Privacy Policy
1. Who we are
BookDone is operated by CPIX Pty Ltd (ABN 24 643 221 630) trading as BookDone ("BookDone", "we", "us"). We build and host booking pages for Australian service businesses and connect them to those businesses' Google listings. We handle personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
2. What we collect, and from whom
We handle personal information about three groups of people:
| Who | What we collect | How we get it |
|---|---|---|
| Business owners (our customers and prospects) | Name, business name, email, phone, Google listing link, services, prices, hours, service area, and the content you supply for your page (photos, logo, text). | From you — through our enquiry form, onboarding intake, email, or phone. For outreach, we may also use publicly available business information (for example, from your public Google Maps listing). |
| Your customers (people who book through a page we host) | Name, contact details, requested service and time, and any message they type — including questions asked to the page's AI assistant. | From them, when they make a booking request or use the chat on your page. We collect this on your behalf, to relay it to you. |
| Website visitors | Standard analytics data — pages viewed, approximate location, device type — via Google Analytics cookies. No account, no identity. | Automatically, when you browse the site. |
Payment card details are never collected or seen by us. Payments are processed by Stripe; card information goes directly to Stripe and stays there.
3. Why we collect it
- To build, host and maintain your booking page, and to configure its AI assistant.
- To relay booking requests: notify the business by email/SMS and acknowledge the customer.
- To manage plans, billing and support.
- To respond to enquiries from prospective customers.
- To understand how our site is used and improve it (analytics).
- To meet legal obligations.
We do not sell personal information. We do not use booking customers' details for our own marketing, and we do not market to them at all — messages they receive are transactional acknowledgments of their own booking, sent on the business's behalf.
4. Who we share it with
Only the service providers needed to run BookDone, and only for the purposes above:
- Cloudflare — website and page hosting.
- Google Cloud — our application backend and database (hosted in the Sydney, Australia region), and Google Analytics.
- Stripe — payments and billing.
- Resend — transactional email delivery.
- ClickSend — transactional SMS delivery.
Booking details are shared with the business you booked with — that's the point of the service. Some providers (for example Cloudflare, Stripe, Resend) process data on infrastructure outside Australia, including the United States. Where that happens, we rely on providers who commit to recognised data-protection standards. We may also disclose information where the law requires it.
5. Storage, security and retention
- All pages and services are served over HTTPS; data is encrypted in transit.
- Our database runs in Google Cloud's Sydney region with access restricted to our backend service — it is not publicly accessible.
- Onboarding intake drafts are automatically deleted after 30 days. Other information is kept only as long as needed to provide the service or as the law requires, then deleted.
- We apply rate limits, input sanitisation and sending controls to prevent misuse of our messaging systems.
- No internet service can promise perfect security, but if a data breach occurs that is likely to result in serious harm, we will notify affected people and the OAIC as required by the Notifiable Data Breaches scheme.
6. Booking data belongs to the business you booked
When you book through a page we host, your booking details are passed to that business, and the customer relationship is with them. How they use your details after that (for example, their own reminders or marketing) is governed by their practices — direct requests about that use to them. We keep only what's needed to operate the relay, under this policy.
7. Cookies and analytics
We use Google Analytics (GA4) to understand site usage — which pages are viewed and roughly where visitors come from. This uses cookies. You can block cookies in your browser settings; the site works without them. We don't run advertising trackers.
8. Access, correction and deletion
You can ask us at any time to see the personal information we hold about you, to correct it, or to delete it — email [email protected]. We respond within 30 days. Business customers can also request a copy of their business information within 30 days of cancelling, as described in our Terms of Service. We may need to keep some records where the law requires (for example, billing records).
9. Complaints
If you think we've mishandled your personal information, email us first — we take it seriously and will respond within 30 days. If you're not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
10. Changes to this policy
If we change this policy, we'll update this page and the date at the top. For material changes affecting our business customers, we'll also give notice by email.
Questions about privacy: [email protected] · See also our Terms of Service