Privacy, Terms &
Data Policies

1.1 Acceptance of Terms

By accessing, registering for, or using YourBookingPlatform ("YBP", "we", "us", "our"), you ("User", "Business Owner", "Client", "End Customer") agree to be legally bound by these Terms and Conditions, our Privacy Policy, Data Processing Agreement, and Cookie Policy. If you do not agree, you must not use the platform.

Use of the platform by anyone acting on behalf of a business constitutes acceptance on behalf of that business entity and all its authorized users.

1.2 Eligibility

• You must be at least 18 years of age to register as a business user.
• End customers booking via a business using YBP must comply with the minimum age requirements set by that business.
• You represent that you have the legal authority to enter into this agreement on your own behalf or on behalf of your business.

1.3 Account Responsibilities

• You are solely responsible for maintaining the confidentiality of your login credentials, including passwords and two-factor authentication codes.
• All activities occurring under your account are your responsibility.
• You must notify YBP immediately at support@yourbookingplatform.com if you suspect unauthorized access.
• YBP will never ask for your password via email, phone, or support chat.
• Business accounts are responsible for managing employee access levels and revoking access upon staff departure.

1.4 Permitted Use

You agree to use YBP only for lawful purposes. The following are strictly prohibited:

• Attempting unauthorized access to the platform, other accounts, or connected systems.
• Uploading or transmitting malware, viruses, or harmful code.
• Using the platform to harass, defame, threaten, or violate the rights of others.
• Scraping, harvesting, or data-mining platform content without written consent.
• Reverse engineering, decompiling, or attempting to extract source code.
• Using automated bots or scripts to interact with the platform, except where expressly permitted via API.
• Reselling, sublicensing, or white-labeling the platform without a formal written partnership agreement.

1.5 Subscriptions, Billing & Payment

• YBP offers tiered subscription plans (Basic, Growth, Pro). Current pricing is published on our pricing page and may be updated with advance notice.
• Subscriptions are billed monthly or annually in advance. Fees are non-refundable except as required by applicable law.
• Additional per-employee fees apply beyond the included allocation per plan.
• Payments are processed via secure, PCI-DSS compliant third-party providers. YBP does not store full payment card details.
• If payment fails, YBP may suspend access until outstanding balances are resolved.
• Price changes will be communicated at least 30 days in advance. Continued use after the effective date constitutes acceptance.
• Annual plan refunds may be granted on a pro-rata basis at YBP's discretion for the unused portion.

1.6 Free Trials & Promotional Offers

• Free trials are limited to one per business entity unless otherwise stated.
• At the end of a trial, your account will expire or require selection of a paid plan.
• Promotional offers (such as brand ambassador trials) are subject to separate terms communicated at the time of the offer.

1.7 Platform Features

YBP provides the following features to business clients (feature availability varies by subscription tier):

• Online appointment booking and scheduling
• Staff and employee management (including shift requests and franchise staff borrowing)
• Client loyalty and cashback programs
• Payroll and tip tracking tools
• Analytics and business reporting dashboards
• Branded mobile app add-ons
• AI-powered services including the Zoe.AI virtual receptionist (governed further in Section 5)
• WhatsApp chatbot automation

1.8 Intellectual Property

• All software, designs, algorithms, branding, logos, text, UI/UX, and content on YBP are the exclusive intellectual property of YourBookingPlatform or its licensors.
• You are granted a limited, non-exclusive, non-transferable, revocable licence to use the platform for your own internal business purposes only.
• You may not copy, redistribute, resell, sublicense, or create derivative works without prior written approval.
• User-submitted content (e.g. business details, service menus, client records) remains your property. By submitting it, you grant YBP a limited licence to process and display it solely to operate the platform on your behalf.

1.9 Service Availability

• YBP aims for high availability but does not guarantee uninterrupted, error-free service.
• Scheduled maintenance will be communicated with advance notice where possible.
• YBP is not liable for service disruptions caused by third-party infrastructure, internet outages, or force majeure events.

1.10 Third-Party Services

YBP integrates with third-party services (e.g. payment processors, SMS providers, calendar tools, Meta/Google advertising platforms). Use of such services is governed by the respective third party's own terms and privacy policies. YBP is not responsible for third-party actions or data handling.

