Booker: Time & Space Rentals — Privacy Policy
Last updated: 30 June 2026
Booker: Time & Space Rentals (“the App”) lets a Shopify merchant offer time-based bookings for hire products and manage them from the Shopify admin. This policy explains the personal data the App processes on behalf of merchants, why, and how it is protected. For this data the merchant is the data controller and the App provider is the data processor.
Personal data we process
The App processes the minimum data needed to manage a booking:
- Customer name — to identify the booker on the merchant’s staff dashboard.
- Customer email — so the merchant can contact the booker about their booking.
- Order reference (order id/number) and the booking’s time span — to link the booking to its Shopify order.
We do not collect or store phone numbers, addresses, payment details, or marketing data. Customer name and email are read only from the order when a customer completes a booking purchase.
How and why we use it
Data is used solely to create and confirm the booking the customer requested and to let the merchant manage and contact them about it. The legal basis is performance of that booking. We never sell personal data, share it with third parties for their own purposes, or use it for marketing, advertising, profiling, or automated decisions that have legal or similarly significant effects.
Where data is processed (sub-processors)
- Shopify — source of the order/customer data and host of the embedded admin.
- Vercel — hosts the App server.
- Neon — managed PostgreSQL database storing booking records.
Retention
Booking records are kept only while operationally needed and are erased when a merchant uninstalls the App (on Shopify’s shop/redact request, ~48 hours after uninstall). An individual customer’s personal data is erased on a customers/redact request. We respond to customers/data_requestwith the data held for that customer.
Data subject rights
Customers may exercise GDPR/CCPA rights (access, erasure) by contacting the merchant they booked with; the merchant relays the request to us via Shopify’s data-request and redaction flows, which the App honours automatically. You may also contact us directly at booker-app@protonmail.com.
Security
Data is encrypted in transit (TLS) and at rest (AES-256 via Neon), including backups. Access to personal data is restricted on a least-privilege basis with strong passwords and two-factor authentication, and access and erasure events are logged. Our security and incident-response practices are available on request.
International transfers
Where data is processed outside your region, it is protected by appropriate safeguards (e.g. Standard Contractual Clauses) and our sub-processors’ own compliance programmes.
Changes
We may update this policy; the “last updated” date reflects the latest version.
Contact
Questions about this policy: booker-app@protonmail.com.