Terms of Service

Last updated: 2026-04-26

TheBooker — Terms of Service

Last updated: [DATE] Version: 1.0 (draft — pending solicitor review)

These terms are the agreement between you and THEBOOKER LTD when you use TheBooker. We've written them in plain English because our customers are sole-trader tradespeople, not corporate legal teams. They're still a legal contract, so please read them.

Our Constitution sets out the principles that guided how we wrote these terms. If you ever think something in this document conflicts with what the Constitution promises, tell us — we'll either fix the terms or have an honest public conversation about the Constitution.

Our Privacy Policy explains how we handle your personal data, and what we do with the messages that come through the platform. This agreement and the Privacy Policy should be read together. If anything in them seems to conflict, the Privacy Policy governs data protection questions and these terms govern everything else.

Schedule 1 to these terms is our Data Processing Agreement. It forms part of this agreement and applies automatically when you use the service.

1. Who we are

THEBOOKER LTD (company number 17014293), a company incorporated in England and Wales.

Registered office: 167-169 Great Portland Street, Fifth Floor, London W1W 5PF, United Kingdom.

Contact: chris@thebooker.ai

In these terms we refer to ourselves as "TheBooker," "we," "us," or "our." We refer to you as "you" or the "Customer."

2. These terms

2.1 When these terms apply

These terms apply from the moment you create an account and continue until the agreement ends under section 9.

2.2 Changes to these terms

We may update these terms from time to time. If we make changes that materially affect your rights or obligations, we will:

Tell you directly, by email or in-app notification, with reasonable notice — normally at least 30 days — before the changes take effect.
Clearly explain what has changed and why.
Give you the opportunity to cancel your subscription before the changes take effect if you don't agree with them.

For minor changes that don't materially affect your rights (typos, clarifications, updated contact details, new sub-processors covered by Schedule 1), we'll update the document and note the revision date. You can see the current version and the "last updated" date at the top of this page.

2.3 Order of precedence

If there's a conflict between documents, the order of precedence is:

The Privacy Policy, for anything relating to personal data.
Schedule 1 (DPA), for anything relating to personal data processed on your behalf.
These Terms of Service.
Any other document we publish or send you.

Our Constitution informs how we interpret this agreement but does not override any specific legal provision in it.

3. What TheBooker does

TheBooker is an AI-powered enquiry management platform for UK tradespeople. The service includes:

Enquiry ingestion. We receive enquiries through the channels you enable. Today that means email (which you forward to us through a rule set up with your own email provider) and a web enquiry form. Over time we may add other channels, such as SMS or WhatsApp; new channels will be opt-in and described in the app before you use them.
Classification. Our AI classifies each incoming enquiry — is it a booking enquiry, a general question, a reply to an existing conversation, a newsletter, spam, or something else?
Draft replies. For enquiries and general questions, the AI drafts a suggested reply based on the content of the message and your business profile.
Review and approval. You see every draft in the app. You approve, edit, or dismiss it. Nothing is sent without your approval.
Sending. When you approve a draft, we send the reply on your behalf. Depending on your set-up, this may be sent from your own email address — either through our own email infrastructure (where your domain allows this) or directly through your email provider where you have connected it to us and that provider supports sending through an authenticated API (for example, Gmail or Microsoft 365). Where neither option is available (for example, with consumer Gmail addresses on strict sending policies, or with iCloud Mail, which does not offer a send-on-behalf API), we send from a branded TheBooker address that clearly identifies your business.
Calendar integration (optional). If you connect a calendar account — such as Google, Microsoft, or Apple (via CalDAV) — the AI uses your availability to inform its drafts.
Push notifications. We notify you when new drafts are ready for review.

We may add, change, or remove specific features over time. Where a change materially reduces the functionality you rely on, we'll let you know in advance and — if the change affects a feature central to your use of the service — offer you a pro-rata refund if you choose to cancel.

Not every channel works with every provider. In particular, iCloud Mail does not support forwarding to external addresses, and does not offer a send-on-behalf API, so iCloud mailboxes cannot be used as an ingestion or sending channel today. We'll tell you up front in the app if a provider you're trying to connect has limitations like this.

4. Account and eligibility

4.1 Who can use TheBooker

You can use TheBooker if:

You are at least 18 years old.
You are using the service for a UK-based trade or small business.
You have the authority to enter into this agreement on behalf of the business that will use the service.

One account is for one business. If you run multiple businesses, you'll need a separate account for each.

4.2 Authentication

We use magic link authentication — no passwords. You receive a single-use link by email to sign in. Keep your email account secure. We treat anyone who can access your magic link as authorised to act on your account.

If you think someone has accessed your account without your permission, tell us straight away at chris@thebooker.ai.

4.3 Your information

You must give us accurate information when you sign up and keep it up to date. We rely on your business profile to configure the AI, so if your trade, service area, or working hours change, please update them.

