Privacy Policy

Last updated: April 7, 2026

1. Introduction

Bookivio ("we", "our", "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our platform and website, in compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

2. Data Controller

Bookivio acts as a data controller for the personal data collected through the bookivio.com website and as a data processor for venue customer data managed through the platform.

Contact: contact@bookivio.com

3. Data We Collect

3.1 Account Data (Venue Operators)

  • Name, email address, phone number
  • Business name and address
  • Payment information (processed by Stripe)

3.2 Contact Form Data

  • Name, email address
  • Message content

3.3 Booking Data (End Customers)

When venues use Bookivio, the following data about their customers may be processed:

  • Name, email address, phone number
  • Booking details (date, time, number of guests, menu selections)
  • Dietary requirements and allergies (when provided)
  • Payment information (processed by Stripe)
  • Review ratings and feedback

3.4 Technical Data

  • IP address, browser type, operating system
  • Pages visited, time spent, referral source

4. Legal Basis for Processing

Purpose Legal Basis
Providing the Service Performance of contract
Processing payments Performance of contract
Sending service emails (confirmations, reminders) Performance of contract
Responding to contact requests Legitimate interest
Analytics and service improvement Legitimate interest
Marketing communications Consent

5. Data Sharing

We do not sell your personal data. We may share data with:

  • Stripe — for payment processing
  • Email service providers — for sending transactional emails
  • Hosting providers — for infrastructure

All third-party processors are bound by data processing agreements in compliance with GDPR.

6. Data Retention

  • Account data: retained while the account is active, then deleted within 30 days of account closure
  • Booking data: retained according to the venue operator's settings, subject to legal retention requirements
  • Contact form data: retained for up to 12 months
  • Technical data: retained for up to 26 months

7. Your Rights

Under GDPR, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — limit how we process your data
  • Portability — receive your data in a portable format
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — at any time for consent-based processing

To exercise your rights, contact us at contact@bookivio.com.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS)
  • Secure password storage (bcrypt hashing)
  • Access controls and role-based permissions
  • Regular security audits

9. International Transfers

Your data may be processed in countries within the European Economic Area (EEA). Any transfers outside the EEA are subject to appropriate safeguards (Standard Contractual Clauses).

10. Cookies

The Bookivio website uses essential cookies for session management and security (CSRF protection). We do not use tracking or advertising cookies on the marketing site.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via email or a notice on our website.

12. Contact

For privacy-related questions or to exercise your rights: