Privacy Policy

Last updated: 2026-04-26

TheBooker — Privacy Policy

Last updated: 24/04/2026 Version: 1.1

This privacy policy explains what personal information we collect, why we collect it, what we do with it, and what rights you have. It covers two groups of people: tradespeople who use our platform, and the customers who contact those tradespeople by email.

The values set out in our Constitution (available at [LINK]) informed how we wrote this policy. This privacy policy is the legally binding document that governs how we handle your data.

Who we are

THEBOOKER LTD (company number 17014293) is the data controller for the personal information described in this policy.

Registered office: 167-169 Great Portland Street, Fifth Floor, London W1W 5PF, United Kingdom.

Privacy contact: chris@thebooker.ai

ICO registration number: ZC126942

We are not required to appoint a Data Protection Officer under UK GDPR and have not designated one. For any questions about this policy or your data, please contact us using the details above.

What we do

TheBooker is an AI-powered enquiry management platform for UK tradespeople. Tradespeople forward their business emails to us. Our system classifies those emails, drafts replies using AI, and presents them for the tradesperson to review and approve before anything is sent. We also provide calendar integration so the AI can check availability when drafting replies.

Information we collect from tradespeople (our customers)

Account information

What: Your name, email address, and a password-free login (magic link).

Why: To create and manage your account, authenticate you, and communicate with you about the service.

Lawful basis: Necessary to perform our contract with you (UK GDPR Article 6(1)(b)).

What happens if you don't provide it: We cannot create your account or provide the service.

Business profile

What: Your trade, service area, working hours, and business description.

Why: To configure the AI so it can draft appropriate replies on your behalf.

Lawful basis: Necessary to perform our contract with you (Article 6(1)(b)).

What happens if you don't provide it: The AI cannot draft informed replies, and the core service will not function as intended.

Billing information

What: Your payment details are collected and processed by Stripe, our payment processor. We do not store your card details on our servers. We receive confirmation of payment status, your billing email, and transaction history from Stripe.

Why: To process your subscription payments and maintain billing records.

Lawful basis: Necessary to perform our contract with you (Article 6(1)(b)) for payment processing. Necessary to comply with a legal obligation (Article 6(1)(c)) for retention of billing records for HMRC.

What happens if you don't provide it: We cannot process your subscription and you will not be able to use the service.

Calendar credentials

What: If you choose to connect your Google, Microsoft, or Apple calendar, we store the authentication tokens needed to read your availability.

Why: To inform AI-drafted replies with your real availability.

Lawful basis: Necessary to perform our contract with you (Article 6(1)(b)). Calendar connection is optional but forms part of the service when enabled.

What happens if you don't provide it: The AI will draft replies without knowledge of your availability. You can still use the service.

Technical and usage data

What: Device information for push notifications (browser type, push subscription endpoint), authentication tokens, and basic server logs (IP addresses, timestamps, error information).

Why: To deliver push notifications, authenticate your sessions, detect and prevent abuse, debug technical problems, and maintain the security and availability of the platform.

Lawful basis: Legitimate interests (Article 6(1)(f)). Our legitimate interest is in operating a secure, reliable service. We have assessed that this processing is necessary for that purpose, is proportionate (we collect only what is technically required), and does not override your rights — particularly as we do not use this data for profiling, analytics, or advertising, and we delete server logs after 90 days.

What happens if you don't provide it: This data is collected automatically as part of your use of the service. Without it, we cannot deliver notifications, authenticate your sessions, or maintain platform security.

Information we process from your customers (the people who email you)

What we receive and where it comes from

When someone emails you and that email is forwarded to TheBooker by your email provider's forwarding rule, we receive the sender's name, email address, the subject line, and the body of their message. This may include their phone number, postal address, or other details they chose to include in their email to you.

Source of this data: We receive it indirectly, via the email forwarding rule you have set up with your email provider. We do not collect it directly from the sender.

Our role with this data

You, the tradesperson, are the data controller for your customers' personal data. You decide to use TheBooker to manage your enquiries, and you control what happens with the replies. We act as your data processor — we process this data on your behalf, under your instructions, to provide the service you have signed up for. Our terms of service include a Data Processing Agreement that sets out this relationship formally.

What we do with it

We classify the email (is it a booking enquiry, a general question, spam, or part of an existing conversation?), draft a suggested reply using AI, and present it to you for review. We send replies only when you explicitly approve them.

We do not contact your customers independently. We do not use their data for our own marketing. We do not share their information with anyone other than you. We do not redirect their enquiries to other tradespeople.

Your responsibility as controller

Because you are the controller for your customers' personal data, you should let your customers know that you use a third-party service to help manage your enquiries. We recommend including a note in your email signature or on your website. We can provide suggested wording for this on request.

How we handle different types of forwarded email

Because you forward your business email to us, we receive everything that arrives in your inbox — not just customer enquiries. Our system classifies each email and handles it differently depending on what it is. This section explains what happens to each type.

