Privacy policy

Privacy Policy and Data Protection

Version 1.1

Last updated: 12 March 2026

1. IDENTITY OF THE DATA CONTROLLER

In compliance with Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 (LOPDGDD) and other applicable legislation, users are informed that the personal data processed through the Bookniapp digital platform are controlled by:

Miquel Puente Matute

Tax Identification Number (NIF): 43571582Z

Address: C/ Cinca 104, 7º 3ª, 08030 Barcelona, Spain

Contact email: info@bookniapp.com

The Controller ensures full compliance with current data protection regulations.

PROVENANCE OF DATA

Personal data may come from:

• a) information provided directly by the User;
• b) data provided by Businesses in booking/client management;
• c) data generated through use of the platform;
• d) permissions granted by the User on their device.

2. CATEGORIES OF PERSONAL DATA PROCESSED

Bookniapp may process the following categories of personal data:

2.1. Data provided directly by the User

• First and last name
• Email address
• Phone number (optional)
• Password (encrypted; never accessible in plain text)
• Profile image (optional)
• Business information (for Business accounts)
• Photos or multimedia content uploaded to the platform
• Professional data optionally provided by the User:
  - professional status (isProfessional)
  - identification document (DNI/NIF)
  - business name
  - fiscal address

2.2. Data generated through the use of the Platform

• Booking history
• Calendars and schedules
• Internal business notes
• Push notification tokens
• IP address
• Device identifiers
• Operating system, browser and device model
• Activity logs (access logs, errors, technical events)

2.3. Location data

• Approximate or precise geolocation (with the User’s permission)
• Business addresses on maps
• Coordinates generated through Google Maps APIs

2.4. Third-party data entered by Businesses

Businesses may upload or manage data belonging to their own clients, such as:

• Name
• Phone number
• Email address
• Booking history
• Internal notes

In these cases, the Business acts as the data controller, and Bookniapp acts as the data processor.

2.5. Communication data

• Emails exchanged with Bookniapp
• Support interactions
• WhatsApp communication

2.6. Monitoring and technical diagnostics data (Sentry)

Bookniapp uses Sentry to monitor app errors, performance and stability.

In this context, technical and usage data may be processed, including: internal user identifier, email address, username, role (if any), IP address, technical headers, device type, operating system, app version, error traces, performance metrics and technical navigation events (breadcrumbs).

In sampled sessions or when an error occurs, technical session replay information may be recorded exclusively for debugging and service improvement purposes.

2.7. Advertising data (if applicable)

If the app displays ads, advertising device identifiers and associated technical information may be processed for ad delivery, measurement and fraud prevention.

3. PURPOSES OF THE PROCESSING

Personal data will be processed for the following purposes:

3.1. Core functionalities of the service

• Creation and management of the User account
• Management of bookings between Clients and Businesses
• Management of calendars, schedules and availability
• Display of nearby businesses using geolocation
• Sending appointment reminders and push notifications
• Real-time synchronisation of Platform data across devices

3.2. Administrative, contractual and legal purposes

• Providing and maintaining the contracted service
• Ensuring system security, stability and availability
• Preventing fraud and unauthorised access
• Complying with legal, tax and accounting obligations

3.3. Personalisation, continuous improvement and new features

Data may be processed to:

• Personalise the User experience
• Conduct statistical and usage analysis
• Improve navigation, performance and system stability
• Detect technical issues and optimise functionalities
• Develop, test and implement new features, tools or services within Bookniapp
• Enhance the performance of both the website and mobile applications

These operations may involve anonymised or pseudonymised data whenever possible.

3.4. Commercial communication

• Sending newsletters (only to Users who subscribe voluntarily)
• Sending promotional or commercial messages (with explicit consent)

Users may withdraw consent and unsubscribe from these communications at any time, without affecting the lawfulness of prior processing.

3.5. Communication of Data to Businesses for Reservation Management

When a User makes a reservation, Bookniapp communicates the data strictly necessary to the selected Business in order to manage the reservation.

The Business will receive the following Client data: full name, email address, phone number, any notes or comments provided by the Client, and in the case of professional Users, the relevant fiscal information (identification document, business name and fiscal address).

The purpose of this communication is to allow the Business to execute, confirm, modify or cancel the reservation, manage the relationship with the Client, and issue documentation where required.

3.6. Error, performance and service quality monitoring

Data may be processed to detect, diagnose and resolve technical incidents, analyse performance, prevent recurring failures, and improve platform stability and security.

3.7. Export and interoperability

Bookniapp may generate or export booking information in formats compatible with external tools (for example, calendar or PDF) when the User uses these features.

3.8. Third-party data provided by Businesses

When a Business imports or enters third-party data into the platform, it declares that it has a sufficient legal basis and has fulfilled its information obligations toward those third parties.

