BookAviBookAvi Pro

Privacy Notice

Last updated: 7 May 2026

1. Who we are

This Privacy Notice explains how BookAvi Ltd, registered in Scotland, trading as "Bookavi" ("Bookavi", "we", "us"), collects and uses personal data when you use our booking and customer-management software. We act as the data controller for personal data about our vendor account holders. For end-customer data that vendors collect through their Bookavi enquiry forms, Bookavi acts as a data processor on behalf of the vendor.

2. What data we collect

  • Account data — name, email, phone, business name, password (hashed), business type, country.
  • Content data — services, packages, bookings, enquiries, customer records and form submissions you create.
  • Communications — support messages, emails you send to us.
  • Usage and device data — IP address, browser type, pages viewed, device identifiers, telemetry needed to operate and secure the Service.
  • Payment data — collected directly by Paddle (our Merchant of Record); we receive only the subscription status, plan, customer ID and invoice metadata.

3. Why we use it (legal basis)

  • To provide the Service — performance of contract.
  • Account creation, billing administration — performance of contract / legal obligation.
  • Security, fraud prevention, abuse detection — legitimate interests.
  • Service improvement and analytics — legitimate interests.
  • Customer support — performance of contract / legitimate interests.
  • Marketing emails — consent (you can withdraw at any time).

4. Who we share data with

  • Paddle, our Merchant of Record, for sale of the product, subscription management, payments, tax compliance and invoicing.
  • Service providers and subprocessors we use to run Bookavi (hosting, database, email delivery, error monitoring, analytics).
  • Professional advisers (legal, accounting) where necessary.
  • Authorities where required by law.

We do not sell your personal data.

5. International transfers

Some of our subprocessors are located outside the UK/EEA. Where personal data is transferred internationally, we rely on appropriate safeguards such as the UK International Data Transfer Addendum or the EU Standard Contractual Clauses.

6. Retention

We keep account and content data for as long as your account is active. After account closure we retain data for up to 30 days to allow recovery, then delete or anonymise it, except where we are required to retain it for legal, tax or accounting reasons (typically up to 7 years for invoices).

7. Your rights

Subject to applicable law (including UK GDPR and EU GDPR), you have the right to access, rectify, erase, restrict or object to processing of your personal data, to data portability, and to withdraw consent at any time. You can exercise these rights by emailing hello@bookavi.com. We will respond within one month. You also have the right to lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner's Office at ico.org.uk).

8. Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, hashed passwords, and audit logging. No system is perfectly secure; please use a strong, unique password.

9. Cookies

We use a small number of essential cookies to keep you signed in and to remember your preferences. We do not use marketing cookies. You can manage cookies in your browser settings.

10. Changes

We may update this notice from time to time. Material changes will be notified by email or in-app at least 14 days before they take effect.

11. Contact

Questions about your data? Email hello@bookavi.com.