5. How your enquiries reach us

5.1 You choose the channels

TheBooker works because you choose to route your enquiries to us. For email, that means setting up a forwarding rule with your email provider; for a web enquiry form, it means embedding or linking to a form we host; for any future channel we support, it will mean an equivalent act on your part. You do this by your own choice, and you can stop at any time by removing the forwarding rule, taking down the form, or disconnecting the channel.

5.2 Who controls what

For the personal data involved, our roles are:

Your account data (your name, email, business profile, billing, calendar and provider tokens) — we are the data controller. How we handle this is set out in the Privacy Policy.
The content of enquiries and other messages that reach us through your channels, including personal data about the people contacting you — you are the data controller. We are your data processor. This is formalised in Schedule 1 (the DPA), which governs how we process this data on your behalf.

5.3 You should tell your customers

Because you are the controller for your customers' personal data, we recommend you let them know that you use a third-party service to help manage enquiries. A short note in your email signature, on your website, or on your enquiry form is usually enough. We can provide suggested wording on request.

5.4 What we do with incoming messages

Our system classifies every incoming message and handles it according to what it is, as set out in the Privacy Policy. Briefly:

Enquiries and replies within conversations — retained, AI draft generated, presented for your review.
Non-enquiry, non-sensitive messages (newsletters, adverts, personal messages received via forwarded email) — made visible in a filtered view for 14 days as a safety net, then anonymised or deleted.
Authentication and security messages (2FA codes, password resets, login links received via forwarded email) — detected and deleted immediately; never stored.
Messages containing special category data that aren't enquiries — same 14-day filtered view, then anonymised or deleted.

Full details, retention periods, and lawful bases are in the Privacy Policy.

6. AI and your role in the loop

6.1 AI is always named

When AI is involved in drafting, classifying, or suggesting something, you'll know. We don't hide it.

6.2 AI is not infallible

The AI that drafts replies is very good at what it does, but it can be wrong. It can misunderstand context, get facts wrong, make up details, misjudge tone, or miss things. You are the human in the loop and you are responsible for the content of anything that leaves your account.

Before you approve a draft, read it. Make sure it's accurate. Make sure it reflects how you want to respond. Edit it if it doesn't. If it's not right, dismiss it and write your own.

6.3 What we're not liable for

We're not liable for:

The content of any AI-drafted reply that you approve and send. Once you approve it, it's yours.
Decisions you make in reliance on an AI classification (for example, if our classifier misses an enquiry). We do everything reasonable to make the system work well, but you should treat the app as a tool that helps you, not as a guarantee that nothing has been missed.
Emails that fail to be delivered for reasons outside our control, such as your customer's inbox rejecting mail from our sending infrastructure, your own provider's forwarding rule failing, or DNS issues on domains we don't control.

This doesn't exclude liability we can't lawfully exclude (see section 15).

7. Automated AI actions (future features)

We may introduce features that let the AI take certain actions on your behalf without approving each one individually — for example, automatically sending a standard reply to confirm a booking, or silently filtering obvious spam.

If and when we do:

These features will be off by default. You'll need to turn them on.
They'll be configurable. You'll choose which actions the AI can take automatically and which still need your approval.
You can turn them off at any time, returning to full human review.
We'll update the Privacy Policy and these terms before any such feature goes live, and tell you what's changing.
We will never use automated AI actions to make decisions with legal effects or similarly significant effects on you or anyone else.

Until then, nothing goes out of your account without your express approval for each message.

8. Pricing and billing

8.1 What you pay

£30 per month, charged in advance. This is a flat subscription fee. We don't charge per email, per enquiry, per booking, or per message sent. There are no transaction fees.

If we ever need to change our pricing, we'll tell you with plenty of notice and work with you to find a path that works. We won't silently raise prices.

8.2 How we take payment

Payments are processed by Stripe. You give Stripe your payment details during sign-up; we don't see or store your card details. Your subscription renews automatically each month until you cancel.

8.3 Failed payments

If a payment fails, Stripe will attempt to recover it according to our dunning configuration, and will contact you directly about the failure. If recovery isn't successful after Stripe's retry process completes, we'll suspend your account. Your data is preserved during suspension — nothing is deleted — and the service resumes as soon as payment is successful. If the subscription remains unpaid after Stripe's recovery process has ended, we'll treat the account as cancelled by you and begin the deletion process in section 9.4.

8.4 Refunds

If you cancel mid-month, your subscription continues until the end of the current billing period and we don't issue a pro-rata refund for the unused portion. Exception: if we materially reduce functionality central to your use of the service, you can cancel and we'll refund the unused portion of the month (section 3).

If we're clearly at fault for something that caused you to lose use of the service for a meaningful period, tell us — we'd rather sort it out directly than hide behind a no-refunds clause.

8.5 VAT

THEBOOKER LTD is not currently registered for UK VAT. Our fees are the total amount you pay — no VAT is added or charged. You won't receive a VAT invoice because we're not legally able to issue one while we remain unregistered.

If we register for VAT in future, we'll tell you with reasonable notice before the change takes effect, explain how it affects your invoice, and start issuing VAT invoices through Stripe from that point on.

