Privacy Policy

Last Updated: February 2026

1. Introduction

Welcome to Booka.work, owned and operated by Polymorphic IT Pty Ltd (ABN 66 617 514 977) ("we", "us", or "our"). We respect your privacy and are committed to protecting your personal data. This privacy policy informs you how we handle your personal data when you visit our website or use our applications (regardless of where you visit it from) and tells you about your privacy rights and how the law protects you.

This policy complies with the Australian Privacy Act 1988, the EU General Data Protection Regulation (GDPR), and the Meta Platform Terms.

2. The Data We Collect

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data: First name, last name, username or similar identifier, profile photo.
  • Contact Data: Email address, telephone numbers, and billing address.
  • Financial Data: Payment card details (processed securely by Stripe and/or Square — we do not store full card numbers).
  • Transaction Data: Details about payments, bookings, and services purchased through the platform.
  • Technical Data: IP address, browser type and version, time zone setting, operating system, and device information.
  • Usage Data: Information about how you use our website and services, including pages visited, features used, and interaction patterns.
  • Communications Data: Records of SMS and email communications sent through the platform (e.g., booking confirmations, reminders).
  • Unsolicited Data: Any other information you choose to provide to us.

3. Cookies & Analytics

We use PostHog for product analytics to understand how users interact with our platform. PostHog may set cookies to track sessions and user behaviour across visits.

  • Essential Cookies: Required for the platform to function (authentication, session management). These cannot be disabled.
  • Analytics Cookies: Used by PostHog to collect anonymised usage data. You can opt out via our cookie consent banner or by visiting our Cookie Policy page.

When you first visit our website, we present a cookie consent banner. You may accept or decline analytics tracking at any time.

4. Facebook & Meta Data Usage

When you choose to sign in or connect your account using Facebook/Meta Login, we access certain information from your Facebook profile and connected Pages to provide our services. Specifically:

  • Profile Information: We collect your Public Profile (Name, Profile Picture) to create your user account.
  • Email Address: We collect your email address for account authentication and communication.
  • Pages and Business Integration: With your explicit permission, we access a list of the Facebook/Instagram Pages you manage. We use this access solely to allow you to view insights, manage bookings, and reply to customer messages directly from the Booka.work dashboard.

We do NOT:

  • Post to your timeline without your explicit action.
  • Sell your Facebook data to third parties.
  • Store your data any longer than necessary to provide our service.

5. How We Use Your Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • To register you as a new customer or service provider.
  • To process and deliver your bookings and appointments.
  • To process payments and send transaction receipts.
  • To send booking confirmations, reminders, and notifications via email and SMS.
  • To manage our relationship with you, including customer support.
  • To improve our website, products/services, marketing or customer relationships.
  • To detect, prevent, and address fraud or abuse.

6. Third-Party Services

We use the following trusted third-party services to operate the platform:

  • Stripe & Square: Payment processing. Your payment information is handled directly by these providers under their own privacy policies. We do not store full card numbers.
  • Twilio: SMS messaging for booking notifications and reminders.
  • Resend: Transactional email delivery (booking confirmations, password resets).
  • PostHog: Product analytics (with opt-out via cookie consent).
  • Google: OAuth authentication (Sign in with Google).

Each third-party provider processes data in accordance with their own privacy policies. We only share the minimum data necessary for them to provide their services.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which we collected it, including to satisfy any legal, accounting, or reporting requirements.

  • Active accounts: Data is retained for the lifetime of your account.
  • Deleted accounts: Personal data is permanently removed within 30 days of account deletion, except where we are required by law to retain it (e.g., financial records for tax compliance).
  • Communication logs: SMS and email delivery records are retained for up to 12 months for troubleshooting and support purposes.

8. International Data Transfers

Booka.work serves users in multiple countries including Australia, New Zealand, United Kingdom, Ireland, Canada, United States, Singapore, and South Africa. Your data may be transferred to and processed in countries other than your own.

Where we transfer data internationally, we ensure appropriate safeguards are in place to protect your personal data in accordance with applicable data protection laws.

9. Data Deletion

You have the right to request the deletion of your data at any time. Please refer to our Data Deletion Instructions page for detailed steps on how to remove your data from our systems.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing of your data for certain purposes, including marketing.
  • Opt-out: Opt out of analytics tracking via our cookie consent banner.

To exercise any of these rights, please contact us at support@booka.work.

11. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. All data is transmitted over encrypted connections (TLS/SSL).

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new privacy policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this privacy policy or our privacy practices, please contact us at: support@booka.work

Polymorphic IT Pty Ltd
Blue Mountains, NSW, Australia