Enquiries and emails relevant to enquiries

Emails that our system classifies as booking enquiries, general questions about your services, or replies within an existing conversation thread are the core of what TheBooker is built for. These are retained within the platform, a draft reply is generated by AI, and they are presented to you for review.

Retention: 24 months from the last activity in a conversation thread, then deleted.

Non-sensitive, non-enquiry emails

Emails that are not related to enquiries and do not contain sensitive or security-related content — for example, newsletters, marketing emails, personal messages from friends or family, adverts, or social media notifications.

These are classified and made visible to you in a filtered view for 14 days, so you can check whether anything was incorrectly filtered. After 14 days, they are fully anonymised or deleted. No AI reply is drafted for these emails.

The 14-day window exists as a safety net. Our classifier will not be perfect, and a genuine enquiry could occasionally be miscategorised. This gives you the opportunity to catch and recover those.

Retention: 14 days from receipt, then fully anonymised or deleted.

Authentication and security-related emails

Emails containing password reset links, two-factor authentication codes, login tokens, account verification emails, or other authentication credentials from third-party services. These also include any of our own authentication emails (such as TheBooker magic links) that may arrive via forwarding.

We detect and delete these as soon as they are identified. We do not store, log, index, or process these emails beyond what is necessary to identify and remove them. They are not classified, no AI draft is generated, and they do not appear in your inbox within our platform. Authentication credentials are too sensitive to retain for any duration.

Retention: Deleted immediately on detection.

Emails containing special category data (sensitive personal data)

UK data protection law defines certain types of personal data as "special category data" requiring additional protection. This includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, and data concerning a person's sex life or sexual orientation.

We do not intentionally collect special category data. However, forwarded emails may incidentally contain it — for example, a customer mentioning a health condition that affects the work they need done, or personal circumstances included in a message.

Where an email containing special category data is also a genuine enquiry, it is handled through the normal enquiry path (retained for 24 months, AI draft generated, presented for your review). We do not extract or separately store the sensitive content within it.

Where an email containing special category data is not an enquiry, it follows the same 14-day path as other non-enquiry emails — it remains viewable in the app so you can check whether it was correctly classified. After 14 days, the email is anonymised or deleted. If you have opted in to system improvement, we may retain the anonymised version to improve our classifier's ability to correctly identify non-enquiry emails in future — this falls under the same consent and anonymisation framework described in "Using your data to improve the system." If you have not opted in, the email is simply deleted.

Lawful basis for processing special category data: Where we incidentally process special category data within email content, the tradesperson as data controller has determined the basis for processing their customers' data, and we process it as their data processor under their instructions. We do not rely on special category data for any purpose of our own beyond classification and, where opted in, anonymised system improvement.

How AI is used and automated decision-making

We use AI (provided by Amazon Web Services Bedrock) to classify emails and draft replies. The AI processes the content of forwarded emails to do this.

No automated decisions are made under Article 22 of UK GDPR that produce legal effects or similarly significantly affect you or your customers. Specifically:

How AI actions are controlled:

By default, the AI drafts replies and presents them to you for review. You approve, edit, or dismiss every draft before it is sent. You are the human in the loop.

We may introduce features in future that allow the AI to take certain actions on your behalf without requiring approval for each one — for example, automatically sending a reply to confirm a booking, or filtering obvious spam. If and when we do this:

We will update this policy before introducing any such features.

Who we share your data with

We share personal data with the following service providers. Unless otherwise stated, they act as our data processors (or sub-processors where we are acting as your processor for end-customer data).

Amazon Web Services (AWS): Our infrastructure provider. Our primary data storage and processing takes place in the AWS eu-west-2 (London) region. Some AWS services, including AI inference (via Amazon Bedrock), may process data in other AWS regions, including regions in the United States, depending on service availability. Where this involves a transfer of personal data outside the UK, it is covered by appropriate safeguards as described in the International Data Transfers section below.

Stripe: Our payment processor. Stripe processes your billing information to handle subscription payments. For some aspects of payment processing and fraud prevention, Stripe acts as an independent data controller under its own privacy policy (https://stripe.com/privacy). Stripe is certified under the UK Extension to the EU-US Data Privacy Framework.

Email and calendar providers you connect: If you choose to connect an email or calendar account — such as Google, Microsoft, Yahoo, or Apple (iCloud) — we use their APIs for the specific purposes you authorise (for example, reading your calendar availability, or sending replies through your email provider's authenticated API). The underlying provider continues to operate under its own terms and privacy policy.

We maintain a current list of our sub-processors at [https://thebooker.ai/sub-processors] and will keep it up to date. You can also request the current list at any time by emailing chris@thebooker.ai.

We do not sell your data to anyone. We do not share your data with advertisers. We do not share your customers' data with other tradespeople or with any third party beyond what is described above.

