This Privacy Policy explains how Booked & Paid Service ("we", "us", "our") collects, uses, discloses, and safeguards information when you use our web application, marketing website, and related services (collectively, the "Service"). We take privacy seriously and only collect what we need to run and improve the Service.
1. Who we are
Booked & Paid Service is a business operations platform designed for wedding photographers. For the purposes of the GDPR, UK GDPR, and similar laws, we act as the data controller for account and billing data, and as a data processor for the client, booking, and financial data you enter into the Service on behalf of your business.
2. Information we collect
2.1 Information you provide
- Account data: name, email address, password hash, profile details.
- Business data: studio name, pricing, packages, calendar events, client contacts, leads, invoices, and any other content you enter into the Service.
- Billing data: subscription plan, billing address, and payment metadata processed by our payment provider (we do not store full card numbers).
- Support data: messages, screenshots, and files you send when contacting us.
2.2 Information collected automatically
- Device and log data: IP address, browser type, operating system, referring pages, and timestamps.
- Usage data: pages viewed, features used, actions taken, and diagnostic events.
- Cookies and similar technologies: strictly necessary cookies for authentication and session integrity, and (with consent, where required) analytics cookies.
3. How we use your information
- To provide, operate, secure, and maintain the Service.
- To authenticate users and protect against fraud and abuse.
- To process subscriptions, invoices, and refunds.
- To send transactional messages (receipts, security alerts, service updates).
- To provide customer support and respond to your requests.
- To improve, personalize, and develop new features.
- To comply with legal obligations and enforce our Terms of Service.
4. Legal bases (EEA/UK users)
- Contract — to provide the Service you signed up for.
- Legitimate interests — to secure, improve, and market the Service in a proportionate way.
- Consent — for optional cookies and marketing emails, where required.
- Legal obligation — to meet tax, accounting, and regulatory requirements.
5. Sharing your information
We do not sell your personal data. We share information only with:
- Trusted sub-processors that host, secure, and operate the Service (cloud hosting, database, email delivery, analytics, payment processing, error monitoring).
- Professional advisors (lawyers, accountants) under confidentiality obligations.
- Authorities when required by law, subpoena, or to protect rights, safety, and property.
- An acquirer in the event of a merger, acquisition, or asset sale (with notice to you).
6. International transfers
Data may be processed in countries outside your own, including the United States and the European Economic Area. Where required, we rely on Standard Contractual Clauses or other approved safeguards to protect your data.
7. Data retention
We retain personal data for as long as your account is active and for a reasonable period afterwards to comply with legal, accounting, tax, and dispute-resolution obligations. You can request deletion of your account at any time.
8. Security
We use industry-standard technical and organizational measures — including encryption in transit, hashed credentials, role-based access control, and continuous monitoring — to protect your data. No online service is 100% secure; you use the Service at your own risk.
9. Your rights
Depending on your jurisdiction, you may have rights to access, rectify, delete, restrict, object to processing of, and port your personal data, as well as to withdraw consent and lodge a complaint with a supervisory authority. See our GDPR page for how to exercise these rights.
10. Children
The Service is not directed to children under 16, and we do not knowingly collect data from them. If you believe a child has provided us data, contact us and we will delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified via email or in-app notice at least 14 days before they take effect.
12. Contact
Data protection queries: privacy@bookedandpaidservice.live.