9. Cancellation, suspension and termination

9.1 You can cancel any time

You can cancel your subscription at any time from within the app or by emailing chris@thebooker.ai. You don't need to give a reason. There's no cancellation fee, no retention clause that locks in your data, no argument.

Your subscription continues until the end of the current billing period. You keep full access until then.

9.2 We can end the agreement

We can terminate this agreement on 30 days' written notice for any reason. If we do this without cause, we'll refund any prepaid fees covering the period after termination.

We can also terminate immediately if:

You materially breach these terms (including section 12, acceptable use) and don't fix the breach within 14 days of us asking you to.
You use the service for activity that is illegal, fraudulent, or harmful.
You fail to pay and the failure isn't resolved within the timeframe in section 8.3.
You enter insolvency, administration, or similar proceedings.

9.3 We can suspend rather than terminate

If we have a good reason (security concern, suspected abuse, an unpaid invoice, a request from a regulator or law enforcement), we can suspend your account temporarily while we investigate. We'll tell you why, unless we're legally prevented from doing so, and we'll lift the suspension as soon as the reason for it is resolved.

9.4 What happens to your data when the agreement ends

During a grace period after cancellation or termination — normally around 30 days — your data remains available so you can export it. You can download your enquiries, sent replies, and account information through the app. If the app is unavailable to you for any reason, email chris@thebooker.ai and we'll provide the data in a structured, commonly used, machine-readable format.
After the grace period, we delete your account and associated data, except:

Billing records, which we're legally required to keep for 6 years after the end of your subscription (HMRC obligation).
Anonymised data you opted in to contribute to system improvement, which is no longer personal data and falls outside UK GDPR.

You can ask for earlier deletion at any time. We'll comply within one month, in line with UK data protection law. If this means we have to stop processing before you've had a chance to export your data, that's a choice you're making and we'll proceed.

10. Your content and your rights

10.1 You own your data

You own the data you put into TheBooker, and the personal data your customers have shared with you by emailing you. We don't claim any ownership of it. Your content is yours.

10.2 The licence you give us

To run the service, we need a limited licence to handle your data. You grant us a non-exclusive, worldwide, royalty-free licence to:

Host, store, transmit, copy, display, and process your content, including messages received through your connected channels and the replies we help you draft and send.
Use the content as necessary to provide the service to you — including AI classification and draft generation — all as described in the Privacy Policy and Schedule 1.

This licence exists only for the purpose of providing the service. It ends when you stop using the service and your data is deleted.

10.3 Anonymised data and system improvement

We may wish to use anonymised data derived from your account to improve the platform. This is opt-in only, and it's explained in full in the Privacy Policy and in Schedule 1.

Once anonymised as described there, the data is no longer personal data. You don't own anonymised data (nobody does, legally speaking), and we may use it to improve the system without further payment or attribution. If you haven't opted in, we don't create or use anonymised data derived from your account for this purpose at all.

11. Our platform

11.1 Our IP

We own the TheBooker platform — the software, the design, the name, the brand. Using the service doesn't transfer any of this to you. We grant you a limited, non-exclusive, non-transferable right to use the platform for your business for as long as this agreement is in place.

11.2 Feedback

If you send us ideas, suggestions, or feedback about the product, we can use them to improve the service without any obligation or payment to you. This doesn't extend to your personal data or your customers' data, which are governed by the Privacy Policy and Schedule 1.

12. Acceptable use

Please don't use TheBooker to:

Do anything illegal, or help anyone else do anything illegal.
Harass, threaten, deceive, or harm anyone.
Send spam, phishing messages, or unsolicited bulk communications.
Impersonate another person or business.
Attempt to bypass security, authentication, or access controls — yours or ours.
Reverse-engineer, scrape, or extract data from the platform beyond your own account.
Use the service to compete with TheBooker, or to build a competing product.
Upload or transmit malware, viruses, or anything else designed to damage or disrupt software.
Overload the service with automated requests beyond what's needed for normal use.

If we think you're doing any of these, we can suspend or terminate your account under section 9.

13. Third-party services

TheBooker relies on third-party services to do its job. These include our infrastructure provider (Amazon Web Services, including the components we use for AI inference and email delivery), our payment processor (Stripe), and any email or calendar providers you choose to connect to your account (for example, to let us send replies as your own email address, or to read your availability). The current list of sub-processors is maintained in Schedule 1, Annex B, and on our website.

When you use a third-party service through TheBooker — for example, by connecting your calendar, or by authorising us to send replies through your email provider — that service's own terms and privacy policy apply to your use of it. We're not responsible for how those services handle your data beyond what's covered in our agreement with them and in Schedule 1.

We may change or add sub-processors from time to time. Schedule 1 explains how we notify you of changes and what you can do if you object.

14. Availability and support

14.1 We aim for high availability but don't guarantee it

TheBooker is a cloud service built on AWS. We design for reliability, but no service is available 100% of the time. We don't offer a formal Service Level Agreement with uptime commitments or service credits at the £30/month tier. If and when we offer tiers that include an SLA, we'll say so clearly.

