Last updated: 2026-07-05
Booknz Privacy Policy
This Privacy Policy explains how Booknz Inc. ("Booknz", "we", "us", or "our") collects, uses, shares, keeps, and protects personal information for Booknz's mobile-first booking and business-management platform.
Booknz is a federally incorporated Canadian company launching GTA-first in Ontario. Booknz is used by independent beauty and personal-care professionals ("Professionals") and by clients who book with them through mobile web booking links ("Clients").
This policy is written for Canadian privacy law, including PIPEDA as the federal baseline. It is also intended to support Quebec Law 25 and to be forward-compatible with the proposed federal Consumer Privacy Protection Act by using privacy-by-design, meaningful consent, individual rights, breach notification, and cross-border transfer transparency.
Account Deletion Requests
This section explains how users of the Booknz app and Booknz platform can request deletion of their account and associated data.
To request deletion of a Booknz Professional account:
- email support@booknz.ca with the subject "Booknz account deletion request";
- send the request from the email address connected to your Booknz account, or include the email address and business name used for the account;
- state that you want Booknz to delete your account and associated data; and
- respond to any reasonable identity-verification or ownership checks we send before completing the request.
When a Professional account deletion request is approved, Booknz will delete, de-identify, or restrict access to account data that is no longer needed to provide the service. This generally includes Professional profile information, booking-page content, portfolio photos hosted by Booknz, availability settings, service settings, client-management records controlled by the Professional, notification preferences, and routine app usage data associated with the account.
Booknz may keep some information after account deletion where reasonably required or allowed for legal, tax, accounting, security, fraud-prevention, payment, dispute-resolution, backup, or compliance purposes. Retained records may include invoices, subscription records, Stripe and payment metadata, payout records, tax or accounting records, security logs, support communications, legal notices, dispute records, and records needed to honor consent, unsubscribe, or deletion choices. Financial, tax, invoice, subscription, Stripe metadata, and legal records may be kept for at least six years where required or appropriate for Canadian business-record obligations. Information deleted from active systems may remain in backups until those backups expire through the normal backup cycle, which Booknz generally aims to rotate or overwrite within 90 days unless a longer period is needed for security, disaster recovery, legal hold, investigation, or compliance.
For Client information controlled by a Professional, Booknz may need to direct the request to the Professional or work with the Professional to complete it, unless Booknz is legally required to act directly.
1. Our Privacy Roles
1.1 Booknz has different privacy roles depending on the information.
1.2 For information a Professional collects about their own Clients through Booknz, the Professional is the controller or organization responsible for that information. This may include Client contact information, booking history, service notes, preferences, addresses, house-call instructions, allergies, skin or scalp conditions, and photos or portfolio-related information. Booknz processes that information as the Professional's service provider or processor.
1.3 For Professional account information, subscription and billing relationship information, platform analytics, support communications, security logs, product usage data, and Booknz-operated business records, Booknz is the controller or organization responsible for that information.
1.4 If you are a Client and want to access, correct, delete, or restrict information a Professional keeps about you, you may need to contact the Professional directly. Booknz will help where the information is stored in Booknz or where we are legally required to respond.
2. Personal Information We Collect
2.1 From Professionals, we may collect:
- name, email address, phone number, login details, and account information;
- business profile information, services, pricing, availability, service areas, house-call settings, travel zones, travel fees, and portfolio content;
- subscription, billing, payment status, invoice, and Stripe-related information;
- client lists, booking history, notes, and messages entered by the Professional;
- revenue tracking data and appointment records;
- support requests and communications with Booknz;
- device, browser, IP address, usage, diagnostic, security, and log information; and
- consent, preference, notification, and marketing settings.
2.2 From Clients, we may collect:
- name, email address, phone number, booking details, selected service, appointment time, and booking status;
- address, building access instructions, parking instructions, and other details for house calls;
- client notes, preferences, allergies, skin or scalp conditions, accessibility needs, or other appointment notes provided by the Client or entered by the Professional;
- deposit and payment-related metadata for payments processed through Stripe Connect;
- SMS/email reminder preferences and communication records;
- device, browser, IP address, usage, diagnostic, security, and log information; and
- support requests and communications with Booknz.
