Privacy Policy

Last Updated: 22/11/2025

Version: 1.0

1. Introduction

Welcome to BookingPal ("we", "our", or "us"). We are committed to protecting your personal data and respecting your privacy. This privacy policy explains how we collect, use, and store your personal information when you use our booking and resource management application.

2. Data We Collect

  • Identity Data: Name, email address, and profile picture (provided via Single Sign-On with Google or Microsoft).
  • Booking Data: Details of resources you book (rooms, desks, parking), including dates, times, and meeting subjects.
  • Technical Data: IP address, browser type and version, time zone setting, and operating system.
  • Usage Data: Information about how you use our application, such as page views and feature interaction.

3. How We Use Your Data

We process your data for the following purposes:

  • To provide and manage resource bookings within your organization.
  • To authenticate your identity using your organisation's credentials (SSO).
  • To manage safety roles (identifying First Aiders and Fire Wardens on-site).
  • To monitor system stability and fix technical errors.

4. Data Storage and Residency

Your primary data (user accounts, bookings, and resource settings) is stored on secure servers provided by Hetzner Online GmbH, located in Germany (EU). This ensures your data remains within the European Economic Area (EEA) and is protected by GDPR standards.

5. Data Processors (Third Parties)

We engage the following third-party processors to help us provide the service:

  • Hetzner (Germany): Database and compute.
  • Sentry (EU Region): Error tracking and performance monitoring. Sentry captures technical data (browser version, OS, stack traces) to help us identify bugs. It does not store persistent personal booking data.
  • Resend (USA): Transactional email delivery service (booking confirmations, cancellations). Data transfer is protected via standard contractual clauses.

6. Data Retention

We implement a strict data retention policy to minimize data storage:

  • Booking History: Booking records are automatically deleted 2 years after the booking date.
  • User Accounts: User data is retained while your account is active. If your organization offboards you, or you request deletion, your data will be anonymized or deleted in accordance with our "Right to be Forgotten" process.
  • Error Logs: Technical error logs are retained for 90 days before being deleted.

7. Cookies and Local Storage

We use "cookies" (small text files stored on your device) solely to provide the essential functionality of the Service. We do not use cookies for advertising, retargeting, or third-party tracking.

We use the following categories of strictly necessary cookies:

  • Authentication & Security: These cookies handle your secure login session. They allow you to move between pages without having to log in again and protect against cross-site request forgery (CSRF) attacks.
  • Functionality & Preferences: These cookies remember your settings, such as whether you have accepted these Terms, to improve your user experience.

8. Your Rights

Under GDPR and UK GDPR, you have the right to:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data ("Right to be Forgotten").
  • Object to processing of your personal data.

To exercise these rights, please contact your Organisation Administrator or contact us via our Support form.

9. Contact Us

If you have questions about this privacy policy or our privacy practices, please contact us via our:
Support form