14.2 Planned maintenance

We try to avoid downtime. Where maintenance is needed, we do it outside UK business hours wherever possible, and give advance notice where we can.

14.3 Support

Support is by email at chris@thebooker.ai. We aim to reply as quickly as we reasonably can. Urgent issues — an account compromised, data appearing in the wrong place, anything security-related — are prioritised and we respond as fast as we're able.

15. Limitation of liability

15.1 What we can't exclude

Nothing in this agreement excludes or limits liability for:

Death or personal injury caused by our negligence.
Fraud or fraudulent misrepresentation.
Anything else that can't be excluded or limited under UK law.

15.2 What we exclude

Subject to section 15.1, we are not liable for:

Indirect, special, or consequential losses.
Loss of profits, loss of revenue, loss of goodwill, loss of anticipated savings, loss of business, or loss of opportunity, however arising.
Loss or corruption of data beyond our obligations under the Privacy Policy and Schedule 1.
The content of AI-drafted replies that you approved and sent (see section 6.3).
Failures or delays caused by third-party services we rely on (AWS, Stripe, email providers, calendar providers), where we have acted reasonably in selecting and using them.

15.3 Cap on our total liability

Subject to section 15.1, our total liability to you in any 12-month period — in contract, tort (including negligence), breach of statutory duty, or otherwise — is capped at the total fees you have paid us in the 12 months immediately before the event giving rise to the claim.

This cap reflects a £30/month B2B SaaS priced for affordability. We think it's a fair allocation of risk, and it's part of why we can offer the service at this price.

15.4 Your own insurance

You are responsible for your own business, including maintaining appropriate insurance. Nothing in these terms is a substitute for professional indemnity or public liability insurance for your trade.

16. Indemnity

You agree to cover us for any third-party claim, loss, or cost we suffer because you:

Used the service in a way that materially breaches these terms (especially section 12).
Sent a reply that was unlawful, defamatory, or infringed someone else's rights — whether the draft came from the AI or you wrote it yourself. Once you approve and send, it's your message.
Gave us inaccurate or misleading information in your business profile or account.

This indemnity is capped at the same level as our liability under section 15.3, except where the claim arises from your fraud, illegal conduct, or wilful misconduct, in which case the cap does not apply.

We'll tell you about any claim we think is covered by this section, give you a reasonable opportunity to respond to it, and not settle it without talking to you first.

17. Confidentiality

We'll each treat the other's confidential information as confidential, use it only to perform this agreement, and not share it with anyone else except employees, contractors, or sub-processors who need it and who are under equivalent confidentiality obligations.

Confidential information doesn't include information that is or becomes public through no fault of the receiving party, was already known before disclosure, or is required to be disclosed by law or a regulator (in which case we'll tell you, if we're allowed to).

This section survives termination of the agreement.

18. Force majeure

Neither of us is liable for failing to perform this agreement if the failure is caused by something genuinely outside our reasonable control — for example, an extended AWS region outage, a national internet disruption, a pandemic, war, natural disaster, or a change in law that makes performance impossible. The affected party will tell the other as soon as reasonably practicable and will do what's reasonable to mitigate the impact.

If a force majeure event continues for more than 30 days, either party may terminate the agreement by written notice.

19. Notices

Formal notices under this agreement must be in writing. You can send notices to us at chris@thebooker.ai. We'll send notices to you at the email address on your account. Email notices are considered received on the day they're sent, unless we receive a delivery failure.

20. Assignment

You can't transfer this agreement or your rights under it to anyone else without our written consent, which we won't unreasonably withhold.

We can transfer this agreement — for example, if the company is sold or restructured — provided your rights under it are not materially reduced. We'll tell you if this happens.

21. Entire agreement and miscellaneous

Entire agreement. These terms, Schedule 1, and the Privacy Policy are the entire agreement between us about the service.
Variation. Changes to this agreement must be in writing (including email or in-app notification under section 2.2).
Waiver. If we don't enforce a right straight away, that doesn't mean we've given it up.
Severability. If any part of this agreement is found to be unenforceable, the rest stays in force.
Third parties. No one other than you and us has any rights under the Contracts (Rights of Third Parties) Act 1999.
Relationship. We're independent contractors. This agreement doesn't create a partnership, joint venture, agency, or employment relationship.

22. Governing law and jurisdiction

This agreement is governed by the laws of England and Wales.

Any dispute arising out of or in connection with it is subject to the exclusive jurisdiction of the courts of England and Wales.

Before starting formal proceedings, we ask you to contact chris@thebooker.ai so we can try to resolve the issue directly. Most problems can be sorted with a conversation.

