Back to homepage

Privacy Policy

Last updated: February 2026

1Who We Are

When you book an appointment with Bookora, your personal data is handled by two parties:

  • Bookora (the business) — decides why your data is needed and how it's used for their services.
  • Bookora (the platform) — provides the booking technology and processes data on behalf of the business.

This privacy policy explains what data we collect, why, and what your rights are.

2What Data We Collect

When you make a booking, we collect:

  • Your full name
  • Your email address
  • Your phone number
  • Booking details (service, date, time, staff member)
  • Any notes you add for the professional (optional)
  • Credit pack transactions and balances (if applicable)

3Why We Collect Your Data

We process your data based on these legal grounds:

Contract Performance (Art. 6(1)(b) GDPR)

Your name, email, phone, and booking details are necessary to confirm and manage your appointment. Without this data, we cannot provide the booking service.

Legitimate Interest (Art. 6(1)(f) GDPR)

We send appointment reminders and allow the business to manage their schedule. This is in both your interest and the business's interest.

Legal Obligation (Art. 6(1)(c) GDPR)

Credit pack transactions and financial records are retained as required by Greek tax law.

4How Long We Keep Your Data

  • Booking history: retained while your profile is active, plus 2 years after your last appointment.
  • Credit and financial records: 5 years, as required by Greek tax law.
  • Account data: until you request deletion.

After the retention period, your data is permanently deleted or anonymized.

5Who We Share Your Data With

Your data is shared only with:

  • Bookora — the business you are booking with, to manage your appointment.
  • Bookora — the platform that powers the booking system.
  • Email delivery service — to send booking confirmations and reminders.

We do not sell your data to third parties or use it for advertising.

6Cookies

This site uses only essential cookies required for the booking system to function (authentication and session management). No analytics or marketing cookies are used. With your consent, Sentry is used for error tracking and session replay via localStorage-based sessions. Your language preference is stored locally on your device.

7Your Rights

Under the GDPR, you have the right to:

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your data ("right to be forgotten").
  • Restriction — limit how your data is processed.
  • Portability — receive your data in a portable format.
  • Object — object to processing based on legitimate interest.

To exercise any of these rights, contact us at [email protected].

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr.

8Contact Us

For any questions about this privacy policy or your personal data:

[email protected]

9International Data Transfers

Your data is processed using Supabase infrastructure. Where data is transferred outside the EU/EEA, appropriate safeguards are in place (Standard Contractual Clauses).

10Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated through the platform. We encourage you to review this page periodically.