Privacy Policy
Last updated: June 1, 2026
1. Information We Collect
When you use Bookora, we collect information you provide directly to us, including:
- Account information (name, email address, profile picture) provided through PersonID authentication
- Business information (company name, services, availability, pricing)
- Customer information (names, contact details, booking history) that you import or enter
- Communication data (messages exchanged through AI Receptionist, emails, support tickets)
- Usage data (features used, pages visited, session duration)
2. How We Use Your Information
- Provide, maintain, and improve our services
- Process bookings, payments, and transactions
- Train and improve AI agents and workflows
- Send service updates, marketing communications (with consent)
- Detect and prevent fraud or abuse
- Comply with legal obligations
3. Cookies
We use cookies and similar tracking technologies to:
- Maintain your session and authentication state
- Remember your preferences and settings
- Analyze usage patterns and improve our platform
- Deliver relevant marketing communications
You can control cookie preferences through your browser settings. Essential cookies are required for the platform to function.
4. Data Sharing and Disclosure
We do not sell your personal information. We may share data with:
- Service providers who help us operate the platform (cloud infrastructure, AI models, analytics)
- PersonID for authentication purposes (as part of our OAuth2/OIDC integration)
- Legal authorities when required by law or to protect our rights
- Business partners with your explicit consent
5. Data Security
We implement industry-standard security measures:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- HTTP-only, Secure, SameSite cookies for session management
- Regular security audits and penetration testing
- Access controls and least-privilege principles
- Data isolation between customers
6. Data Retention
We retain your data for as long as your account is active. Upon account deletion:
- Customer data is deleted within 30 days
- Analytics data is anonymized and retained for reporting
- Backup data is purged within 90 days
- Legal holds may apply if required by law
7. Your Rights (GDPR)
If you are in the European Economic Area, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erasure (“right to be forgotten”)
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent at any time
To exercise these rights, contact us at privacy@bookora.work.
8. Your Rights (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect and share
- Request deletion of your personal information
- Opt out of the sale of personal information (we do not sell data)
- Non-discrimination for exercising your rights
9. Third-Party Services
Bookora integrates with the following third-party services:
- PersonID — Identity and authentication (OAuth2/OIDC)
- AI Model Providers — GPT-4o, Claude, Gemini for AI agent functionality
- Cloud Infrastructure — Cloudflare Workers, D1, R2 for hosting and storage
10. Children's Privacy
Bookora is not intended for use by individuals under 16 years of age. We do not knowingly collect personal information from children.
11. Changes to This Policy
We may update this policy periodically. Material changes will be notified via email or through the platform. Continued use after changes constitutes acceptance.