Privacy Policy

Last updated: [DATE]

1. Introduction

booteek AI Limited Limited ("Company", "we", "us", "our") operates the booteek platform ("Service"). This Privacy Policy explains how we collect, use, process, and protect your personal data when you use our Service.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller: booteek AI Limited Limited

Registration: England and Wales, Company Number: 13426132

Address: 71-75 Shelton Street, London WC2H 9JQ

Contact: [email protected]

2. Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract Performance: To provide our Service and fulfill our contractual obligations
  • Legitimate Interests: To improve our Service, prevent fraud, and ensure security
  • Legal Obligation: To comply with applicable laws and regulations
  • Consent: Where explicitly provided for specific processing activities

3. Data We Collect

3.1 Information You Provide Directly

  • Account Information: Name, email address, phone number, business name
  • Business Profile Data: Restaurant type, location, staff information (non-personal aggregated data only)
  • Payment Information: Processed by Stripe (we do not store full payment card details)
  • Communication Data: Support messages, feedback, and correspondence

3.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent, click patterns
  • Device Information: IP address, browser type, operating system, device identifiers
  • Performance Data: Service performance metrics, error logs (anonymized)

3.3 Third-Party Integrations

  • Google Business Profile Data: Business information, reviews, ratings (with your authorization)
  • Analytics Data: Website usage statistics (anonymized where possible)

3.4 Data We Do NOT Collect

  • Customer Personal Data: We do not collect or store your customers' personal information from reviews
  • Sensitive Data: We do not intentionally collect sensitive personal data categories
  • Employee Personal Data: We collect only aggregated, non-personal team metrics

4. How We Use Your Data

4.1 Service Provision

  • Provide and maintain the booteek platform
  • Process your requests and transactions
  • Generate AI-powered insights and recommendations
  • Integrate with your Google Business Profile and other authorized platforms

4.2 Service Improvement

  • Analyze usage patterns to improve features
  • Develop new functionalities and services
  • Conduct research and analytics (using anonymized data)
  • Train and improve our AI models (using non-personal data only)

5. Data Security

5.1 Technical Measures

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Infrastructure Security: Industry-standard cloud security practices
  • Regular Updates: Security patches and system updates

5.2 Organizational Measures

  • Staff Training: Regular data protection and security training
  • Access Limitation: Access to personal data limited to authorized personnel only
  • Incident Response: Documented procedures for security incident response
  • Vendor Management: Due diligence on all data processors

6. Your Data Protection Rights

Under GDPR, you have the following rights:

Right of Access

Request confirmation of data processing and obtain a copy of your personal data

Right to Rectification

Correct inaccurate personal data and complete incomplete personal data

Right to Erasure

Request deletion of your personal data in certain circumstances

Right to Data Portability

Receive your data in a structured, commonly used format

Right to Object

Object to processing based on legitimate interests or direct marketing

Right to Restrict Processing

Limit how we process your data in certain situations

Exercising Your Rights

To exercise any of these rights:

  • Email us at [email protected]
  • Include your name, email address, and specific request
  • We will respond within one month (may be extended to three months for complex requests)

7. Data Retention

Retention Periods

  • Account Data: Retained while your account is active plus 3 years after closure
  • Usage Data: Retained for 2 years for service improvement purposes
  • Payment Data: Retained for 7 years for tax and accounting purposes
  • Marketing Data: Retained until consent is withdrawn

8. International Data Transfers

When transferring data outside the UK/EEA, we ensure adequate protection through:

  • Adequacy Decisions: Transfers to countries with adequate protection findings
  • Standard Contractual Clauses: EU-approved contract terms for data protection
  • Certification Schemes: Providers with recognized data protection certifications

9. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential: Required for Service functionality
  • Performance: Analytics to improve user experience
  • Functional: Remember your preferences and settings
  • Marketing: Deliver relevant advertisements (with consent)

10. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have violated data protection laws:

UK: Information Commissioner's Office (ICO)

Website: ico.org.uk

Phone: 0303 123 1113

11. Contact Information

For privacy-related questions or to exercise your rights:

Privacy Team

booteek AI Limited Limited

Email: [email protected]

Address: 71-75 Shelton Street, London WC2H 9JQ

Phone: [PHONE NUMBER]

We will respond to all privacy inquiries within one month.

This Privacy Policy is effective as of [DATE] and applies to the booteek platform operated by booteek AI Limited Limited.