2.3 Deposits are processed through Stripe Connect and routed to the Professional's connected Stripe account. Booknz does not store full payment card numbers, bank account numbers, CVV codes, or other sensitive payment credentials. Stripe stores and processes payment data. Booknz may receive and store limited payment metadata needed to operate the platform, such as Stripe customer, account, payment, transfer, payout, invoice, subscription, dispute, refund, status, amount, and timestamp identifiers or records.
2.4 Booknz does not decide whether a Client is legally eligible to receive a specific service. Professionals are responsible for service-specific age, capacity, consent, parental or guardian consent, licensing, health, safety, hygiene, and aftercare requirements. If age or consent information is collected for a booking, the Professional is responsible for collecting and using it with appropriate consent and legal authority.
3. Sensitive Personal Information
3.1 Some information entered into Booknz may be sensitive personal information.
3.2 Client notes may be sensitive if they include allergies, skin or scalp conditions, medication-related concerns, accessibility needs, body-related information, tattoo details, location safety information, or other health, identity, or personal details.
3.3 Professionals must collect sensitive Client information only when it is relevant and with appropriate consent.
3.4 Clients should share only information they are comfortable sharing and that is relevant to the appointment.
3.5 Booknz uses sensitive information only for the purposes described in this policy, to provide the platform, to support the Professional-Client booking relationship, to meet legal obligations, and to protect the platform.
4. How We Use Personal Information
4.1 We use personal information to:
- create, operate, secure, and support Professional accounts;
- provide booking, availability, client-management, deposit, revenue-tracking, portfolio, reminder, rebooking, and house-call features;
- display Professional booking pages and portfolio content;
- send transactional booking confirmations, reminders, cancellations, rescheduling notices, account notices, payment notices, and security notices;
- process Professional subscriptions through Stripe;
- support deposits and related payment workflows, once finalized;
- provide customer support;
- troubleshoot, debug, secure, and improve Booknz;
- detect, prevent, and investigate fraud, spam, abuse, security incidents, and policy violations;
- comply with legal, tax, accounting, corporate, regulatory, and dispute-resolution obligations; and
- send promotional messages only where we have the required consent.
5. Consent
5.1 We seek meaningful consent for the collection, use, and disclosure of personal information.
5.2 Consent may be express, such as checking a box, clicking an acceptance button, signing up, subscribing, opting in to promotional messages, or entering information into Booknz.
5.3 Consent may be implied where the purpose is obvious and reasonable, such as using a phone number or email address to send booking confirmations and reminders for an appointment.
5.4 Sensitive information usually requires stronger consent. Professionals are responsible for getting appropriate consent before entering sensitive Client notes.
5.5 You may withdraw consent where allowed by law. If you withdraw consent that is needed to provide Booknz, some features may stop working.
6. SMS, Email, CASL, and Marketing
6.1 Booking confirmations, reminders, rescheduling notices, cancellation notices, payment-related messages, account notices, and security messages are transactional or service messages.
6.2 Promotional email or SMS messages require express opt-in unless another lawful basis clearly applies.
6.3 Promotional messages will include identification information and a working unsubscribe method.
6.4 You may unsubscribe from promotional messages at any time. Unsubscribing from promotional messages does not stop transactional booking, account, payment, security, or service messages.
6.5 Booknz may use third-party SMS and email delivery providers to send transactional and promotional messages. Those providers may process message content, recipient details, delivery status, logs, and related metadata in Canada, the United States, or other countries where they or their infrastructure providers operate. Booknz will keep its current operational provider list available through its privacy contact and will update it before using a materially different provider for production messaging.
7. Analytics, Cookies, and Similar Technologies
7.1 We may use analytics, cookies, SDKs, logs, and similar technologies to operate, secure, measure, and improve Booknz.
7.2 These technologies may include essential cookies, authentication cookies, security cookies, preference cookies, server logs, app or web SDKs, crash and diagnostic tools, product analytics, performance analytics, and Cloudflare-related security or traffic analytics. Booknz does not use sensitive Client notes, allergies, skin or scalp conditions, house-call access notes, or payment credentials for advertising targeting.
7.3 Where required, we will provide consent choices for non-essential cookies, analytics, profiling, or marketing technologies.
