Skip to content
BookzyrBOOKZYR
Start free now

Privacy Policy

Last updated: 10 May 2026 · Draft pending legal review

Who we are

Bookzyr ("we", "us") is the operator of the Bookzyr booking platform. This policy explains how we handle personal information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

What we collect

For salon owners and staff: name, email, phone, role, payment method (token only — full card details stay with our processor). For end customers booking through a Bookzyr-powered shop: name, email, phone, appointment history, optional notes set by the operator. We do not collect sensitive information (health, biometrics, etc.) unless the operator's intake form specifically captures it for compliance reasons (e.g. skin tests).

How we use it

To run the booking platform: confirm appointments, send reminders, process payments, generate reports, support staff and customers. We do not sell personal information. We use de-identified aggregate data to improve the product.

Who we share it with

Service providers we rely on (payment processor, email/SMS delivery, cloud hosting), bound by contract to handle your data only on our instructions. The shop you booked with sees your name + contact + appointment history — that's the point of the service. We never share with marketers or data brokers.

Storage & security

Data is hosted in Australia (AWS Sydney region). Backups are encrypted at rest. Access by Bookzyr staff is role-gated and audit-logged. Card data does not touch our servers — it goes directly to our processor (Tyro / Stripe), tokenised on return.

Your rights

You may request access to, correction of, or deletion of your personal information at any time. Account holders can use the "Export my data" button in /account; non-account requests email privacy@bookzyr.com. We aim to respond within 30 days.

Cookies

We use a small number of cookies for authentication and session management. We do not use third-party advertising cookies.

Data breach

If a breach is likely to cause serious harm we will notify affected individuals and the OAIC under the Notifiable Data Breaches scheme.

Children

The Service is not directed at people under 16. Operators who collect minors' data via their own intake forms are responsible for parental consent.

Changes

Material changes will be notified by email or in-app at least 14 days before they take effect.

Contact

Privacy enquiries: privacy@bookzyr.com.