Privacy Policy

Bookka (“we”, “us”) provides a booking and marketing platform for service businesses. This policy explains what personal information we collect, how we use it, and the choices you have. By using Bookka you agree to this policy.

1. Information we collect

Account & business data

• Name, email, phone number, and password (hashed) when you create an account.
• Business profile information you enter: business name, address, services, prices, hours, photos.
• Booking, payment, and customer-management data you create through the platform.
• Communications you send via Bookka (SMS, email, in-app messages).

Connected social and advertising accounts

When you connect a third-party account (Facebook Page, Instagram Business, TikTok, Meta Ads, Google Ads), we receive an access token from that provider and store it encrypted at rest so we can act on your behalf. We do not store your social provider password. Specifically:

• Meta (Facebook + Instagram): Page access tokens, Page ID, Instagram Business Account ID, basic profile (avatar, name), posts we publish on your behalf, and engagement metrics (likes, comments, link to the post). Read with the permissions you grant during the Facebook Login flow.
• TikTok: Your TikTok open_id, union_id, username, avatar, display name, the videos and photos you ask us to publish on your behalf, and their engagement counts (likes, comments, shares, views). Scopes requested: user.info.basic, user.info.profile, video.publish, video.list.
• Meta Ads / Google Ads: Ad account IDs, campaign metadata, and reporting metrics for the campaigns you create through Bookka.

Automatically collected

• Device, browser, IP address, and basic usage analytics.
• Cookies used for sign-in, CSRF protection, and remembering preferences.

2. How we use your information

• To run the service: provide bookings, publish scheduled social posts, send notifications you’ve enabled.
• To show you analytics about your business activity and connected accounts.
• To process payments through Stripe (we never store full card numbers ourselves).
• To prevent fraud, abuse, and enforce our Terms of Service.
• To send service updates (you can opt out of non-essential email).

3. Sharing with third parties

We share data only with the providers needed to run the service:

• Supabase — hosting, database, file storage.
• Stripe — payments and subscription billing.
• Resend — transactional email.
• Twilio — SMS notifications.
• Meta (Facebook, Instagram, Meta Ads) — publishing posts and reading engagement, when you connect those accounts.
• TikTok — publishing posts and reading engagement, when you connect that account.
• Google Ads — managing ad campaigns, when you connect that account.
• OpenAI / Anthropic — generating AI captions, replies, and copy you request.
• Mapbox — rendering maps in our search interface.

We do not sell personal information.

4. Data retention

We keep account and business data for as long as your account is active. When you disconnect a social account, we revoke and delete its access token. Staged media (images, videos uploaded for publishing) is automatically removed within 24 hours of being published. Deleted accounts are purged within 30 days, subject to any legal retention requirements.

5. Your rights

You can:

• Access, correct, or export your data from within the Bookka dashboard.
• Disconnect any connected social or advertising account at any time from the Integrations page (this revokes the access token).
• Delete your account — see Data deletion instructions.
• If you’re in the EU/UK, exercise GDPR rights (access, rectification, erasure, portability, objection).
• If you’re in California, exercise CCPA rights.

6. Security

We store credentials and access tokens encrypted at rest, restrict access via row-level security, and require HTTPS for all traffic. No system is perfect; we will notify affected users of a material breach as required by law.

7. Children

Bookka is not directed to children under 13. We do not knowingly collect data from children.

8. International transfers

Data may be processed in the United States or other countries where our providers operate. Where required, we rely on standard contractual clauses for transfers out of the EU/UK.

9. Changes to this policy

We’ll update the “Last updated” date above when we change this policy. Material changes will be highlighted in-app or by email.

10. Contact

Questions or requests: privacy@bookka.app.