Privacy Policy

Effective Date: 7 February 2026 | Last Updated: 7 June 2026

This Privacy Policy explains how BookingSprint ABN 47 515 879 041 ("we", "us", "our") collects, uses, stores, and discloses your personal information when you use our platform at bookingsprint.com ("Service"). We are committed to protecting your privacy in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Information We Collect

1.1 Information You Provide

Data Type	Examples	Purpose
Account information	Name, email address, password (hashed)	Account creation and authentication
Business information	Business name, phone number, timezone, working hours, job types, business address/suburb	Service configuration, booking pages, and service area matching
Customer/lead data	Customer names, phone numbers, email addresses, addresses, booking details, messages	Lead management and communication on your behalf
Payment information	Billing details (processed by Stripe - we do not store card numbers)	Subscription billing
Conversation logs	SMS message transcripts, AI booking chat transcripts, message timestamps	AI-powered booking assistance, lead management, and service improvement
Location data	Business address, suburb, service radius, customer job-site addresses	Service area matching, route optimisation, and scheduling

1.2 Information Collected Automatically

Data Type	Examples	Purpose
Usage data	Pages visited, features used, API calls, timestamps	Service improvement and analytics
Device/browser data	IP address, browser type, operating system	Security, fraud prevention, debugging
Authentication tokens	JWT session tokens (HttpOnly cookies)	Secure session management

1.3 Information from Third Parties

Google OAuth: If you sign in with Google, we receive your name, email, and profile picture from Google. If you connect Google Calendar, we access calendar data to manage bookings on your behalf.
Twilio: Inbound SMS data (sender phone number, message content) received via webhook when your customers reply to messages.

2. How We Use Your Information

We use your information to:

Provide, maintain, and improve the Service
Process SMS messages and booking requests on your behalf
Power AI-assisted features: SMS conversation content is processed by OpenAI's API to generate intelligent booking responses and lead management suggestions. OpenAI does not use API data to train its models.
Manage subscriptions and process payments
Send transactional emails (account verification, password resets, booking confirmations)
Provide customer support
Detect and prevent fraud, abuse, and security incidents
Comply with legal obligations
Generate anonymised, aggregated analytics to improve the Service
Perform internal platform analytics, including tracking new account signups, user activity patterns, and subscription status, to monitor platform health and improve the Service

We do not:

Sell your personal information to third parties
Use your customer/lead data for our own marketing purposes
Send you marketing emails without your consent

3. Legal Basis for Processing

We process your information on the following grounds:

Contract: To fulfil our obligations under the Terms of Service (providing the platform and its features).
Consent: Where you have given consent (e.g., connecting Google Calendar, opting into communications).
Legitimate interests: To improve the Service, ensure security, and prevent fraud.
Legal obligation: To comply with applicable Australian law.

4. Third-Party Service Providers

We share information with the following third-party providers solely to deliver the Service:

Provider	Purpose	Data Shared	Location
Stripe	Payment processing	Email, billing details	USA (PCI-DSS compliant)
Twilio	SMS messaging	Phone numbers, message content	USA/AU
Google	Authentication & Calendar	Email, calendar events (with your consent)	USA
OpenAI	AI-powered booking chat & platform analytics	SMS conversation content (anonymised where possible), aggregated platform metrics	USA
Render	Hosting infrastructure	All Service data (encrypted in transit & at rest)	USA

Each provider is subject to their own privacy policy. We ensure our providers offer appropriate data protection standards.

5. Overseas Disclosure

Some of our third-party providers are based in the United States. In accordance with APP 8, we take reasonable steps to ensure these providers comply with privacy standards comparable to the Australian Privacy Principles. Data transferred to the USA is protected by encryption in transit (TLS) and at rest.

6. Data Security

We implement industry-standard security measures to protect your information:

Encryption: All data is transmitted over HTTPS/TLS. Passwords are hashed using bcrypt.
Authentication: JWT tokens stored in HttpOnly, Secure, SameSite cookies.
Database: PostgreSQL with SSL connections, hosted on Render's managed infrastructure.
Access control: Role-based access, admin verification, rate limiting.
Payment: Card details are handled entirely by Stripe - we never see or store card numbers.
Monitoring: Error logging, circuit breakers, and abuse detection for SMS.

While we take security seriously, no system is completely secure. We cannot guarantee absolute security of your data.

7. Data Retention

Data Type	Retention Period
Account data	Duration of account + 30 days after deletion request
Lead/customer data	Duration of account (you may delete individual records at any time)
SMS message logs	Duration of account
AI conversation logs	Duration of account
Platform analytics data	Duration of account (aggregated, non-identifying)
Payment records	7 years (Australian tax law requirements)
Server logs	90 days
Google OAuth tokens	Until you disconnect Google Calendar or close your account

8. Your Rights

Under the Australian Privacy Act, you have the right to:

Access: Request a copy of the personal information we hold about you.
Correction: Request correction of inaccurate or incomplete information.
Deletion: Request deletion of your account and associated data (subject to legal retention requirements).
Data export: Request an export of your data in a machine-readable format.
Withdraw consent: Disconnect third-party integrations (Google Calendar) at any time from your account settings.
Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au if you believe we have breached your privacy.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Cookies

We use the following cookies:

Cookie	Type	Purpose	Duration
`token`	Essential	Authentication session (HttpOnly, Secure)	24 hours

We do not use third-party tracking cookies, advertising cookies, or analytics cookies that identify you personally.

10. Your Customers' Data

When you use BookingSprint to manage leads and send SMS messages, you are the data controller for your customers' personal information. You are responsible for:

Ensuring you have a lawful basis to collect and store your customers' information
Complying with the Spam Act 2003 when sending SMS messages
Honouring opt-out requests from recipients (the Service automatically processes STOP replies)
Informing your customers about how their data is used, if required

We act as a data processor for your customer data, processing it solely on your instructions to provide the Service.

11. Children's Privacy

The Service is intended for business users aged 18 and over. We do not knowingly collect personal information from children under 18. If we discover we have collected information from a child, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 14 days before they take effect. The "Last Updated" date at the top of this page indicates when the policy was last revised.

13. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or how we handle your data, contact us:

Email: [email protected]
Website: https://bookingsprint.com

You may also contact the Office of the Australian Information Commissioner:

Website: www.oaic.gov.au
Phone: 1300 363 992