8. Portfolio Photos and Client Likeness
8.1 Professionals own the portfolio photos and content they upload to Booknz.
8.2 Professionals give Booknz a licence to host, store, resize, display, transmit, and make that content available through Booknz.
8.3 If a photo includes a Client or another identifiable person, the Professional is responsible for having permission to upload and display it.
8.4 If you believe your likeness appears on Booknz without permission, contact us.
9. When We Share Personal Information
9.1 We share personal information only as needed for the purposes described in this policy or as allowed by law.
9.2 We may share information:
- between a Client and the Professional they book with;
- with Stripe and payment providers for subscriptions, deposits, payment status, fraud prevention, and billing support;
- with Cloudflare for security, performance, and infrastructure;
- with Neon for Postgres database hosting;
- with SMS and email providers for transactional and promotional communications;
- with hosting, monitoring, analytics, support, error-reporting, and security providers;
- with professional advisers such as lawyers, accountants, insurers, and auditors;
- with law enforcement, regulators, courts, or government authorities where required or permitted by law;
- in connection with a financing, merger, acquisition, reorganization, sale of assets, or similar business transaction; and
- with consent or at the direction of the person or organization responsible for the information.
9.3 Current launch providers and provider categories include Stripe for subscriptions, Stripe Connect, billing, payments, fraud prevention, and payment metadata; Cloudflare for security, networking, performance, and infrastructure; Neon for Postgres database hosting; SMS and email delivery providers for communications; and hosting, monitoring, analytics, support, error-reporting, security, legal, accounting, and professional-service providers as needed. Booknz will keep a current subprocessor list available through its privacy contact.
10. Cross-Border Processing
10.1 Booknz is a Canadian company operating GTA-first in Ontario, but some third-party processing may occur outside Canada, including in the United States.
10.2 When information is processed outside Canada, it may be subject to the laws of that jurisdiction.
10.3 Cross-border processing may occur in Canada, the United States, and other countries where Booknz's service providers or their infrastructure providers operate. Booknz uses contractual, technical, and organizational safeguards appropriate to the service, such as service-provider agreements, access controls, confidentiality obligations, security review, and limiting provider access to what is needed to perform the service. Booknz remains responsible for personal information in its custody or under its control, but Professionals remain responsible for Client information they independently collect, export, or process outside Booknz.
11. Retention and Deletion
11.1 We keep personal information only as long as reasonably needed for the purposes described in this policy, unless a longer period is required or allowed by law.
11.2 Booknz generally keeps account, booking, client-management, and platform records while an account is active or while needed to provide the service. After cancellation, deletion, or termination, Booknz may delete, de-identify, or restrict access to information that is no longer needed, while keeping records as reasonably required for legal, tax, accounting, security, fraud-prevention, payment, dispute-resolution, backup, and compliance purposes. Financial, tax, invoice, subscription, Stripe metadata, and legal records may be kept for at least six years where required or appropriate for Canadian business-record obligations. Marketing preferences may be kept as long as needed to honour consent and unsubscribe choices.
11.3 Information deleted from active systems may remain in backups for a limited period until those backups expire through the normal backup cycle. Booknz generally aims to rotate or overwrite backup copies within 90 days, unless a longer period is needed for security, disaster recovery, legal hold, investigation, or compliance.
11.4 You may request account deletion by following the steps in the Account Deletion Requests section near the top of this policy, by using available account settings, or by contacting support@booknz.ca or the privacy officer. Booknz may verify your identity before acting on a deletion request. If approved, Booknz will delete, de-identify, or restrict access to information that is no longer needed, subject to legal, tax, accounting, security, payment, dispute-resolution, backup, and compliance limits. For Client information controlled by a Professional, Booknz may need to direct the request to the Professional or work with the Professional to complete it.
11.5 We may keep information longer where needed for legal, tax, accounting, security, fraud-prevention, dispute-resolution, backup, or compliance purposes.
11.6 For Client information where the Professional is the controller and Booknz is the service provider, deletion may require a request to the Professional unless Booknz is legally required to act directly.
12. Security
12.1 We use administrative, technical, and organizational safeguards appropriate to the sensitivity of the information.
12.2 Booknz uses reasonable administrative, technical, and organizational safeguards designed for a small SaaS platform handling booking and payment-related metadata. These may include encryption in transit, encryption at rest where supported by the service provider, role-based access, least-privilege access, account authentication controls, logging, monitoring, backups, vendor security review, confidentiality obligations, secure development practices, and limiting access to payment credentials by using Stripe rather than storing full card or bank details.
