Privacy Policy
Last updated: 16 April 2026
Peekabooker Ltd ("we", "us", "our") is a company registered in England and Wales. We are the data controller for personal data collected through the Peekabooker platform ("Platform"). We are committed to protecting your privacy and handling your data transparently in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data We Collect
Business owners (Merchants)
- Name, email address, and password (hashed with SHA-256)
- Business name, description, and service details
- Operating hours and pricing configuration
Customers
- Name, email address, and phone number (provided at booking)
- Booking details: service, date, time, price paid
Automatically collected
- Price observations and booking patterns (used by our AI pricing engine)
- Session tokens (essential cookies for authentication only)
We do not collect payment card details. All card information is handled directly by Stripe and never touches our servers.
2. Why We Collect It (Legal Bases)
| Purpose | Data used | Legal basis |
|---|---|---|
| Providing the booking service | Account info, booking details | Contract performance |
| Processing payments | Booking and transaction data | Contract performance |
| Sending booking confirmations and reminders | Email, booking details | Contract performance |
| Dynamic pricing optimisation | Price observations, booking patterns | Legitimate interest |
| Platform security and fraud prevention | Session data, account activity | Legitimate interest |
3. Cookies
We use only essential session cookies to keep you logged in. We do not use advertising cookies, tracking pixels, or analytics cookies. No cookie consent banner is required because we only use strictly necessary cookies.
4. Third-Party Services
We share data with the following third parties, only as needed to operate the Platform:
| Provider | Purpose | Data shared | Location |
|---|---|---|---|
| Stripe | Payment processing | Transaction amounts, Merchant payout details | US (with EU/UK safeguards) |
| Cloudflare | Hosting, CDN, database (D1) | All Platform data is stored on Cloudflare infrastructure | Global (with EU/UK safeguards) |
| Resend | Transactional email delivery | Recipient email, email content | US (with EU/UK safeguards) |
All third parties process data under appropriate safeguards for international transfers, including Standard Contractual Clauses (SCCs) where applicable.
5. How We Protect Your Data
- Passwords are hashed before storage and are never stored in plain text.
- All connections to the Platform are encrypted via HTTPS/TLS.
- Session tokens expire after 30 days.
- Data is stored on Cloudflare's D1 infrastructure, which provides encryption at rest.
- Access to production data is restricted to authorised personnel only.
6. Data Retention
- Account data: retained for as long as your account is active, plus 30 days after deletion to allow recovery.
- Booking data: retained for 2 years after the booking date for business record-keeping and dispute resolution.
- Price observations: retained for up to 2 years to train and improve our pricing models, then anonymised or deleted.
- Session tokens: automatically expire and are deleted after 30 days.
7. Your Rights (UK GDPR)
You have the following rights regarding your personal data:
- Access: request a copy of the personal data we hold about you.
- Rectification: ask us to correct inaccurate or incomplete data.
- Erasure: ask us to delete your personal data ("right to be forgotten").
- Data portability: request your data in a structured, machine-readable format.
- Restriction: ask us to limit how we process your data.
- Objection: object to processing based on legitimate interest.
To exercise any of these rights, email us at privacy@peekabooker.com. We will respond within 30 days.
8. Data Processing for Merchants
When Merchants use Peekabooker to accept bookings, we act as a data processor on their behalf for Customer data. Merchants are the data controllers for the personal data of their Customers. Merchants are responsible for ensuring they have an appropriate legal basis for collecting Customer data and for informing their Customers about how their data is used.
9. Children
The Platform is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page indicates when the policy was last revised.
11. Complaints
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority.
12. Contact
For any privacy-related questions or requests:
- Email: privacy@peekabooker.com
- General enquiries: hello@peekabooker.com