Privacy Policy | BookingFlow AI
Book a Demo
Legal

Privacy Policy

Effective Date: 23 March 2026

This Privacy Policy explains how Booking Flow AI Limited ("we", "us", "our") collects, uses, shares and protects your personal data when you visit our website, contact us, or use our services. We are committed to protecting your privacy and handling your data in line with the General Data Protection Regulation (GDPR) and Irish data protection law.

In short: we only collect the data we need to provide our services, we never sell it, and you can ask us to delete it at any time.

1. Who We Are

We are Booking Flow AI Limited, a company registered in Ireland.

  • Company number: 811012
  • Registered address: 2 The Mall, Malahide, Co. Dublin, K36 Y466, Ireland
  • Email: [email protected]

For the purposes of GDPR, Booking Flow AI Limited is the data controller for the personal data we collect about you.

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity data: name, business name, job title
  • Contact data: email address, phone number, postal address
  • Business data: details about your trade, services, location and customer base (if you share these with us)
  • Communications data: messages you submit via forms, chat widgets, email, phone, WhatsApp, or social channels
  • Technical data: IP address, browser type, device information, pages visited, time on site
  • Marketing data: your preferences in receiving communications from us

We do not knowingly collect personal data from anyone under 16. If you believe we have collected data from a child, please contact us and we will delete it.

3. How We Collect Your Data

We collect data when you:

  • Fill out a form on our website (e.g. Free Audit, Book a Demo, Contact)
  • Communicate with us by email, phone, or messaging platform
  • Engage our services as a customer
  • Interact with our website (via cookies and analytics)

4. How We Use Your Data

We use your personal data for the following purposes:

  • Responding to enquiries and providing the services you've requested
  • Delivering demos, audits, and customer support
  • Managing our contract with you as a customer (billing, communications, account management)
  • Improving our website, services and customer experience
  • Sending you relevant updates about your account or our services (transactional)
  • Sending marketing communications, where you have consented or where we have a legitimate interest
  • Complying with legal and regulatory obligations

5. Legal Basis for Processing

Under GDPR, we rely on the following legal bases:

  • Consent — for marketing communications and non-essential cookies
  • Contract performance — when you become a customer, we process your data to deliver the services you've paid for
  • Legitimate interest — to respond to enquiries, improve our services, prevent fraud, and run our business
  • Legal obligation — to comply with tax, accounting and regulatory requirements

6. Who We Share Your Data With

We share data only with trusted third-party providers who help us deliver our services. These providers act as data processors on our behalf and are bound by contract to keep your data secure and use it only for the purposes we instruct.

Categories of providers include:

  • CRM and automation platforms (HighLevel / LeadConnector) — to manage customer communications, automations, and data
  • Payment processors (Stripe, PayPal, others) — to process payments securely
  • Hosting and infrastructure — to host our website and securely store data
  • Email and messaging providers — to deliver email, SMS, and WhatsApp communications
  • Analytics tools — to understand how our website is used and improve it

We do not sell your personal data to third parties. We may disclose data if required by law, court order, or regulatory request.

7. International Data Transfers

Some of the providers we use (for example HighLevel / LeadConnector) are based outside the European Economic Area (EEA), primarily in the United States. This means your personal data may be transferred to and processed outside the EEA.

Where this happens, we ensure appropriate safeguards are in place to protect your data, including:

  • Standard Contractual Clauses approved by the European Commission
  • Providers certified under recognised data protection frameworks where applicable
  • Contractual obligations requiring providers to maintain GDPR-equivalent protections

8. How Long We Keep Your Data

We retain personal data only for as long as needed for the purposes set out in this policy. Typical retention periods include:

  • Enquiry data (forms, audits, demos that didn't convert) — up to 24 months from last contact
  • Customer data — for the duration of your contract with us, plus 60 days after cancellation to allow for data export, then permanently deleted
  • Accounting records (invoices, payments) — 7 years, as required by Irish tax law
  • Marketing data — until you unsubscribe or withdraw consent

9. Your Rights Under GDPR

You have the following rights in relation to your personal data:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — ask us to correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten") — ask us to delete your data, subject to legal retention requirements
  • Right to restriction — ask us to limit how we use your data
  • Right to object — object to processing based on legitimate interest, including marketing
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to withdraw consent — at any time, where we rely on consent

To exercise any of these rights, email us at [email protected]. We will respond within one month.

You also have the right to lodge a complaint with the Data Protection Commission, Ireland's supervisory authority, at www.dataprotection.ie.

10. Data Security

We take appropriate technical and organisational measures to protect your data, including secure storage, restricted access, encryption in transit, and regular review of our processors' security practices. No system is 100% secure, but we work to industry standards.

11. Cookies

Our website uses cookies and similar technologies to help the site function, improve user experience, and understand how the site is used. Cookies fall into the following categories:

  • Strictly necessary cookies — required for the site to work properly
  • Analytics cookies — help us understand visitor behaviour (used only with your consent)
  • Marketing cookies — used to deliver relevant advertising (used only with your consent)

You can control non-essential cookies through our cookie banner when you first visit the site, or by changing your browser settings.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. Please review their privacy policies before sharing any personal data with them.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The latest version will always be available on this page, with the "Effective Date" at the top updated accordingly. Material changes will be notified to customers via email.

14. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact:

  • Booking Flow AI Limited
  • 2 The Mall, Malahide, Co. Dublin, K36 Y466, Ireland
  • Email: [email protected]
  • Company number: 811012