1.11 Suspension and Termination

• YBP may suspend or terminate your account immediately upon detection of: fraudulent activity, violation of these terms, non-payment, misuse of AI features, or unlawful activity.
• You may close your account at any time. Your data will be handled per our Data Retention Policy (Section 2.7).
• In the event of termination by YBP for cause, no refund will be provided for unused subscription time.

1.12 Limitation of Liability

• YBP is not liable for indirect, consequential, incidental, special, or punitive damages, including loss of profits, revenue, data, goodwill, or business opportunities.

1.13 Disclaimer of Warranties

The platform is provided "as is" and "as available." YBP makes no representations or warranties, express or implied, regarding the platform's fitness for a particular purpose, accuracy, completeness, or reliability — beyond what is required by applicable consumer law.

1.14 Indemnification

You agree to indemnify, defend, and hold harmless YBP and its directors, employees, and agents from any claims, liabilities, damages, or expenses (including legal fees) arising from: your use of the platform, your violation of these terms, your data or content, or your infringement of third-party rights.

1.15 Governing Law and Dispute Resolution

• These Terms are governed by the laws of the Netherlands and applicable European Union regulations, including GDPR.
• For users outside the EU: local mandatory consumer protection laws in your jurisdiction may also apply.
• Disputes should first be referred to support@yourbookingplatform.com for informal resolution.
• If unresolved, disputes will be submitted to the competent courts of the Netherlands, unless otherwise required by mandatory local law.
• EU consumers may use the EU Online Dispute Resolution platform: https://ec.europa.eu/consumers/odr

2.1 Who We Are

YourBookingPlatform ("YBP") is a SaaS platform operated from the Netherlands. For the purposes of data protection law, YBP acts as:

• Data Controller — for personal data we collect and use for our own operational and business purposes (e.g. account management, billing, marketing to our business clients).
• Data Processor — when processing personal data on behalf of businesses using our platform (e.g. their clients' booking history, contact details).

2.2 What Personal Data We Collect

2.2.1 Data You Provide Directly

• Business registration details: name, company name, email, phone number, address, VAT number
• Payment and billing information (processed by our payment provider; we do not store card numbers)
• Service menus, pricing, staff profiles, and business settings you upload
• Support communications and feedback

2.2.2 Data We Collect Automatically

• IP address, device type, browser, and operating system
• Platform usage data: pages visited, features used, session duration
• Cookies and tracking technologies (see Section 4)
• Log files and error reports

2.2.3 End-Customer Data (Processed on Behalf of Businesses)

When end customers book through a business using YBP, we process on behalf of that business:

• Name, phone number, email address
• Booking history, service preferences, loyalty points
• Notes added by the business about the client
• Payment status and tip history
• Any other data the business enters for their client records

For this data, the business using YBP is the Data Controller. YBP acts as Data Processor under a Data Processing Agreement (see Section 3).

2.2.4 AI Receptionist Data (Zoe.AI)

• Inbound and outbound communication content (e.g. chat messages, booking requests)
• AI-generated responses and conversation logs
• Client intent data used to automate booking actions

All AI processing is conducted on documented instructions from the business and in accordance with our AI Data Processing Addendum (available on request).

2.3 Lawful Basis for Processing (GDPR)

2.4 How We Share Your Data

YBP does not sell personal data. We may share data with:

• Payment processors — for billing and subscription management
• Cloud hosting and infrastructure providers — to operate the platform securely
• Email and SMS providers — to deliver notifications and booking confirmations
• Analytics providers — using anonymised or pseudonymised data
• AI service providers (Zoe.AI) — under strict data processing agreements
• Legal authorities — when required by law, court order, or to protect rights and safety

2.5 International Data Transfers

• YBP is based in the Netherlands and primarily operates within the European Economic Area (EEA).
• Where data is transferred outside the EEA (e.g. US-based providers), we rely on EU Standard Contractual Clauses (SCCs), adequacy decisions, or other approved mechanisms under GDPR Chapter V.
• For UK users, transfers comply with UK GDPR and the UK International Data Transfer Agreement (IDTA).

