This Privacy Policy explains how BUKEEN, a company registered in Ireland with company registration number 777492, whose registered office is at Dublin, Ireland ("Bukeen", "we", "us", "our") collects, uses, shares, and protects personal data when you use the Bukeen mobile application, the bukeen.com website, and all related services (collectively, the "Platform").

If you do not agree with this Privacy Policy, please do not use the Platform.

1) Who This Policy Applies To

This Privacy Policy applies to:

• Service Providers who create an account and list services on Bukeen; and

• Clients who book, or browse services through Bukeen.

It also applies to visitors to bukeen.com who do not have an account.

2) Data Controller and Contact

Bukeen is the data controller of personal data processed through the Platform for Bukeen's own purposes.

Contact details:

• Email (privacy): hello@bukeen.com

• Email (general): hello@bukeen.com

• Email (support): hello@bukeen.com

• Postal: BUKEEN, Dublin, Ireland (Company No. 777492)

Bukeen has not appointed a formal Data Protection Officer (DPO) as it is not currently required to do so under Article 37 GDPR. If this changes, DPO contact details will be added here.

3) Personal Data We Collect

3.1 Data You Provide Directly

Account and profile data (Service Providers and Clients):

• Full name, email address, phone number

• Business name, service category, profile photo, portfolio images (Service Providers)

• Login credentials (stored as hashed/encrypted values, not plain text)

Booking and service data:

• Services selected, booking date and time, add-ons, session notes

• Preferences or instructions submitted during the booking flow

Payment and financial data (where payments are enabled):

• Transaction amounts, deposit amounts, payout preferences

• Bank account details for payouts (handled securely by Stripe — Bukeen does not store full card or bank numbers)

Communications and support:

• Messages and enquiries sent to Bukeen support

• Feedback, reviews, or ratings submitted via the Platform

3.2 Data Collected Automatically

• Device and technical data: device type, model, operating system version, app version

• Log data: IP address, access timestamps, error logs, crash reports, diagnostics

• Usage and interaction data: screens/features accessed, tap/click events, booking funnel progression

• Approximate location derived from IP address (we do not collect precise GPS data unless you explicitly enable location services)

3.3 Data From Third Parties

• Apple App Store / Google Play: subscription status, purchase confirmations, refund events

• Stripe: transaction confirmations, payout status, fraud signals, identity verification status

• Messaging providers (SMS/email): delivery status, bounce events, unsubscribe signals
  
  
  

  
  

4) How We Use Your Data and Our Legal Bases (GDPR)

We process personal data only where we have a valid legal basis to do so under the GDPR (Regulation (EU) 2016/679) and the Irish Data Protection Acts 1988–2023.

4.1 Performance of a Contract (Article 6(1)(b))

We process data where necessary to provide the Platform and fulfil our agreement with you, including:

• Creating and managing user accounts

• Enabling Service Providers to publish Booking Pages and accept bookings

• Processing bookings, sending confirmations, reminders, and follow-ups

• Facilitating deposits and payments via Stripe

• Providing customer support

4.2 Legitimate Interests (Article 6(1)(f))

We process data where necessary for Bukeen's legitimate interests, balanced against your rights and interests, including:

• Preventing fraud, abuse, and harmful activity on the Platform

• Debugging, analytics, and improving Platform performance and features

• Enforcing our Terms & Conditions

• Measuring engagement with features (e.g. booking completion rates, reminder open rates)

• Conducting aggregate and anonymised analysis for product decisions

We assess and balance these interests against your rights in accordance with the GDPR.

4.3 Consent (Article 6(1)(a))

Where required by law, we will ask for your consent before:

• Sending marketing communications

• Placing non-essential cookies or analytics SDKs on your device

• Requesting optional device permissions (e.g. push notifications)

You may withdraw your consent at any time by contacting privacy@bukeen.com or adjusting your in-app settings. Withdrawal does not affect the lawfulness of processing before withdrawal.

4.4 Legal Obligation (Article 6(1)(c))

We process data where necessary to comply with applicable law, including:

• Tax, accounting, and financial reporting obligations

• Responding to lawful requests from law enforcement or regulatory authorities

• Complying with court orders or legal process
  
  
  
  

  
  

5) Booking Data and Roles: Bukeen vs Service Providers

When a Client makes a Booking, certain personal data (Client name, contact details, booking time, selected service, and any notes) is shared with the relevant Service Provider to enable the delivery of the service.

• Bukeen acts as a controller for data processed to operate the Platform (accounts, platform-level messaging, security, analytics, and product operations).

• Service Providers act as independent controllers for the Client data they receive, because they determine how that data is used to deliver their service (e.g. appointment management, receipts, client communications, compliance).

Service Providers are responsible for handling Client personal data in compliance with the GDPR, Irish Data Protection Acts, and any other applicable data protection laws. Clients should review the Service Provider's own privacy practices where relevant.

6) Sharing and Disclosure of Personal Data

We do not sell personal data. We may share personal data as follows:

6.1 With Other Platform Users

• Service Providers receive the booking details necessary to deliver the service.

• Clients can see a Service Provider's public profile information on their Booking Page.

6.2 With Service Providers and Vendors (Data Processors)

We use carefully selected third-party vendors to operate the Platform. These vendors process personal data only under our instruction and are contractually bound to protect it. Our current categories of processors include:

• Cloud hosting and infrastructure providers

• Analytics and crash reporting tools

• Customer support tooling

• SMS and email messaging vendors

• Payment processors (Stripe)

6.3 Legal and Safety Disclosures

We may disclose personal data where required to: comply with applicable law or legal process; enforce our Terms; protect the rights, safety, or property of users, Bukeen, or the public; or respond to emergencies.

