Privacy Policy

1. Introduction

This Privacy Policy explains how Booqly (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you use the Booqly platform (the “Service”).

Booqly is committed to protecting your privacy in compliance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations.

2. Data Controller and Data Processor

For Booking Data entered by workspace owners, Booqly acts as a data processor. The workspace owner is the data controller and is responsible for obtaining consent from their End Customers and complying with the Data Privacy Act.

For User account data (email, name, authentication information), Booqly acts as the data controller.

3. Data We Collect

3.1 User Account Data

Email address (required), full name, phone number (optional), and profile image URL (optional).

3.2 Workspace Data

Business name, description, logo, and workspace settings (timezone, currency, business hours, contact information).

3.3 End Customer Data

Data collected via public booking pages: full name, email, phone, address (if configured), and custom field values as defined by the workspace owner. This data is stored within the workspace owner's tenant.

3.4 Booking and Transaction Data

Booking details, payment records, expense records, and inventory records.

3.5 Automatically Collected Data

IP addresses, user agent strings, login timestamps, and authentication attempts (temporary, 15-minute TTL).

4. Legal Basis for Processing

We process personal data based on consent (account creation), contract (service provision), legitimate interest (security, fraud prevention), and legal obligation (tax compliance).

5. How We Use Your Data

We use collected data to provide the Service, communicate (OTP codes, booking confirmations, notifications), maintain security, improve the Service (aggregated, anonymized data only), provide support, and process billing.

We do not sell personal data, use it for advertising, or share it with third parties for marketing.

6. Data Storage and Security

Data is stored on Hostinger VPS servers in the Malaysia region, secured with firewall (UFW), SSH key-only access, regular security updates, and automated backups. PostgreSQL Row-Level Security ensures workspace data isolation. All connections use TLS 1.2+.

7. Data Sharing

We may share data with payment processors (for subscription payments), email service providers (for transactional emails), and our hosting provider (infrastructure). We do not share, sell, or rent personal data to any other third parties.

8. Data Retention

Active account data is retained while the account is active. Soft-deleted records are retained for 30 days. Auth codes have a 15-minute TTL. Refresh tokens have a 7-day TTL. Audit logs are retained for 30 days (Pro) or 1 year (Enterprise). Closed account data is deleted 30 days after account deletion.

9. Your Rights Under the Data Privacy Act

You have the right to be informed, right to access, right to correction, right to erasure or blocking, right to data portability, right to object, right to damages, and the right to file a complaint with the National Privacy Commission (NPC).

Contact support@booqly.co to exercise these rights.

10. International Data Transfers

Your data is stored on servers in Malaysia. We ensure appropriate safeguards are in place, including standard contractual clauses, technical security measures, and compliance with the Data Privacy Act.

11. Children's Privacy

The Service is not intended for individuals under 18. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 30 days before they take effect.

13. Contact

For privacy-related questions, contact Booqly at support@booqly.co.

National Privacy Commission (NPC): privacy.gov.ph