4. LEGAL BASIS FOR THE PROCESSING

The legal bases for processing are:

a) Performance of a contract

For:

• account and profile management,
• booking management,
• notification services,
• access to the Platform,
• including the communication of Client data to the Business for reservation management.

b) User consent

For:

• newsletters and marketing communications,
• analytics cookies (non-essential),
• geolocation,
• push notifications,
• mobile app permissions.

c) Legitimate interest

For:

• security and fraud prevention,
• service improvements,
• technical monitoring of errors and performance,
• proactive maintenance of security and service continuity,
• technical traceability for incident resolution,
• anonymised analytical insights,
• platform performance optimisation.

d) Legal obligation

For:

• retention of records,
• accounting and tax compliance,
• obligations imposed by authorities.

5. DATA RETENTION

Personal data will be retained:

• for the duration of the contractual relationship,
• while the User maintains an active account,
• as long as required by legal or tax obligations,
• and, where applicable, for up to 5 years for audit or fraud-prevention purposes.

Booking history may be retained in anonymised form even after account deletion, when necessary for the functionality of the Platform.

The above retention periods may be extended where a longer legal retention obligation exists, or while legal liabilities may arise.

Once the retention periods end, data will be deleted, blocked or anonymised as appropriate.

6. RECIPIENTS AND TECHNICAL SERVICE PROVIDERS

To provide Bookniapp’s services, data may be shared with service providers acting as data processors, including:

6.1. Infrastructure and backend

• Supabase (database, authentication, storage and real-time synchronisation).
• Google Cloud Run (auxiliary services/functions, where applicable).

The main authentication system in the app is Supabase Auth.

6.2. Geolocation and Maps

• Google Maps Platform (Maps, Geocoding, Places APIs)

6.3. Analytics and web positioning

• Google Analytics 4 (web)
• Google Search Console (web)

6.4. Communications and payments (current or future)

• Push notification services (APNS, FCM)

6.5. Website hosting

• Hostinger
• Cloudflare (Turnstile captcha)

6.6. Communication of Data to Businesses with Which the User Makes a Reservation

When a User makes a reservation, the corresponding Business becomes the data controller for the Client information it receives.

Bookniapp acts solely as a technological intermediary and does not control or supervise the subsequent processing carried out by the Business.

6.7. Monitoring and observability

Sentry (Functional Software, Inc.) for error monitoring, performance monitoring and technical diagnostics.

6.8. Social sign-in

Google Sign-In, Sign in with Apple and Facebook Login, when the User chooses to authenticate with the corresponding account.

6.9. In-app advertising

Google Mobile Ads for the delivery and measurement of ads within the application.

Some providers may operate only in certain channels (web or app) and/or in specific functionalities.

All service providers implement GDPR-compliant safeguards, including Standard Contractual Clauses (SCC) where necessary.

7. INTERNATIONAL DATA TRANSFERS

Bookniapp may transfer personal data outside the European Economic Area due to the use of certain third-party providers, particularly in:

• The United States
• Other jurisdictions recognised under GDPR-compliant agreements

These transfers rely on:

• Standard Contractual Clauses approved by the European Commission
• Additional security measures
• Data encryption in transit and at rest
• Risk assessment in accordance with GDPR requirements

The legal basis for each international transfer is assessed provider by provider (adequacy decision, standard contractual clauses or another valid mechanism), applying supplementary measures when necessary.

8. USER RIGHTS

Users may exercise the following rights at any time:

• Right of access
• Right to rectification
• Right to erasure
• Right to object
• Right to data portability
• Right to restriction of processing
• Right to withdraw consent
• Right to lodge a complaint with the relevant Data Protection Authority

To exercise these rights, Users may contact: info@bookniapp.com

The supervisory authority in Spain is the Spanish Data Protection Agency (AEPD).

When data have been entered or directly processed by a Business within Bookniapp to manage bookings or clients, Users may also exercise their rights against that Business as data controller.

9. SECURITY AND CONFIDENTIALITY

Bookniapp applies technical and organisational measures appropriate to the risk to protect the confidentiality, integrity and availability of personal data.

These measures include:

• encryption of data in transit and at rest,
• secure authentication mechanisms (Supabase Auth),
• role-based access controls,
• activity logging and audit trails in Supabase,
• secure hosting on Google Cloud,
• firewalls and intrusion prevention systems,
• regular backups and redundancy.

10. PRIVACY IN THE MOBILE APPLICATION

The Bookniapp mobile application may request access to:

• Geolocation
• Push notifications
• Camera
• Gallery/Photos
• Contacts (for client import by Businesses)

Permissions may be revoked by the User at any time through the device settings.

11. MINORS

Use of the Platform is strictly limited to Users aged 18 or older.

Bookniapp does not knowingly collect or process data from minors.

Accounts identified as belonging to minors will be suspended or deleted.

12. AUTOMATED DECISION-MAKING AND PROFILING

Bookniapp does not engage in automated decision-making that produces legal or similarly significant effects.

The Platform may use basic logic for:

• displaying nearby businesses
• sorting results by relevance
• sending automated reminders

These do not produce significant effects on the User.

13. CHANGES TO THIS POLICY

Bookniapp may update this Privacy Policy at any time.

Any significant changes will be communicated clearly to Users.

When changes are substantial, Bookniapp may request explicit acceptance of the new version in order to continue using the service.

14. CONTACT

For privacy-related questions or rights requests send us an email to info@bookniapp.com