2.6 Data Security

• YBP implements industry-standard technical and organizational security measures: encryption in transit (TLS) and at rest, role-based access controls, regular security assessments, and staff training.
• Passwords are stored using secure hashing algorithms; we never store plaintext passwords.
• In the event of a personal data breach, YBP will notify relevant supervisory authorities within 72 hours where required by GDPR, and affected individuals without undue delay where the breach poses a high risk.

2.7 Data Retention

• Account data is retained for the duration of the subscription and up to 3 years after account closure for legal, audit, and dispute resolution purposes.
• End-customer booking records are retained per the business client's instructions and applicable statutory requirements.
• Financial and transaction records are retained for 7 years to comply with Dutch and EU tax law.
• AI conversation logs (Zoe.AI) are retained for up to 90 days unless the business requests shorter retention.
• Upon account deletion, identifiable personal data is erased or anonymised, except where legal obligations require retention.

2.8 Your Rights (GDPR & Global)

To exercise any of these rights, contact: support@yourbookingplatform.com. We will respond within 30 days (extendable by 2 months for complex requests). We may need to verify your identity before processing your request.

2.9 California Privacy Rights (CCPA / CPRA)

• We collect the categories of personal information listed in Section 2.2 above.
• We do not sell or share personal information for cross-context behavioral advertising.
• You have the right to know, delete, correct, opt-out, and non-discrimination as outlined in the rights table above.
• Sensitive personal information (e.g. payment data) is processed only for the purpose for which it was provided.
• To submit a CCPA request, contact: support@yourbookingplatform.com

2.10 Children's Privacy

YBP is not directed at children under 16. We do not knowingly collect personal data from children under 16. If we become aware of such data being collected, we will delete it promptly. Business clients are responsible for ensuring their use of YBP complies with applicable age restrictions.

3.1 Roles and Responsibilities

• YBP acts as Data Processor when processing personal data on behalf of business clients.
• The business client acts as Data Controller and is responsible for ensuring a lawful basis for processing their clients' personal data.
• The business client warrants that they have the authority to instruct YBP to process personal data on their behalf.

3.2 Processing Instructions

• YBP will process personal data only on documented instructions from the business client, including as set out in the agreed service description and these Terms.
• YBP will promptly inform the business client if any instruction is believed to infringe applicable data protection law.

3.3 Confidentiality

• All YBP personnel authorized to process personal data are bound by confidentiality obligations.
• Staff access to personal data is limited to what is necessary for their role (principle of least privilege).

3.4 Security Measures

• Encryption of data in transit and at rest
• Multi-factor authentication for platform access
• Regular vulnerability assessments and penetration testing
• Incident response and breach notification procedures
• Staff training on data protection and security

3.5 Sub-Processors

• YBP may engage sub-processors including: cloud hosting, email delivery, payment processing, analytics, and AI infrastructure.
• An up-to-date sub-processor list is available at yourbookingplatform.com/legal or upon request.
• YBP will notify business clients at least 14 days in advance of any new sub-processor.
• All sub-processors are bound by data protection obligations no less protective than those in this DPA.

3.6 Security Incident Notification

• In the event of a personal data breach, YBP will notify the affected business client without undue delay (within 72 hours of becoming aware).
• Notifications will include: nature of the breach, categories and approximate number of individuals affected, likely consequences, and measures taken or proposed.

3.7 Deletion and Return of Data

• Upon termination, YBP will, at the business client's choice, delete or return all personal data within 30 days of account closure.
• Retention may be extended only where required by applicable law.

3.8 Audits

• YBP will make available all information necessary to demonstrate compliance with this DPA.
• YBP will allow and contribute to audits or inspections conducted by the Controller or a mandated auditor, subject to reasonable advance notice and confidentiality obligations.

4.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our website or use our platform. Similar technologies include web beacons, pixels, local storage, and session storage — all governed by this policy.