International data transfers

Our primary data storage is in the United Kingdom, in AWS's London (eu-west-2) data centre region.

Some processing may take place in the United States — either through our service providers (Stripe) or through AWS services that operate in US regions (such as AI inference via Amazon Bedrock, where specific models may only be available in certain regions).

Where personal data is transferred to the United States, this is protected by one or more of the following safeguards:

We keep our data within the UK wherever service availability allows. If we begin transferring personal data to a country not covered by the safeguards described above, we will update this policy, put appropriate safeguards in place before any transfer occurs, and notify you of the change.

Using your data to improve the system

We may wish to use anonymised data derived from email classifications to improve how the system works — for example, to make our email classifier more accurate over time. If we do this, two things will always be true:

  1. We will ask you first, in plain English, with a genuine choice. This will be a separate, specific opt-in request — not something buried in a terms update. You can say no, and that will be the end of it.

  1. The data will be fully anonymised before any such use. Names, email addresses, phone numbers, postcodes, business names, monetary amounts, dates, and anything else that could identify you or the people who contact you will be permanently stripped out. Once anonymised in this way, the data is no longer personal data under UK data protection law and falls outside the scope of UK GDPR.

If you opt in and later change your mind, you can withdraw your consent at any time by contacting us. We will stop using your data for this purpose going forward.

We will never sell your data, your customers' data, or anything derived from them to third parties.

How long we keep your data

Data type

Retention period

Reason

Account and business profile

While your account is active, plus a grace period (normally around 30 days) after deletion for recovery

Contract performance

Enquiry emails (forwarded emails, drafts, sent replies)

24 months from the last activity in a conversation thread

Contract performance; proportionate to the service purpose

Non-enquiry, non-sensitive emails (newsletters, adverts, personal)

14 days from receipt, then anonymised or deleted

Safety net for misclassification; deleted promptly once no longer needed

Authentication and security emails (2FA, password resets, login links)

Deleted immediately on detection

Too sensitive to retain; no operational need beyond identification

Emails containing special category data (non-enquiry)

14 days from receipt, then anonymised or deleted

Same safety net as other non-enquiry emails; anonymised version retained only if opted in to system improvement

Emails containing special category data (enquiry)

Same as enquiry emails (24 months)

Sensitive content is not separately extracted or stored

Billing records

6 years after the end of your subscription

Legal obligation (HMRC requires retention of accounting records)

Server logs

90 days

Legitimate interest in security and debugging

Push notification subscriptions

While your account is active; stale subscriptions auto-removed

Contract performance

Calendar authentication tokens

While the calendar connection is active; revoked on disconnection or account deletion

Contract performance

If you ask us to delete your data, we will do so within one month, in line with UK data protection law, except for billing records we are legally required to retain. We will tell you clearly what has been deleted and what has been retained, and why.

Your rights

Under UK data protection law, you have the following rights:

Right of access (Article 15): You can ask us for a copy of all the personal data we hold about you. We will provide it in a commonly used, machine-readable format.

Right to rectification (Article 16): If any of your data is inaccurate or incomplete, you can ask us to correct it.

Right to erasure (Article 17): You can ask us to delete your data. We will do so unless we have a legal obligation to keep it (such as billing records for HMRC).

Right to restrict processing (Article 18): You can ask us to stop processing your data in certain circumstances — for example, while we verify its accuracy or consider an objection you have raised.

Right to data portability (Article 20): You can ask us to provide your data in a structured, commonly used, machine-readable format so you can transfer it to another service.

Right to object (Article 21): You can object to processing that we carry out under legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Right to withdraw consent (Article 7(3)): Where we rely on your consent (such as for system improvement), you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before you withdrew.

To exercise any of these rights, email chris@thebooker.ai. You do not need to fill in a special form or cite a regulation. Just tell us what you need. We will respond within one month. If your request is complex, we may extend this by a further two months, but we will tell you within the first month and explain why.

There is no fee for exercising your rights in most circumstances.

Cookies

We use only strictly necessary cookies — specifically, authentication cookies that keep you logged in when you use the platform. These are essential for the service to function and do not require your consent under the Privacy and Electronic Communications Regulations 2003 (PECR).

We do not use analytics cookies, advertising cookies, social media cookies, or tracking pixels. We do not use any third-party cookies.

Children's data

TheBooker is a business service for tradespeople. It is not directed at children and we do not knowingly collect personal data from anyone under 18. If you believe a child's personal data has been processed by us, please contact us and we will delete it promptly.

Changes to this policy

If we make material changes to this policy, we will notify you directly by email or in-app notification before the changes take effect, giving you reasonable time to review them. We will clearly explain what has changed and why.

We will update this policy whenever we make significant changes to our processing activities.

Complaints

If you are unhappy with how we have handled your personal data, please contact us first at chris@thebooker.ai. We will do our best to resolve your concern.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

← Back to thebooker.ai