23. Definitions

"Agreement" means these Terms of Service, Schedule 1 (DPA), and the Privacy Policy, read together.
"Customer data" means all data you submit to the service, and all personal data processed by us on your behalf (including the content of messages received through your connected channels).
"Personal data", "data controller", "data processor", "data subject", "processing", "sub-processor", and "special category data" have the meanings given in UK GDPR.
"Service" means the TheBooker platform as described in section 3.
"Sub-processor" means any third party engaged by us to process personal data on behalf of the Customer, as listed in Schedule 1, Annex B.
"UK GDPR" means the United Kingdom General Data Protection Regulation, together with the Data Protection Act 2018.

Schedule 1 — Data Processing Agreement

Between:

THEBOOKER LTD (company number 17014293), registered office 167-169 Great Portland Street, Fifth Floor, London W1W 5PF ("Processor," "TheBooker," "we," "us")

and

the Customer identified in the account to which this agreement applies ("Controller," "you")

This DPA forms Schedule 1 to the Terms of Service and takes effect automatically when you use the service. It sets out the terms on which TheBooker processes personal data on your behalf as your data processor, in accordance with Article 28 of UK GDPR.

1. Purpose

You, the Controller, use TheBooker to help manage email enquiries from your customers. As part of the service, you forward business email to us. We process the personal data within those emails on your behalf, under your instructions, to provide the service.

This DPA governs that processing. It sits alongside the Privacy Policy, which is the primary customer-facing description of how we handle personal data.

2. Definitions

Terms used in this DPA have the meanings given in UK GDPR. In particular:

"Controller", "Processor", "Sub-processor", "Processing", "Personal Data", "Data Subject", "Special Category Data", and "Personal Data Breach" have the meanings given in UK GDPR.
"UK GDPR" means the United Kingdom General Data Protection Regulation together with the Data Protection Act 2018.
"Customer Personal Data" means personal data that we process on your behalf in connection with the service, as further described in Annex A.
"Applicable Data Protection Law" means UK GDPR and any other data protection law applicable to the processing carried out under this DPA.

3. Roles of the parties

For Customer Personal Data:

You are the Controller. You decide why and how the personal data of your customers is processed.
TheBooker is the Processor. We process Customer Personal Data on your behalf and on your instructions.

This DPA does not cover personal data for which TheBooker is the Controller (for example, your own account data as a tradesperson). That processing is governed by the Privacy Policy.

4. Subject matter, duration, nature and purpose of processing

Set out in Annex A to this DPA.

5. Types of personal data and categories of data subjects

Set out in Annex A to this DPA.

6. The Controller's instructions

6.1 Processing is under your instructions

TheBooker will process Customer Personal Data only on documented instructions from you, unless required to do otherwise by law. Where the law requires processing outside your instructions, we will notify you of that legal requirement before processing, unless the law prohibits us from doing so.

6.2 Your standing instructions

By signing up for the service and using it as documented, you instruct us to process Customer Personal Data as needed to:

Receive messages through the channels you have enabled (today: forwarded email and web enquiry form; in future, other channels as you connect them) and classify them.
Generate AI-drafted replies to messages classified as enquiries.
Present classified messages and drafts to you in the app.
Send replies that you have approved, through the sending method available for your set-up (our own email infrastructure, your connected email provider via an authenticated API, or a branded TheBooker address).
Retain, anonymise, or delete received messages in accordance with the four-path handling described in the Privacy Policy and section 9 of this DPA.
Provide support, handle data subject requests referred to us, and otherwise operate the service.

6.3 Additional instructions

You can give us additional instructions at any time by contacting us at chris@thebooker.ai. If we believe an instruction infringes Applicable Data Protection Law, we will tell you promptly and may pause the relevant processing while we discuss it.

6.4 Your obligations

You warrant that:

You have the right to forward emails to us for processing.
You have a lawful basis for the processing you instruct us to carry out.
You will provide any notices and obtain any consents required for the processing, including letting your customers know that a third-party service processes email on your behalf.
The instructions you give us comply with Applicable Data Protection Law.

7. The Processor's obligations

7.1 Security

We will implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to the risk, as required by Article 32 of UK GDPR. These measures take into account the state of the art, the cost of implementation, and the nature, scope, context, and purposes of processing, and the risk of varying likelihood and severity for the rights and freedoms of Data Subjects.

A current description of the technical and organisational measures in place is available on request by emailing chris@thebooker.ai. We will review and, where necessary, update these measures over time to reflect changes in the risk landscape and the state of the art.

7.2 Confidentiality

We will ensure that anyone authorised to process Customer Personal Data on our behalf is bound by a duty of confidentiality, whether through contract or statutory obligation.

7.3 Sub-processors

Current sub-processors. The sub-processors we currently use are listed in Annex B. By entering into this DPA, you give general authorisation for us to engage these sub-processors.

Changes. If we want to add or replace a sub-processor, we will:

Update Annex B and the sub-processor list on our website.
Notify you with reasonable notice — normally at least 30 days — before the new sub-processor starts processing Customer Personal Data, by email or in-app notification.
Give you the opportunity to object. If you reasonably object to the new sub-processor on data protection grounds, we will work with you in good faith to find a resolution. If we can't, you may terminate this agreement without penalty and we will refund the unused portion of your current billing period.