4.2 Categories of Cookies

4.2.1 Strictly Necessary

• Session authentication and login persistence
• Security tokens and CSRF protection
• User preferences during an active session

4.2.2 Performance & Analytics

• Page visit frequency and duration (aggregated, anonymised where possible)
• Feature usage statistics and error/performance logging

4.2.3 Functionality

• Language and region preferences
• Dashboard layout and customisation settings
• Notification preferences

4.2.4 Marketing & Targeting

• Meta (Facebook) Pixel — ad measurement and retargeting
• Google Analytics / Google Ads — website analytics and ad performance
• Audience segment building for re-targeting

Marketing cookies are only placed with your explicit consent where required by law (EU ePrivacy Directive).

4.3 Managing Cookie Consent

• Upon first visiting our website, you will be presented with a cookie consent banner compliant with the EU ePrivacy Directive and GDPR.
• You can accept all, reject non-essential cookies, or customise preferences at any time.
• To withdraw consent, use our cookie preference centre in the website footer.
• You can also manage cookies through your browser settings. Disabling certain cookies may impair platform functionality.

5.1 What Is Zoe.AI?

Zoe.AI is YBP's AI-powered virtual receptionist. It communicates with end customers on behalf of a business, handles booking enquiries, answers service questions, and processes appointment requests automatically. Zoe.AI is a premium feature available on eligible subscription plans.

5.2 How Zoe.AI Processes Data

• Zoe.AI processes inbound and outbound client communications, including chat messages and booking requests.
• Conversations may be stored for up to 90 days to enable AI improvement and quality assurance, unless a shorter period is requested.
• Businesses are responsible for disclosing to their clients that AI is being used in communications, where required by applicable law.
• Zoe.AI must not be used to process sensitive personal data (e.g. health information) without specific consent and appropriate safeguards.

5.3 AI Accuracy & Limitations

• Zoe.AI is designed to assist but may occasionally produce inaccurate or incomplete responses. Business clients are responsible for monitoring AI outputs.
• YBP does not warrant that AI-generated responses are always accurate or suitable for every situation.
• Business clients should ensure a human review process is in place for sensitive communications.

5.4 AI Ethics & Prohibited Uses

• Zoe.AI must not be used to deceive, manipulate, or harm end customers.
• Automated decisions that significantly affect individuals must comply with GDPR Article 22 (right to human review).
• YBP reserves the right to disable AI features on accounts found to be misusing them.

5.5 WhatsApp Automation

• Businesses must comply with WhatsApp's Business Policy and Meta's platform terms.
• End customers must have opted in to receive automated messages from the business via WhatsApp.
• Automated messages must include a mechanism for the customer to reach a human or opt out.

6.1 Prohibited Uses

You must not use YBP to:

• Process illegal transactions or facilitate money laundering
• Collect or process personal data without appropriate legal authority or consent
• Discriminate against individuals based on protected characteristics
• Send spam, unsolicited marketing, or bulk messages without proper consent
• Impersonate another business, individual, or YBP itself
• Circumvent subscription tier restrictions or access features you have not paid for
• Use AI features to generate harmful, discriminatory, illegal, or deceptive content

6.2 Consequences of Violation

• YBP reserves the right to immediately suspend or permanently terminate accounts found in violation of this AUP.
• In serious cases, YBP may report unlawful activity to relevant authorities.
• YBP is not liable for any loss or damage arising from enforcement action taken under this policy.

7.1 Contact YBP

7.2 Dutch Data Protection Authority (AP)

• Autoriteit Persoonsgegevens — https://www.autoriteitpersoonsgegevens.nl
• Phone: +31 88 1805 250

7.3 UK Information Commissioner's Office (ICO)

• Website: https://ico.org.uk — Phone: 0303 123 1113

7.4 US Users (CCPA & State Privacy Laws)

California residents and residents of other US states with applicable privacy laws (e.g. Virginia CDPA, Colorado CPA, Texas TDPSA) may exercise their rights by contacting support@yourbookingplatform.com.

• YBP may update these policies at any time to reflect changes in law, platform features, or business practices.
• Material changes will be notified via email, in-platform notification, or prominent website notice at least 14 days before taking effect.
• Continued use of the platform after the effective date of changes constitutes acceptance.
• Previous versions of this document are archived and available upon request.
• The current version is always available at: https://yourbookingplatform.com/legal