1. Scope

This Privacy Policy explains how Būkd collects, uses, stores, and shares information when you use our website, mobile apps, and related services.

This policy covers both customer and business/admin experiences.

2. Information We Collect

• Account and authentication data, including email address and session/auth tokens. Password handling is performed through our third-party auth provider (currently Supabase Auth).
• Profile data, including display name, full name, and avatar URL (if provided).
• Booking data, including selected session, venue, payment method, booking status, timestamps, and related booking actions.
• User uploads, including payment proof files and, for business users, venue photos, payment instruction images, and ownership proof documents.
• Business workspace data, including organization names, venue descriptions, schedules, opening hours, resources, team-member roles, and access permissions.
• Review and public profile data, including ratings, comments, and reviewer display name/avatar when published.
• Technical data used to operate the service, including authentication cookies, mobile session storage, local cache data, and server request logs.

3. How We Use Information

• To create and secure accounts, authenticate users, and keep sessions active.
• To provide search, maps, venue listings, schedules, booking workflows, and account features.
• To process and track booking states, including cancellation and payment-proof review workflows.
• To support business operations such as venue management, team access, and dashboard/reporting views.
• To monitor service health, prevent abuse, troubleshoot issues, and enforce platform rules.
• To meet legal and compliance obligations.
• Where applicable, we process personal data based on one or more legal bases: (a) performance of a contract, (b) legitimate interests in operating and improving the platform, (c) compliance with legal obligations, and (d) user consent where required.

4. How and When Data Is Shared

• Service providers: We use third-party infrastructure providers for authentication, database, and storage (currently Supabase), and map providers (Mapbox on web; Apple Maps/Google Maps on mobile).
• With venues/business operators: Booking and profile details needed to fulfill a booking may be visible to authorized venue staff.
• Publicly visible data: Public venue details, selected venue media, published reviews, and associated public reviewer profile fields may be shown to other users.
• Legal disclosures: We may disclose data when required by law, legal process, or to protect rights, safety, and platform integrity.
• Our service providers may store and process data in multiple jurisdictions. We take steps to ensure appropriate safeguards are in place for international data transfers.

5. Public vs. Private Content

• Public content may include venue names, descriptions, opening hours, location labels, published reviews, and other information marked for public listing.
• Private/restricted content includes ownership proof files, payment proof files, internal access/role configuration, and account security data.
• Some uploaded assets are intentionally public to support customer flows (for example, venue gallery and payment instruction images).

6. Location and Device Permissions

• Web and mobile map features process map bounds and related map interactions to return nearby venues.
• On mobile, location access is optional and used only if you grant permission (for example, to center the map on your current location).
• On mobile, photo-library/media permission is requested when you choose to upload payment proof files.

7. Data Retention

We keep data for as long as needed to operate the platform, maintain records, resolve disputes, and satisfy legal obligations.

Retention periods depend on data type and operational/legal requirements.

8. Security

We use reasonable technical and organizational safeguards designed to protect personal information.

No system is completely secure, and we cannot guarantee absolute security.

9. Your Choices and Rights

• You can update certain profile information (such as display name and full name) directly in the app.
• You can control mobile permissions (such as location and media access) in your device settings.
• You may request access, correction, or deletion of your data by contacting us through the Support page.

10. Children's Privacy

Būkd is not directed to children under 13 (or under 18 where parental consent is required), and we do not knowingly collect personal information from such users.

11. Policy Updates

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised "Last updated" date.

12. Contact

For privacy questions or requests, please contact us through the Support page in the app or at /support.