Privacy Policy

Last updated: 6 June 2026

1. Who we are

HeyBookMe is a trading name of Ademti Software Ltd, a company registered in England and Wales (Company No. 09426060), with registered offices at The Guild, Abbey Street, Carlisle. CA3 0LU ("we", "us", "our").

We are the data controller for personal data you provide when creating and managing your HeyBookMe account. For personal data that studio operators collect about their clients through the Service, we act as a data processor on the operator's behalf.

If you have any privacy questions, please contact us at dpo@heybookme.app.

2. What data we collect

Account data: When you register as an Operator we collect your name, email address, business name, and billing information.

Booking data: When a Client makes a booking through your HeyBookMe page we collect their name, email address, and any other details required by the Operator.

Usage data: We automatically collect information about how the Service is used, including IP addresses, browser type, pages visited, and timestamps. This data is used in aggregate to improve the Service and is not used to identify individuals.

Communications: If you contact our support team we will retain a record of that correspondence.

Cookies: We use essential cookies necessary to operate the Service (such as session cookies to keep you logged in) and analytics cookies to understand how the Service is used. See Section 7 for more detail.

3. How we use your data

We use the personal data we hold to:

  • provide, maintain and improve the Service;
  • process payments and send billing-related communications;
  • send you service announcements and important account notices;
  • respond to support requests;
  • meet our legal and regulatory obligations.

We will only send you marketing communications if you have opted in to receive them. You may unsubscribe at any time using the link in any marketing email.

4. Legal basis for processing

We process personal data on the following legal bases under UK GDPR:

  • Contract performance — to provide the Service you have signed up for.
  • Legitimate interests — to improve the Service, prevent fraud, and ensure security, where these interests are not overridden by your rights.
  • Legal obligation — where we are required to process data to comply with law (e.g. financial record-keeping).
  • Consent — for marketing communications and non-essential cookies, where we have asked for and received your consent.

5. How long we keep your data

We retain account data for as long as your account is active and for up to 3 years after account closure, to allow us to respond to any queries or disputes and to meet legal obligations.

Booking records are retained for 6 years from the date of the booking to satisfy financial record-keeping requirements.

We will delete personal data sooner on request where we are not legally required to retain it.

6. Sharing your data

We do not sell personal data. We may share data with:

  • Payment processors — to handle billing securely. Our payment provider is responsible for the security of card data and operates under its own privacy policy.
  • Hosting and infrastructure providers — who process data on our behalf under data processing agreements.
  • Analytics providers — we use privacy-friendly analytics to understand Service usage. Data shared is anonymised or aggregated.
  • Law enforcement or regulatory bodies — where we are legally required to do so.

Where we transfer data to third-party processors, we ensure appropriate safeguards are in place in accordance with UK GDPR.

7. Cookies

Essential cookies are necessary for the Service to function and cannot be switched off. They include session cookies that keep you logged in.

Analytics cookies help us understand how visitors use the Service so we can improve it. We use privacy-focused analytics that do not track individuals across sites and do not share data with advertising networks.

You can manage cookie preferences through your browser settings. Disabling essential cookies will prevent you from using the Service.

8. Your rights

Under UK GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — ask us to delete your personal data where there is no compelling reason for us to keep it.
  • Restriction — ask us to restrict processing of your data in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at dpo@heybookme.app. We will respond within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Security

We take the security of your data seriously. We use industry-standard encryption (TLS) for data in transit and apply appropriate technical and organisational measures to protect data at rest. Access to personal data is restricted to staff who need it to perform their job.

No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security. If we become aware of a data breach that is likely to affect your rights, we will notify you and the ICO as required by law.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will notify you by email or by a notice within your account. The "last updated" date at the top of this page reflects the most recent revision.

11. Contact us

For any privacy-related questions or to exercise your rights, please contact:

Ademti Software Ltd
The Guild, Abbey Street, Carlisle. CA3 0LU
dpo@heybookme.app