Privacy Policy

Last updated: June 2026

This Policy explains how [Legal Entity Name] (UEN [________]) ("Bookly", "we") collects, uses, discloses and protects your personal data when you use Bookly, in line with Singapore's Personal Data Protection Act (PDPA). By using Bookly, you consent to the practices described here.

1. Data we collect

Account data: your name, email and mobile number, and a hashed password. Business data you upload: company details and the documents you provide (bank and card statements, receipts, invoices, payroll) and the figures derived from them. Payment data: handled by Stripe — we receive billing status and invoices, but we never see or store your full card number. Usage & device data: log data, basic analytics and, with your consent, advertising identifiers.

2. How we use your data

To provide and operate the Service (read and categorise your documents, generate reports), manage your account and subscription, provide support, send service and verification emails, prevent abuse and fraud, comply with legal obligations, and — with consent — measure and improve our marketing.

3. Who we share it with (sub-processors)

We share data only as needed to run the Service, with providers bound to protect it: Anthropic (AI document reading), Stripe (payments), Supabase(database & file storage), Vercel (application hosting), Resend (transactional email), and — only with your consent — Meta, TikTok and Google (advertising measurement). We do not sell your personal data.

4. Cookies & tracking

We use essential cookies to keep you signed in. Analytics and advertising cookies (Meta/TikTok/Google) load only after you accept them in our consent banner; you can decline, and declining does not affect core functionality.

5. International transfer

Some of our sub-processors store or process data outside Singapore. Where we transfer personal data overseas, we take steps intended to ensure a comparable standard of protection as required by the PDPA.

6. Retention

We keep your data for as long as your account is active. After you cancel, a read-only grace period applies, after which your business data is deleted. We may retain limited records where required by law.

7. Security

We use reasonable technical and organisational measures to protect your data, including encrypted transport, hashed passwords and access controls. No method of transmission or storage is completely secure.

8. Your rights

Subject to the PDPA, you may request access to or correction of your personal data, and withdraw consent for non-essential processing (e.g. advertising). You can also export or delete your data from within the app. To make a request, contact us below.

9. Children

Bookly is for businesses and is not directed at individuals under 18.

10. Changes

We may update this Policy; material changes will be notified by reasonable means. The "last updated" date above shows the latest version.

11. Contact

Data protection queries and PDPA requests: [support email] (Data Protection Officer: [name]).