Privacy policy

Bookt is operated in the United Kingdom. In this policy, “we”, “us” and “our” refer to Bookt as the data controller under the UK GDPR and the Data Protection Act 2018.

• Account data: name, email address, password hash, role (customer/professional), and for pros the business details on your public profile.
• Quote data: the details you enter in the quote wizard — category, event date, location, budget, free-text description.
• Messages: the content of messages you exchange with pros or customers through the platform.
• Payment data: handled by Stripe. We store the Stripe session/payment intent IDs and the amount, but never your card details.
• Technical data: IP address, browser, approximate location for abuse prevention and analytics.

• To run the core service: matching leads, taking payments, showing reviews.
• To send transactional email — quote confirmations, lead notifications, booking receipts.
• To detect fraud, spam and off-platform circumvention.
• To meet legal and tax obligations in the UK.

We rely on contract (to deliver the service you signed up for), legitimate interests (to keep the platform safe), and legal obligation (tax, accounting) as our lawful bases under UK GDPR.

We share data only where strictly necessary to run the service:

• Stripe — for payment processing.
• Supabase — our database and authentication provider.
• Resend — transactional email delivery.
• Vercel — hosting.
• The other party in your booking — pros see your name, event details and messages; once a booking confirms, they also see your contact details so you can coordinate the day itself.

We do not sell your personal data to advertisers or data brokers.

Account data is retained while your account is open. Quote requests, bookings and messages are retained for up to 7 years after the booking date to meet UK tax record-keeping requirements. You can request earlier deletion — see your rights below.

Under UK GDPR you can:

• Ask for a copy of the personal data we hold about you.
• Ask us to correct data that's wrong.
• Ask us to delete your account and data (subject to legal retention limits).
• Object to processing based on legitimate interests.
• Complain to the Information Commissioner's Office (ICO) at ico.org.uk.

We use strictly necessary cookies to keep you signed in and remember your session. We don't use advertising cookies and we don't sell data to trackers.

If we make material changes we'll update the date at the top and, for logged-in users, notify you by email.