BookMe

Privacy Policy

Last updated: 31 May 2026

BookMe (“BookMe,” “we,” “us,” or “our”) operates a service reservation platform that connects customers with local shops in the Philippines. This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, and the rights you have under the Philippine Data Privacy Act of 2012 (Republic Act No. 10173, the “DPA”) and its implementing rules and regulations.

By creating an account or otherwise using BookMe, you confirm that you have read and understood this Privacy Policy.

1. Who we are

The platform is operated by [Legal entity name], with registered office at [Registered address]. For privacy-related questions you may contact our Data Protection Officer at [dpo@bookme.example].

2. Information we collect

2.1 Information you provide

  • Account details — name, email address, mobile number, password (stored hashed), profile photo, and role (customer or shop owner).
  • Shop details (shop owners only) — shop name, description, address and coordinates, opening hours, services and pricing, staff names, photos.
  • Booking details — the shop, service, date, time, party size, and any notes you include with a reservation.
  • Support and chat content — messages you send through in-app chat or support tickets, including any attachments.
  • Reviews and ratings — content you post about shops you have visited.

2.2 Information collected automatically

  • Device and log data — IP address, browser/user-agent, pages viewed, and timestamps, used for security, debugging, and abuse prevention.
  • Approximate location — derived from IP, or precise location if you explicitly grant your browser the permission, used only to surface nearby shops. We do not store continuous location history.
  • Cookies and similar technologies — session cookies for authentication and a small number of preference cookies. We do not currently use third-party advertising cookies.

2.3 Information from third parties

If a payment processor is enabled in the future (see Section 5), we may receive transaction confirmations and limited payer details from that processor. We do not store full card numbers.

3. How we use your information

  • To create and manage your account and authenticate you when you log in.
  • To allow shops to fulfil your reservations, including showing the shop your name, contact number, and booking details.
  • To send transactional messages — booking confirmations, reminders, status changes, password resets, and security notices — by email or in-app notification.
  • To provide customer support and respond to your enquiries.
  • To detect, investigate, and prevent fraud, abuse, and violations of our Terms.
  • To improve the service, including aggregated analytics that do not identify you.
  • To comply with legal, tax, accounting, and regulatory obligations.

4. Legal bases for processing

Under the DPA we rely on one or more of the following bases:

  • Contract — to perform the reservation service you have requested.
  • Consent — for optional features such as marketing emails or precise location, which you may withdraw at any time.
  • Legitimate interests — to keep the platform secure, prevent fraud, and improve the product, provided your rights and freedoms do not override these interests.
  • Legal obligation — to comply with applicable Philippine law and lawful requests from authorities.

5. Payments

At present, all reservations on BookMe are paid directly to the shop on arrival. We do not process payments through the platform and do not collect card details.

In the future we plan to offer optional online payment through PayMongo, a licensed Philippine payment service provider. When that is enabled, your payment details will be provided directly to PayMongo and will be handled under PayMongo’s privacy notice and applicable card-network rules. We will receive a transaction reference and status only.

6. How we share information

We do not sell personal information. We share information only as follows:

  • With the shop you book with — your name, contact number, and booking details, so the shop can prepare for and contact you about the reservation.
  • With service providers — including our cloud hosting and email delivery provider (Amazon Web Services, including SES), under contracts that require them to protect your information and process it only on our instructions.
  • With payment processors — once online payments are enabled, with PayMongo as described above.
  • With authorities — when we are legally required to do so, or to protect the rights, property, or safety of users or the public.
  • In a corporate transaction — if BookMe is involved in a merger, acquisition, or sale of assets, information may be transferred subject to the same protections set out here.

7. International transfers

Our infrastructure runs in the AWS Asia Pacific (Singapore) region. Limited operational data (for example, system logs and support correspondence) may be accessed from other countries by our service providers. Where personal information is transferred outside the Philippines we take steps required by the DPA to ensure a comparable level of protection.

8. How long we keep information

  • Account data is kept while your account is active and for up to 24 months after deletion or prolonged inactivity, to handle disputes and meet regulatory obligations.
  • Booking records are retained for at least 10 years where required by Philippine tax and accounting law.
  • Support tickets and chat messages are retained for up to 24 months.
  • Backups are overwritten on a rolling schedule, typically within 35 days.

9. Your rights under the DPA

Subject to the limits of the law, you have the right to:

  • be informed of the processing of your personal data;
  • access your personal data and obtain a reasonable copy;
  • request correction of inaccurate or incomplete data;
  • object to processing or withdraw consent where consent is the basis;
  • request erasure or blocking of data that is unlawful, unnecessary, or outdated;
  • request data portability in a structured, commonly-used electronic format;
  • be indemnified for damages caused by inaccurate or unlawful processing; and
  • lodge a complaint with the National Privacy Commission (https://privacy.gov.ph).

To exercise any of these rights, email [dpo@bookme.example]. We may need to verify your identity before acting on the request.

10. Security

We use industry-standard technical and organisational measures to protect personal information, including TLS encryption in transit, encrypted backups, hashed passwords, role-based access control, and audit logging of administrative actions. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

11. Children

BookMe is not directed at children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced in the app or by email at least 14 days before they take effect. The “Last updated” date at the top reflects the latest version.

13. Contact

Questions, requests, or complaints about this policy can be sent to [support@bookme.example] or, for privacy-specific matters, to our Data Protection Officer at [dpo@bookme.example].