Our responsibility. We remain responsible to you for the performance of our sub-processors' obligations, as if we had carried out the processing ourselves. We will enter into a written contract with each sub-processor imposing terms no less protective than those in this DPA.

7.4 Assistance with data subject requests

We will, taking into account the nature of the processing, assist you by appropriate technical and organisational measures in fulfilling your obligation to respond to requests to exercise Data Subject rights under Chapter III of UK GDPR (access, rectification, erasure, restriction, portability, objection).

In practice, you have direct access within the app to most Customer Personal Data. For requests that require our assistance — for example, providing data we hold in system logs — contact us at chris@thebooker.ai and we will assist within a timeframe that lets you respond to the Data Subject within the statutory one-month period.

If a Data Subject contacts us directly, we will refer them to you without engaging with the substance of the request, unless you instruct us otherwise.

7.5 Assistance with other compliance duties

Taking into account the nature of the processing and the information available to us, we will assist you in meeting your obligations under Articles 32 to 36 of UK GDPR relating to:

Security of processing.
Notification of Personal Data Breaches to the ICO.
Communication of Personal Data Breaches to Data Subjects.
Data Protection Impact Assessments (DPIAs).
Prior consultation with the ICO where required.

7.6 Personal Data Breach notification

We will notify you of a Personal Data Breach affecting Customer Personal Data without undue delay after becoming aware of it, and where feasible no later than 72 hours. This timing reflects the standard set out in Article 33 of UK GDPR and gives you the window you may need to meet your own notification obligations to the Information Commissioner's Office.

Our notification will describe, to the extent known at the time:

The nature of the breach, including the categories and approximate number of Data Subjects and records affected.
The likely consequences of the breach.
The measures taken or proposed to address the breach and mitigate its effects.
Contact details for further information.

If full information isn't available in the initial notification, we will provide what we know and follow up as more becomes available. We will cooperate with you and provide reasonable assistance in your own investigation and notification obligations.

7.7 Deletion or return on termination

On termination of this agreement — whether by cancellation, expiry, or any other reason — we will, at your choice:

Return Customer Personal Data to you, in a structured, commonly used, machine-readable format; or
Delete Customer Personal Data.

Unless you tell us otherwise within the grace period described in section 9.4 of the Terms of Service, we will delete Customer Personal Data.

We may retain Customer Personal Data beyond termination only to the extent required by law, and only for as long as required by that law. Any retained data will remain subject to the confidentiality and security obligations of this DPA for as long as we hold it.

7.8 Audit

We will make available to you all information reasonably necessary to demonstrate compliance with our obligations under this DPA and Article 28 of UK GDPR.

How audit works for a service like ours. TheBooker operates from a serviced/registered-office address and runs on cloud infrastructure operated by our sub-processors. There is no physical processing site we operate that would be the subject of a meaningful on-site audit. The substantive security posture of the platform is provided, in large part, by our infrastructure sub-processors (principally AWS), who are independently audited under schemes such as SOC 2 and ISO 27001 and make those attestations available to us for diligence.

What we provide instead of an on-site audit. Your audit rights under this DPA are satisfied by:

Written responses to reasonable questions you have about our processing activities, the technical and organisational measures we have in place, and our compliance with this DPA.
A current description of our technical and organisational measures on request.
Summary results or certification details of any third-party audits or attestations held by us or our sub-processors, to the extent we are permitted to share them.
Access to sub-processors' own publicly available compliance documentation (for example, the AWS Artifact portal lists AWS's SOC reports, ISO certifications, and similar material).

No on-site audit right. Given the above, this DPA does not grant you a right to inspect TheBooker's registered office or any other physical premises, and does not grant you a right to inspect the premises of our sub-processors. Requests of that nature will be addressed through the information-based mechanisms above.

Regulator cooperation. Where the Information Commissioner's Office or another supervisory authority with jurisdiction requires any form of audit, inspection, or access in respect of Customer Personal Data, we will cooperate fully with the regulator in the manner and timescale the regulator requires, notwithstanding the paragraph above.

Reasonable limits. Written audit requests should be proportionate and limited to what is reasonably necessary to satisfy your obligations as Controller. We may decline requests that are excessive, repetitive, or would require us to disclose information that is confidential to other customers, covered by legal privilege, or governed by an NDA with a sub-processor.

8. International transfers

Our primary processing location is the United Kingdom, in AWS's London (eu-west-2) region. Some processing may take place outside the UK, as described in the Privacy Policy (for example, AI inference via Amazon Bedrock may use US regions depending on model availability; Stripe processes payments in the US).

Where Customer Personal Data is transferred outside the UK, the transfer is made in reliance on one or more of the following safeguards:

The UK Extension to the EU-US Data Privacy Framework (the "UK-US Data Bridge") where the receiving organisation is certified under it (Stripe is).
The UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, as appropriate.
The AWS Data Processing Addendum, which incorporates Standard Contractual Clauses where relevant, and AWS's commitments regarding data handling across regions.

