How we handle your data.

Who We Are

GetBookra ("Bookra", "we", "us") is an online software platform providing booking, business management, and customer engagement tools for service-based businesses. The Service is currently operated by its founder from Dubai, United Arab Emirates, and will transition to a registered UAE legal entity upon incorporation.

We are the data controller for personal information processed in connection with our website and account holders, and a data processor for customer information that salons store in our platform.

What Data We Collect

From salon owners and staff: name, email address, phone number, role, login credentials, profile photo (optional), staff documents and licenses (optional), schedule, leave records, payslip-related information, and other operational data needed to run the salon.

From a salon's customers (entered into Bookra by the salon): name, phone number, email address, booking history, service preferences, internal notes added by the salon, and any photos uploaded against a booking.

From payments: billing-related identifiers from our payment provider (Paddle) for subscriptions and add-ons, and from Stripe for booking-level payments processed at the salon. We do not store full card details — those are handled by the payment provider.

From your use of the website: IP address, browser type, device information, pages visited, referral source, and cookies necessary for the service to function and to understand aggregate usage.

How We Use Data

We use personal data to:

• Operate the service — booking, scheduling, notifications, payments, reporting.
• Bill subscriptions and add-ons through Paddle.
• Send transactional communications (booking confirmations, reminders, receipts).
• Provide customer support.
• Detect and prevent fraud, abuse, and security incidents.
• Improve the product through aggregate, de-identified analytics.
• Send marketing communications to account owners (subject to consent and opt-out options).

Legal Basis for Processing

We rely on the following legal bases, depending on the context:

• Contract — to provide the service to subscribed salons.
• Legitimate interest — to secure the platform, prevent fraud, and improve the product.
• Consent — for optional marketing communications and where required by law.
• Legal obligation — to retain records for tax, accounting, or regulatory purposes.

Who We Share Data With

We share personal data only with sub-processors needed to operate the service, and with authorities where legally required. Current sub-processors include:

• Paddle.com Market Limited — Merchant of Record for subscription billing, invoicing, and tax handling.
• Meta Platforms, Inc. — WhatsApp Business API for sending utility and marketing messages to customers.
• Google LLC — Calendar integration (when staff opt in) and OAuth sign-in.
• Stripe, Inc. — payment processing for booking-level transactions taken by salons from their own customers.
• Resend and SMTP providers — transactional email delivery.
• Railway and cloud storage providers (including Google Cloud Storage) — application hosting and media storage.
• Service providers for analytics, error monitoring, and security.

We do not sell personal data. We do not share customer data with third parties for their own marketing purposes.

International Transfers

Some of our sub-processors operate outside the UAE. Where data is transferred internationally, we rely on the sub-processor's own data-protection commitments and standard contractual clauses where applicable.

Data Retention

We retain personal data for as long as your salon's account is active. After account closure, we retain data only as long as needed to meet legal, accounting, or security obligations, after which the data is deleted or anonymised.

Customer data stored by a salon belongs to that salon. Salons may export or delete customer records at any time, subject to legal-hold exceptions.

Data Security

We protect personal data with encryption in transit (HTTPS) and at rest, role-based access controls, audit logs for sensitive operations, and regular security reviews. No system is perfectly secure, but we work to apply industry-standard safeguards.

Your Rights

Subject to applicable law, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate information.
• Request deletion of your data (subject to legal retention requirements).
• Request a copy of your data in a portable format.
• Object to or restrict certain processing.
• Withdraw consent (where consent is the basis for processing).

To exercise these rights, email hello@getbookra.com. We respond within 30 days.

Cookies

We use cookies and similar technologies for essential service functionality (session management, authentication), preferences, and aggregated analytics. You can manage cookies through your browser settings. Disabling cookies may limit some features.

Children

Bookra is intended for use by businesses and their adult staff. We do not knowingly collect personal data from individuals under 18. If you believe a minor has provided personal data to us, please contact us at hello@getbookra.com and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-product notice. The "Effective date" at the top of this page reflects the latest version.

Contact

Privacy questions or requests should be sent to hello@getbookra.com, or by post to GetBookra, Dubai, United Arab Emirates.