Privacy Policy

1. Introduction

This Privacy Policy explains how KR.ML LTD trading as NextBookin ("we", "us", "our") collects, uses, and protects your personal data when you use our platform at nextbookin.com and related domains. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

NextBookin is a trading name of KR.ML LTD, registered in England and Wales (company number 17162902), registered office at Office 18610, 182-184 High Street North, London, England, E6 2JA. KR.ML LTD is the data controller responsible for your personal data. If you have any questions about how we handle your data, you can contact us at privacy@nextbookin.com.

3. Controller and Processor Roles

Because NextBookin is a multi-tenant platform, the same data may be processed under different roles depending on whose data it is:

• Where we are the controller: data about you as a direct user of NextBookin — your account credentials, billing details, support correspondence, and the personal data of business owners, staff, and administrators registered with us.
• Where we are the processor:data about your end customers (the people who book appointments through your business). The Tenant business is the data controller for that customer data; we process it solely on their instructions to provide the Service. The Tenant is responsible for the lawful basis of collection (typically performance of the booking contract or marketing consent — see section 12 of the Terms of Service for the Tenant's consent obligations).
• Where we are joint controller: certain platform-wide analytics and security data (anonymised IP addresses in audit logs, aggregate usage statistics) that we process for our own legitimate interests in operating the Service.

Tenants requiring a written Data Processing Agreement (DPA) can find our standard DPA at nextbookin.com/legal/dpa.

4. Data We Collect

We collect the following categories of personal data:

• Account information: name, email address, and password hash when you register
• Business information: business name, address, phone number, services offered, and staff details
• Booking data: appointment details, service selections, dates, times, and any notes provided
• Payment information: payment transactions are processed by Stripe; we do not store your full card details
• Guest booking data: name, email, and phone number provided when booking without an account
• Usage data: anonymised IP address (truncated to /24 subnet) stored in audit logs for security purposes. We use Google Analytics to understand how users interact with the platform; see section 8 (Cookies) for details.
• Chatbot conversations: messages exchanged with the booking assistant, retained for up to 1 year
• Consultation forms: responses submitted to business consultation forms
• Communications: messages, reviews, and support correspondence

5. How We Use Your Data

We use your personal data to:

• Provide, maintain, and improve the booking platform
• Process bookings and send appointment confirmations and reminders
• Process payments through our payment provider (Stripe)
• Send account-related notifications and service updates
• Respond to support requests
• Analyse usage patterns to improve the Service
• Prevent fraud and ensure security
• Maintain audit trails of access to and changes within the Service (including Support Access — see section 7)

6. Legal Basis for Processing

We process your data on the following legal bases:

• Contract performance: to provide the Service you signed up for
• Legitimate interests: to improve our platform, prevent fraud, communicate service updates, maintain security audit logs, and provide Support Access
• Consent: for optional marketing communications, which you can withdraw at any time
• Legal obligation: to comply with applicable laws and regulations

7. Support Access to Your Account

To deliver support, investigate issues, comply with legal obligations, or respond to abuse or security concerns, NextBookin support and engineering personnel may access your account and dashboard ("Support Access"). This is governed by section 17 of our Terms of Service.

When Support Access occurs:

• The session is recorded in our internal platform audit trail with the staff member's identity, timestamps, and actions taken.
• Any changes are also recorded in your tenant's audit log, tagged with the support engineer's email address.
• After the session ends, the Account Owner receives an email summarising who accessed the account, when, and what (if anything) was changed.

The lawful basis for Support Access is our legitimate interests in operating and securing the Service, balanced by the audit and notification controls described above. If you believe a Support Access session was unauthorised, contact us immediately at privacy@nextbookin.com.

8. Cookies

We use the following types of cookies:

• Essential cookies: required for authentication and session management. These cannot be disabled.
• Functional cookies: remember your preferences such as language and timezone settings.
• Preference cookies: remember your theme and display preferences (stored locally in your browser only).
• Analytics cookies: Google Analytics cookies (_ga, _gid) help us understand how visitors use the platform so we can improve it. These cookies collect anonymised usage data and are only set with your consent.

You can control cookie preferences through your browser settings or, where shown, through the consent banner displayed on first visit. Disabling essential cookies may prevent you from using the Service.

