Privacy Policy

Last updated: May 14, 2026

1. Who we are

Bookly (“we”, “us”, “our”) provides a multi-tenant Software-as-a-Service platform that enables small and medium businesses to manage customer bookings, orders, and conversations over WhatsApp. This policy explains what personal data we collect when you use our platform, how we use it, and the rights you have over it.

For any privacy-related question, contact us at support@bookly.ikieguy.online.

2. Data we collect

We collect only the data needed to operate the service. Specifically:

  • Account data — the business owner's name, email address, hashed password, and business name when they register.
  • WhatsApp Business credentials — when a business connects their WhatsApp Cloud API account via Meta's Embedded Signup flow, we receive and store (encrypted at rest) their WhatsApp Business Account ID, phone number ID, display phone number, and an access token. These credentials are used solely to send and receive messages on the business's behalf.
  • Customer conversations — when an end-customer messages a business through our platform, we store the customer's phone number, the contents of the messages exchanged, and timestamps. This data is the property of the business that owns the WhatsApp number.
  • Bookings & orders — customer name, phone number, selected service or product, scheduled time, and (where applicable) delivery address and payment reference.
  • Payment information — payment processing is handled by Paystack (https://paystack.com). We do not store card numbers, CVVs, or full bank details. We store only the Paystack transaction reference and the high-level result (status, amount, currency).
  • Operational metadata — IP addresses, request timestamps, and audit log entries needed for security monitoring and dispute resolution.

3. How we use your data

  • To operate the platform: send and receive WhatsApp messages, create bookings, process orders.
  • To send appointment reminders and order updates via WhatsApp, SMS, or email.
  • To enforce subscription quotas and billing.
  • To detect abuse, fraud, and security incidents.
  • To respond to support requests.

We do not sell your personal data. We do not use customer conversation contents to train machine-learning models.

4. Third parties

We share data with the following processors strictly for the purposes listed:

  • Meta Platforms (WhatsApp Cloud API) — to deliver and receive WhatsApp messages on behalf of connected businesses.
  • Paystack — to process customer payments and platform subscription billing.
  • Supabase — hosts our PostgreSQL database; data is encrypted in transit and at rest.
  • Google Calendar & Microsoft Outlook (optional, per-business) — to sync bookings into the business's own calendar when they connect those integrations.
  • Arkesel (optional) — used as an SMS fallback when WhatsApp delivery fails.
  • Gmail SMTP (optional) — used as an email fallback when WhatsApp and SMS delivery both fail.

5. Data retention

Account, conversation, booking, and order data are retained while the business's account is active and for up to 12 months after account closure, after which they are permanently deleted. Audit log entries are retained for 24 months for security and compliance purposes.

A business may request deletion of all their data at any time by emailing support@bookly.ikieguy.online. Deletion is completed within 30 days.

6. Your rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (subject to legal retention obligations).
  • Object to or restrict certain processing.
  • Withdraw consent for optional integrations (calendar, SMS fallback) at any time.

Exercise any of these rights by emailing support@bookly.ikieguy.online.

7. Security

All data is transmitted over HTTPS. Stored secrets (WhatsApp access tokens, OAuth tokens, Paystack keys, Gmail app passwords) are encrypted at rest using AES-256-GCM. Database connections require TLS. Access to production data is limited to authorized engineering staff.

8. Children

Bookly is intended for use by businesses and adult consumers. We do not knowingly collect data from anyone under 13 years of age. If you believe we have inadvertently collected such data, contact us and we will delete it.

9. Changes to this policy

We may update this policy from time to time. Material changes will be announced via email to registered business owners. The “Last updated” date at the top of this page always reflects the current version.

10. Contact

For any privacy concern, complaint, or data-subject request, email support@bookly.ikieguy.online.