6.4 Business Transfers

If Bukeen is involved in a merger, acquisition, asset sale, restructuring, or similar transaction, personal data held by Bukeen may be transferred as part of that transaction. We will provide notice and ensure appropriate safeguards are in place.

7) International Transfers

Bukeen is registered in Ireland and operates primarily within the European Economic Area (EEA). Where we transfer personal data outside the EEA (for example, to cloud service providers or vendors in the United States), we rely on one or more of the following safeguards:

• EU Standard Contractual Clauses (SCCs) approved by the European Commission;

• Adequacy decisions made by the European Commission in respect of the destination country;

• Additional technical and organisational measures as appropriate.

You may request details of the specific safeguards applicable to a transfer by contacting hello@bukeen.com.

8) Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy, and no longer than required by law. Our retention periods are:

• Account data (Service Providers and Clients): retained for the duration of the active account, plus 12 months after account closure to meet legal and security obligations. Shorter periods apply if deletion is requested and no legal obligation requires retention.

• Booking records and transaction data: retained for 24 months from the date of the booking for operational history, dispute resolution, and tax/accounting purposes.

• Payment records: retained for 7 years where required for tax and financial reporting obligations under Irish law.

• Support communications: retained for 24 months from the date of the last communication.

• Usage and log data: retained for 90 days unless required longer for security incident investigation.

When retention periods expire, data is securely deleted or anonymised. You may request earlier deletion as set out in Section 10.

9) Security

Bukeen implements appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, loss, or destruction. These measures include:

• Encryption of data in transit (TLS/HTTPS)

• Encrypted storage of sensitive data and credentials

• Access controls limiting data access to authorised personnel only

• Regular security monitoring, logging, and review

• Stripe's PCI DSS-compliant infrastructure for payment data

No system is completely secure. You are responsible for maintaining the confidentiality of your account login credentials. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, Bukeen will notify the Data Protection Commission (Ireland) within 72 hours and will inform affected users as required under Article 34 GDPR.

10) Your Rights (EEA/UK GDPR)

If you are located in the EEA, UK, or any jurisdiction with equivalent data protection laws, you have the following rights in relation to your personal data:

• Right of Access (Article 15): request a copy of the personal data we hold about you.

• Right to Rectification (Article 16): request correction of inaccurate or incomplete data.

• Right to Erasure (Article 17): request deletion of your personal data in certain circumstances (e.g. where it is no longer necessary for the purpose it was collected).

• Right to Restriction of Processing (Article 18): request that we limit how we process your data in certain circumstances.

• Right to Object (Article 21): object to processing based on legitimate interests or for direct marketing.

• Right to Data Portability (Article 20): receive your personal data in a structured, commonly used, machine-readable format where processing is based on consent or contract and carried out by automated means.

• Right to Withdraw Consent (Article 7): withdraw consent at any time where processing is based on your consent.

To exercise any of these rights, contact us at privacy@bukeen.com. We will respond within 30 days (or 3 months for complex requests, with notice). We may need to verify your identity before acting on your request.

We will not charge a fee for handling rights requests unless requests are manifestly unfounded or excessive.

11) Marketing Communications

We will only send marketing communications (e.g. product updates, new features, promotional offers) with your prior consent where required by law. You may opt out of marketing communications at any time by:

• clicking the "unsubscribe" link in any marketing email;

• adjusting notification preferences in your in-app settings; or

• contacting privacy@bukeen.com.

Transactional and service communications (e.g. booking confirmations, reminders, security alerts, account notifications) are not marketing and will continue to be sent as necessary to deliver the Platform.

12) Cookies and Similar Technologies

The bukeen.com website may use cookies and similar tracking technologies to operate the site, remember your preferences, and analyse usage patterns. Where required by Irish or EU law (including the ePrivacy Regulations), we will present a cookie consent banner before placing non-essential cookies.

The Bukeen mobile app uses third-party SDKs (e.g. analytics, crash reporting) that may collect device and usage data. These SDKs are configured in accordance with applicable law and your device privacy settings.

You can manage cookie preferences via your browser settings or the in-app cookie/tracking settings where provided.

13) Children

The Platform is not intended for use by persons under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that a child under 18 has provided us with personal data, please contact us immediately at privacy@bukeen.com and we will take prompt steps to delete that data.

14) Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform, or applicable law. We will post the latest version at bukeen.com/policy with an updated "Last updated" date. For material changes (those that significantly affect how we use your data or your rights), we will provide advance notice by email or in-app notification at least 14 days before they take effect.

15) Complaints

If you are not satisfied with how Bukeen has handled your personal data or a rights request, you have the right to lodge a complaint with the relevant supervisory authority:

In Ireland:

Data Protection Commission (DPC)

21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Website: dataprotection.ie | Phone: +353 (0)761 104 800

In the UK:

Information Commissioner's Office (ICO)

Website: ico.org.uk | Helpline: 0303 123 1113

We would appreciate the opportunity to address your concerns before you contact a supervisory authority, so please contact hello@bukeen.com first.

16) Quick Summary (Non-Contractual)

• This summary is for convenience only. The full policy above is the legally binding document.

  • We collect your name, contact details, booking info, and device data to run the Platform.

  • We share booking data with the Service Provider you book with.

  • We use Stripe for payments — they handle card data securely.

  • We don't sell your data. Ever.

  • We keep data only as long as needed (typically 12–24 months after activity ends).

  • You have full GDPR rights: access, deletion, correction, portability, and more.

  • Questions? Email hello@bukeen.com.

Contact Us

For privacy enquiries: hello@bukeen.com

For general enquiries: hello@bukeen.com

Website: bukeen.com

Registered entity: BUKEEN, Dublin, Ireland. Company No. 777492.