Privacy Policy
Last updated: May 13, 2026
BookiApp ("we", "us" or "our") values your privacy. This privacy policy explains how we collect, use and protect your personal data.
1. Data Controller
BookiApp
Email: admin@bookiapp.com
Web: https://bookiapp.com
For all questions regarding personal data protection, you can contact us at the email address above.
2. Data We Collect
We collect the following types of data:
Account Data:
- Email address
- First and last name
- Phone number (optional)
Property Data:
- Property names and descriptions
- Addresses and locations
- Accommodation photos
Booking Data:
- Guest names
- Stay dates
- Guest contact information
Technical Data:
- IP address
- Browser type
- Device information
Guest Portal Activity:
- Time of first and last visit to the portal
- Push notification subscription status
- Message read status
This data is visible only to the host of your booking and is used solely so the host knows whether they can effectively reach you through the app or should use another communication channel (phone, email).
3. Legal Basis for Processing
We process personal data based on:
- Contractual obligation: Processing necessary for service provision
- Legitimate interest: Service improvement and security
- Consent: For marketing communications (you can withdraw at any time)
4. How We Use Your Data
We use your data to:
- Provide and maintain our service
- Enable communication between hosts and guests
- Send service-related notifications
- Track Guest Portal activity so the host knows whether the guest has opened the portal and can effectively be reached through the app (legitimate interest, GDPR Art. 6(1)(f))
- Improve user experience
- Protect against fraud and abuse
5. Data Sharing
We only share your data with:
- Service providers: Clerk (authentication), Supabase (database), Stripe (payments), Sentry (error tracking), Google Analytics (public-page statistics, only with consent)
- Guests: Only information necessary for their stay
- Legal authorities: When legally required
We never sell your personal data to third parties.
6. Your Rights (GDPR)
As an EU resident, you have the right to:
- Access: Request a copy of your data
- Rectification: Correct inaccurate data
- Erasure: Request data deletion ("right to be forgotten")
- Restriction: Limit how we use your data
- Portability: Download data in machine-readable format
- Object: Object to processing in certain situations
To exercise your rights, contact us at admin@bookiapp.com.
7. Data Security
We implement technical and organizational measures to protect data:
- Data encryption in transit (HTTPS/TLS)
- Secure password storage
- Regular security audits
- Limited data access
8. Smart Inbox and Google Data (Gmail Integration)
Smart Inbox is an optional feature that lets you manage guest inquiries from your Gmail account directly inside BookiApp. If you choose to connect Gmail, the following rules apply:
Access permissions (OAuth scopes):
- gmail.readonly — read your incoming emails so AI can detect accommodation inquiries
- gmail.send — send replies to guests on your behalf, only after your explicit confirmation
- userinfo.email and userinfo.profile — link your Gmail account to your BookiApp profile
What we do with your Gmail data:
- We fetch emails from your inbox and store them in our database (Supabase) so they can be displayed in the Smart Inbox interface
- AI (Google Gemini) analyzes email content to detect accommodation inquiries, parse dates, guest counts and draft replies
- We send replies only after you click "Send"
What we do NOT do with your Gmail data:
- We do not sell your Gmail data to third parties
- We do not use your Gmail data for advertising
- We do not use your Gmail data to train AI models (Gemini API does not train on our requests)
- We do not share your Gmail data with other BookiApp users
- Humans do not read your emails except for security, troubleshooting, or when legally required
Google API Services User Data Policy:
BookiApp's use and transfer of information received from Google APIs adheres to the [Google API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.
Deleting Gmail data:
- You can disconnect Gmail at any time in Smart Inbox settings — access is revoked immediately
- Stored emails are deleted within 30 days after disconnection
- You can also revoke access at [myaccount.google.com/permissions](https://myaccount.google.com/permissions)
9. Retention Period
We retain data while:
- You have an active account with us
- Necessary for service provision
- Legal retention obligation exists
After account deletion, data is deleted within 30 days, unless law requires longer retention.
10. Cookies
We use cookies for service functionality. For more information, see our Cookie Policy.
11. Policy Changes
We may update this privacy policy. We will notify you of significant changes via email or in-app notification.
12. Contact
For privacy questions:
Email: admin@bookiapp.com
You have the right to file a complaint with the data protection supervisory authority in your country.