We will provide copies of the relevant transfer mechanisms on request.

If we start transferring Customer Personal Data to any jurisdiction not covered by an existing adequacy decision or safeguard, we will put an appropriate safeguard in place before the transfer begins and update the Privacy Policy and this DPA.

9. Processing of different categories of received message

Where enquiries are received through a channel that is, by its nature, enquiry-only (for example, a web enquiry form or, in future, an SMS shortcode or WhatsApp business number), those messages are handled as enquiries under section 9.1.

Forwarded email is different, because the Controller's entire inbox traffic reaches us — including non-enquiries — and therefore requires the four-path handling described below. The Privacy Policy describes how this works in operational terms; this section formalises the data processing consequences.

9.1 Enquiries and related emails

Retained, classified, and used to generate AI drafts. Retained for 24 months from the last activity in a conversation thread, then deleted.

9.2 Non-enquiry, non-sensitive emails

Classified, made visible in a filtered view for 14 days, then anonymised or deleted. No AI draft is generated. The 14-day retention exists as a safety net against misclassification.

9.3 Authentication and security emails

Detected and deleted immediately on identification. Not classified, not retained, not indexed, not used for any other purpose. This is a standing instruction from you to us: we never retain or process authentication credentials forwarded to us, regardless of any other instruction.

9.4 Emails containing Special Category Data

Where such emails are enquiries, they are handled as in 9.1. Where they are not enquiries, they are handled as in 9.2 (14 days, then anonymised or deleted).

Because we do not rely on Special Category Data for any purpose of our own, we do not require a condition under Article 9 of UK GDPR. Where processing of Special Category Data is required by your instructions or is incidental to processing under your instructions, you are responsible for identifying a valid Article 9 condition and notifying us if specific restrictions apply.

9.5 Anonymised data and system improvement

Any use of Customer Personal Data for improving the system is opt-in, requires your affirmative consent, and uses fully anonymised data only. Once anonymised as described in the Privacy Policy, the data is no longer Personal Data and falls outside UK GDPR. If you haven't opted in, we do not create or retain anonymised data from your account for this purpose.

10. Liability

Each party's liability under this DPA is subject to the limitations and exclusions set out in the Terms of Service.

Nothing in this DPA relieves either party of its own obligations or liabilities under UK GDPR or other Applicable Data Protection Law, including any liability to Data Subjects or to the ICO.

11. Priority and interpretation

In case of conflict between this DPA and the main body of the Terms of Service, this DPA prevails on matters of data protection. In case of conflict between this DPA and the Privacy Policy, the Privacy Policy prevails in its description of what happens operationally, and this DPA prevails in defining the legal relationship.

If any provision of this DPA is inconsistent with Applicable Data Protection Law, it will be read down or severed to the extent necessary, and the rest of the DPA remains in force.

Annex A — Details of Processing

Subject matter of processing: Personal data contained within messages received by TheBooker through channels enabled by the Controller (including forwarded email and web enquiry form submissions, and any future channels the Controller connects), and personal data created by TheBooker in connection with processing those messages (for example, classifications and AI-generated draft replies).

Duration of processing: For the duration of the Agreement, plus the retention periods set out in the Privacy Policy and section 9 of this DPA. On termination, data is returned or deleted as set out in section 7.7.

Nature and purpose of processing: Receiving, classifying, storing, retrieving, generating AI drafts in relation to, transmitting (when approved by the Controller), anonymising, and deleting the content of messages, in order to provide the enquiry management service described in the Terms of Service.

Types of Personal Data processed:

Identifying data (names, email addresses, phone numbers where included in messages).
Contact details (postal addresses, business addresses, where included).
Content of communications (subject lines, body text, form field entries, attachments where applicable).
Metadata (timestamps, message IDs, sender domains, source channel).
Where incidentally included in message content: Special Category Data, as described in the Privacy Policy.

Categories of Data Subjects:

The Controller's customers and prospective customers (the people contacting the Controller through any enabled channel).
Other individuals whose personal data is incidentally included in messages received (for example, people mentioned by name in the body of a message).
Authors of non-enquiry messages received through forwarded email (newsletter senders, friends/family, etc.), prior to their deletion or anonymisation.

Annex B — Sub-processors

Our sub-processors fall into the categories below. The authoritative, up-to-date list of specific sub-processors — including company names, legal entities, processing locations, and transfer mechanisms — is maintained at [https://thebooker.ai/sub-processors] and will be kept current.

