and assist them as required. 13. Region-Specific Disclosures 13.1 EEA/UK (GDPR/UK GDPR) Where applicable, you may lodge a complaint with your local supervisory authority and exercise rights under applicable data protection laws. 13.2 California (CCPA/CPRA) and Similar U.S. State Laws Where applicable, residents may request access, correction, deletion, and information about categories of personal information disclosed for business purposes, and may exercise non-discrimination protections for exercising privacy rights. Booknua does not sell personal information in the traditional sense. 14. Subprocessors Booknua uses service providers/subprocessors to deliver Services (e.g., cloud hosting, analytics, communications, payment infrastructure). For current subprocessors or categories, contact privacy@booknua.com. 15. Incident Response and Notifications Booknua maintains incident response procedures and, where required by law, will provide breach/security notifications to affected parties and/or regulators within applicable legal timelines. 16. Children’s Privacy The Services are not directed to children, and we do not knowingly collect personal information from children where consent from a parent/guardian is legally required. 17. Changes to This Policy We may update this Privacy Policy periodically. Material updates will be reflected by updating the “Last Updated” date and, where required, providing additional notice through the Services. 18. Contact Information Booknua Privacy Team Email: privacy@booknua.com If your inquiry is for platform compliance review, include “Meta App Review” in the subject line.