9. Subprocessors

We engage the following third-party subprocessors to deliver the Service. This list is the canonical version and matches section 16 of our Terms of Service:

• Neon (US-incorporated, EU data region) — Managed PostgreSQL database hosting. Data stored in eu-west-2 (London). Privacy policy at neon.tech/privacy.
• Hetzner (Germany) — Application hosting infrastructure (Coolify-managed), located in the EU.
• Stripe (US) — Payment processing and subscription billing. Stripe processes your payment data under their own privacy policy at stripe.com/privacy. Transfers covered by Standard Contractual Clauses.
• Twilio (US) — SMS and WhatsApp message delivery. Privacy policy at twilio.com/legal/privacy.
• Resend (US) — Transactional and marketing email delivery. Privacy policy at resend.com/legal/privacy-policy.
• Cloudflare R2 (Global) — Object storage for images and uploads (logos, banners, gallery images). Privacy policy at cloudflare.com/privacypolicy.
• Betterstack (EU) — Operational logging and incident alerting. Application logs (with PII redacted at source) are forwarded for debugging and uptime monitoring. Privacy policy at betterstack.com/privacy.
• Google (US) — Optional OAuth authentication and Google Analytics. Privacy policy at policies.google.com/privacy.

We do not sell your personal data to any third party. Where data is transferred outside the UK or EEA, we rely on Standard Contractual Clauses or equivalent safeguards. We will give at least 30 days' notice before adding or replacing a subprocessor that materially affects the processing of your or your customers' personal data.

10. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specific retention periods:

• Account data: retained while your account is active. Deleted or anonymised within 30 days of account deletion.
• Booking records: retained for up to 3 years after the appointment date for business record-keeping. Personal data is anonymised on account deletion.
• Audit logs: anonymised IP addresses retained for 90 days, then automatically purged. Action records (without IP) retained for 1 year for security and compliance.
• Support Access logs: retained for 2 years to support compliance investigations and customer-initiated audits of past access.
• Appointment watch requests: retained for up to 1 year, then automatically purged.
• Chatbot conversations: retained for up to 1 year, then automatically purged.
• Form submissions: retained for the duration of the business relationship.
• Billing and invoice records: retained for 7 years (UK statutory requirement under the Companies Act 2006 and HMRC guidance).

When you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law (notably billing records).

11. Your Rights (GDPR)

Under the UK GDPR, you have the following rights regarding your personal data:

• Right of access: request a copy of the personal data we hold about you
• Right to rectification: request correction of inaccurate data
• Right to erasure: request deletion of your personal data
• Right to restrict processing: request that we limit how we use your data
• Right to data portability: receive your data in a structured, machine-readable format
• Right to object: object to processing based on legitimate interests
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time

You can exercise data export and account deletion directly from your account settings at Dashboard > Account > Privacy. If you booked as a guest without an account, you can request deletion of your data at our guest data deletion page. Where we are the processor (data about a Tenant's end customers), please contact the Tenant business directly in the first instance, as they are the data controller. To exercise any of these rights with us directly, contact privacy@nextbookin.com. We will respond within 30 days.

12. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS 1.2+) and at rest, access controls (role-based, with audit logging of every administrative access), regular security reviews, two-factor authentication for platform administrators, and regular penetration testing. Each Tenant's data is isolated in a separate database to prevent cross-tenant access.

13. International Transfers

Where data is transferred outside the UK or EEA, we ensure adequate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions. The primary data store (Neon, eu-west-2 London) and application hosting (Hetzner, Germany) keep your data within the EEA at rest.

14. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

15. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 30 days before they take effect, where practicable. The "Last updated" date at the top indicates the most recent revision. The "What changed" panel at the top of this document summarises the most recent revisions.

17. Data Breach Notification

In the event of a personal data breach, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to the rights and freedoms of affected individuals, we will notify those individuals without undue delay.

18. Complaints

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

19. Data Protection Officer

For data protection enquiries, contact our Data Protection Officer at privacy@nextbookin.com.

20. Record of Processing Activities

In accordance with Article 30 of the UK GDPR, we maintain a Record of Processing Activities (ROPA) documenting all personal data processing carried out by NextBookin. This record is maintained separately and is available to the Information Commissioner's Office upon request.

21. Contact

For privacy-related questions or to exercise your data rights, contact us at privacy@nextbookin.com.