Booker: Time & Space Rentals — Privacy Policy

Last updated: 30 June 2026

Booker: Time & Space Rentals (“the App”) lets a Shopify merchant offer time-based bookings for hire products and manage them from the Shopify admin. This policy explains the personal data the App processes on behalf of merchants, why, and how it is protected. For this data the merchant is the data controller and the App provider is the data processor.

Personal data we process

The App processes the minimum data needed to manage a booking:

We do not collect or store phone numbers, addresses, payment details, or marketing data. Customer name and email are read only from the order when a customer completes a booking purchase.

How and why we use it

Data is used solely to create and confirm the booking the customer requested and to let the merchant manage and contact them about it. The legal basis is performance of that booking. We never sell personal data, share it with third parties for their own purposes, or use it for marketing, advertising, profiling, or automated decisions that have legal or similarly significant effects.

Where data is processed (sub-processors)

Retention

Booking records are kept only while operationally needed and are erased when a merchant uninstalls the App (on Shopify’s shop/redact request, ~48 hours after uninstall). An individual customer’s personal data is erased on a customers/redact request. We respond to customers/data_requestwith the data held for that customer.

Data subject rights

Customers may exercise GDPR/CCPA rights (access, erasure) by contacting the merchant they booked with; the merchant relays the request to us via Shopify’s data-request and redaction flows, which the App honours automatically. You may also contact us directly at booker-app@protonmail.com.

Security

Data is encrypted in transit (TLS) and at rest (AES-256 via Neon), including backups. Access to personal data is restricted on a least-privilege basis with strong passwords and two-factor authentication, and access and erasure events are logged. Our security and incident-response practices are available on request.

International transfers

Where data is processed outside your region, it is protected by appropriate safeguards (e.g. Standard Contractual Clauses) and our sub-processors’ own compliance programmes.

Changes

We may update this policy; the “last updated” date reflects the latest version.

Contact

Questions about this policy: booker-app@protonmail.com.

Data Processing Agreement →