Category	Role	Examples at the date of this DPA
Core infrastructure provider	Hosting, storage, compute, AI inference, email receipt and sending through our own infrastructure	Amazon Web Services (primarily eu-west-2 / London; certain services may process in other regions, including US regions, depending on service availability)
Payment processor	Processing of the Controller's subscription payments. (Primarily processes the Controller's own account data, for which TheBooker is the Controller rather than a Processor; listed here for full transparency on data flows.)	Stripe
Email and calendar providers connected by the Controller	Where the Controller authorises us via OAuth or an equivalent mechanism to (a) read calendar availability, or (b) send replies through the Controller's own email account's authenticated API. The underlying provider continues to operate under its own terms and privacy policy for the Controller's account with it.	Providers the Controller chooses to connect, such as Google, Microsoft, Yahoo, or Apple (iCloud via CalDAV for calendar; note iCloud Mail is not supported for ingestion or sending). Others may be added over time as we support additional providers.

Transfer mechanisms. Where a sub-processor processes Customer Personal Data outside the United Kingdom, we rely on one or more of the following, as appropriate: the UK Extension to the EU-US Data Privacy Framework (the "UK-US Data Bridge") where the sub-processor is certified; the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses; or a sub-processor's own data processing terms incorporating equivalent safeguards (for example, the AWS Data Processing Addendum). The specific mechanism applied to each named sub-processor is recorded in the online sub-processor list.

Changes. We may add, replace, or remove specific sub-processors within these categories from time to time. Changes are notified as set out in section 7.3 of this DPA.

End of Schedule 1.

Flags for solicitor review

This is a first draft prepared for internal review. Before relying on this as a binding customer-facing document, please have a UK solicitor review:

Section 2.2 (Changes to terms): Material-change notice has been softened from "at least 30 days" to "reasonable notice, normally at least 30 days" to retain flexibility for security-driven updates. Confirm this is still clear enough and compatible with how Stripe billing handles mid-cycle changes.
Section 3 (functional scope): Confirm the described service matches production scope at launch — particularly the "channels" language (email and web form today; future channels generic) and the three sending pathways (own infrastructure, authenticated provider API, branded address). Explicitly flagged: iCloud Mail is excluded as a channel. Confirm there are no other providers whose constraints deserve a named mention.
Section 8.3 (Failed payments): Mechanics are deferred to Stripe's dunning configuration. Confirm the Stripe dunning rules actually configured on the account match the "suspend, preserve data, then cancel if unpaid" outcome promised here.
Section 9.4 (Termination / data grace): Softened from "30-day grace" to "normally around 30 days." Still a meaningful promise — confirm deletion pipeline can hit it reliably. Right to earlier deletion aligned to UK GDPR's "within one month" standard.
Section 14.3 (Support): Specific response times (one working day, few hours) have been removed. Consider whether you want to publish a soft expectation on the website (not in the terms) to set customer expectations without contractual risk.
Section 15.3 (Liability cap): The cap is set at fees paid in the prior 12 months. A solicitor may advise a slightly different formulation (e.g. the greater of fees paid and £X, or a multiple of annual fees). Some UK SaaS customers will expect this.
Section 16 (Indemnity): The scope is narrow and appropriate for a £30/mo B2B SaaS. Larger customers may ask for a reciprocal IP indemnity; decide whether to include one as standard now or on negotiation.
Schedule 1 Section 7.1 (Security): Specific technical and organisational measures are no longer enumerated in the DPA itself; they are provided on request. Maintain a "TOMs summary" document separately so it's ready when a prospect asks. Some larger counterparties will expect an annex.
Schedule 1 Section 7.3 (Sub-processor change notice): Softened from "at least 30 days" to "reasonable notice, normally at least 30 days." The termination right remains intact for objected-to changes.
Schedule 1 Section 7.6 (Breach notification): The 72-hour timing is now framed as "where feasible" and aligned to Article 33 language. This matches UK GDPR's standard for controller-to-regulator notification and gives a real safety valve for cases where identifying the full breach scope takes longer. Still tight for a solo founder business — confirm detection processes can deliver initial notification within the window.
Schedule 1 Section 7.8 (Audit): This draft removes any physical on-site audit right, framing audit as document-based plus reliance on sub-processors' third-party attestations (e.g. AWS SOC 2). Defensible for a serverless SaaS operated from a registered-office address, but at the stricter end of Article 28(3)(h). Some enterprise counterparties will push back during negotiation. Regulator cooperation is preserved separately.
Schedule 1 Annex B (category-based sub-processor list): The category-based approach lets new providers be added to the maintained online list without a DPA amendment. Some enterprise customers may still request a fully enumerated annex at negotiation time.
Cross-references to URLs (Constitution, Privacy Policy, sub-processor list) need to be replaced with live URLs when the documents are published. The sub-processor page is now load-bearing — the DPA relies on it being kept current.
Consumer law and B2B status: These terms are drafted on the basis that every customer uses TheBooker for business purposes, not as a consumer. Clause 4.1 says so. Confirm signup enforces this and that sales and marketing don't blur the line (which would drag consumer law in).
VAT status (Section 8.5): Drafted on the basis that THEBOOKER LTD is not currently VAT-registered, which is accurate while turnover remains below the £90,000 registration threshold. Monitor turnover. Stripe Tax configuration should be confirmed pre-launch (currently should be set to not charge VAT).

← Back to thebooker.ai