12.3 No system is perfectly secure. You are responsible for keeping your account credentials and devices secure.
12.4 Tell us promptly if you believe your account, device, booking information, or personal information has been compromised.
13. Privacy Breaches
13.1 If we become aware of a privacy breach, we will assess the incident, take steps to contain and reduce harm, keep required records, and notify affected individuals and regulators where required by law.
13.2 Under PIPEDA, this includes reporting to the Office of the Privacy Commissioner of Canada and notifying affected individuals where a breach creates a real risk of significant harm.
13.3 For Quebec, this includes assessing confidentiality incidents and notifying the Commission d'acces a l'information and affected individuals where required.
13.4 If you believe personal information in Booknz has been compromised, contact khadim@booknz.ca or support@booknz.ca. Booknz will assess the report, take reasonable containment steps, document the incident, work with relevant service providers, and notify affected individuals, Professionals, Clients, and regulators where required by law. If the incident involves Client information controlled by a Professional, Booknz may notify and cooperate with the Professional so the Professional can meet their own legal obligations.
14. Your Privacy Rights
14.1 Depending on where you live and what information is involved, you may have rights to:
- access your personal information;
- correct inaccurate or incomplete information;
- withdraw consent where allowed by law;
- request deletion or disposal of information;
- request information about how your information is used and shared;
- request data portability, where available;
- complain to Booknz or a privacy regulator; and
- ask questions about cross-border processing and service providers.
14.2 Where legally required or reasonably available, Booknz will provide portable data in a structured, commonly used format such as CSV or JSON. A Professional may request an export of available account, booking, and client records. A Client may request portable information that Booknz controls directly; where the information is controlled by a Professional, Booknz may direct the request to the Professional or help coordinate the request.
14.3 We may need to verify your identity before responding.
14.4 We may refuse or limit a request where allowed by law, such as where information belongs to another person, must be kept for legal reasons, is subject to privilege, is needed for security or fraud prevention, or is controlled by a Professional rather than Booknz.
15. Privacy by Design
15.1 Booknz aims to build privacy into the product by:
- limiting collection to what is needed for booking and business-management features;
- separating Professional-controlled Client information from Booknz-controlled account and platform information;
- using role-based access where appropriate;
- treating sensitive Client notes with extra care;
- supporting consent and unsubscribe choices;
- using service providers under contractual controls; and
- reviewing privacy risks as new features are designed.
16. Quebec Privacy Notes
16.1 If Quebec privacy law applies, Booknz will provide clear information about collection, purposes, rights, service providers, retention, and the possibility of communication outside Quebec.
16.2 The person responsible for personal information is: Khadim Mbaye, khadim@booknz.ca
16.3 Privacy officer mailing address: 809-55 Mercer Street, Toronto, Ontario, M5V 0W4
16.4 Booknz is launching GTA-first in English. If Booknz offers the platform in Quebec or is otherwise required by law to provide French materials, Booknz will make a French version of this Privacy Policy available. If there is a conflict between language versions, the version required by applicable law will control to the extent of the conflict.
17. Children's and Minor's Information
17.1 The Professional account product is for Professionals who are at least 18 years old.
17.2 Booknz does not decide whether a Client is legally eligible to receive a specific service. Professionals are responsible for service-specific age, capacity, consent, parental or guardian consent, and legal eligibility decisions.
17.3 Professionals must not collect personal information from minors unless they have the required consent and legal authority for the service.
18. Changes to This Policy
18.1 We may update this Privacy Policy from time to time.
18.2 If a change is material, we will give notice using a reasonable method, such as website notice, booking-page notice, email, SMS, account notice, or in-app notice.
18.3 If a change requires consent, we will ask for it.
19. Contact
Legal name: Booknz Inc.
Registered office: 809-55 Mercer Street, Toronto, Ontario, M5V 0W4
Privacy officer: Khadim Mbaye, khadim@booknz.ca
Privacy mailing address: 809-55 Mercer Street, Toronto, Ontario, M5V 0W4
Support: support@booknz.ca
Legal notices: khadim@booknz.ca