BookingBot
Log InSign Up

Privacy Policy

Last updated: February 17, 2026

1. Introduction

BookingBot ("we", "us", or "our"), operated by Receptionist.ge, provides an AI-powered booking assistant that helps beauty businesses manage customer communications on Instagram and WhatsApp. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our platform at www.bookingbot.co, whether you are a business customer ("Tenant") or an end user communicating with a business through our service ("End User").

By using our service, you agree to the practices described in this policy. If you do not agree, please do not use our service.

Our platform integrates with Meta's Instagram API. Your use of data obtained through Meta platforms is also governed by the Meta Privacy Policy and Meta Cookies Policy.

2. Data We Collect

2.1 End User Data (collected via WhatsApp / Instagram)

  • Phone number (WhatsApp) or Instagram handle
  • Display name (as provided by the messaging platform)
  • Message content (text messages sent and received)
  • Message metadata (timestamps, delivery status, message IDs)

2.2 Business Tenant Data

  • Business name, description, services, staff, and hours
  • Business address and location details
  • WhatsApp Business Phone Number ID and access token
  • Instagram Business Account ID and access token
  • Custom AI instructions and business policies
  • Account credentials (email, hashed password via Convex Auth)

2.3 Data Collected via Facebook / Instagram Login

When a Tenant connects their Instagram Business account through Facebook Login, we collect:

  • Facebook User ID
  • Facebook Pages linked to the account
  • Instagram Business Account ID linked to a Facebook Page
  • A long-lived Page access token (used to send and receive messages on behalf of the business)
  • Granted permission scopes (e.g. instagram_business_basic, instagram_business_manage_messages, instagram_manage_comments)

This data is used solely to connect the business's Instagram account to our platform and to send/receive messages on their behalf. We do not access or store personal Facebook profile information beyond what is required for the connection.

2.4 Booking & Scheduling Data

  • Service requested, staff member, date/time
  • Booking status and reminder history

3. How We Use Your Data

  • Deliver AI auto-replies: We process incoming messages using AI language models (OpenAI or Google Gemini) to generate contextual replies on behalf of the business.
  • Store conversation history: Messages are stored to maintain conversation context for accurate, continuous customer service.
  • Manage bookings: Contact and scheduling information is used to create and manage service appointments.
  • Deliver status updates: We track message delivery status (sent, delivered, read, failed) to ensure reliable communication.
  • Improve the service: Aggregated, anonymised usage data may be used to improve response quality and system reliability.

We do not use end-user data for advertising, marketing, or any purpose unrelated to the business's customer service operations. We do not share data between different business tenants. We do not sell, rent, or trade data obtained from Meta platforms.

Instagram API data usage: Data received through the Instagram API (including messages, account information, and media) is used exclusively to provide the AI booking assistant service. We do not use Instagram data for surveillance, advertising profiling, or to make eligibility determinations about individuals. Meta may process data according to its own Privacy Policy.

4. Third-Party Data Processors

We share data with the following third-party services strictly to operate our platform:

  • Meta (Instagram API, WhatsApp Business API): Message delivery, receipt, and Instagram Business Login authentication. Subject to Meta Privacy Policy and Meta Platform Terms.
  • OpenAI: Message content is sent to OpenAI's API to generate AI replies. Subject to OpenAI Privacy Policy.
  • Google (Gemini API): Message content may be sent to Google's Gemini API for AI replies. Subject to Google Privacy Policy.
  • Convex: Our database infrastructure provider. Data is stored on Convex's servers with encryption at rest and in transit. Subject to Convex Privacy Policy.

We do not sell, rent, or trade personal data to any third party.

5. Data Retention

  • Messages: Stored for as long as the business tenant maintains an active account, or until deletion is requested.
  • Contact information: Retained for the duration of the business relationship.
  • Booking data: Retained for 12 months after the appointment date, then automatically removed.
  • Account data: Retained until the tenant closes their account.

6. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • All data transmitted over HTTPS/TLS encryption
  • Database encryption at rest (provided by Convex infrastructure)
  • Webhook signature verification (HMAC-SHA256) for all incoming Meta webhooks
  • Admin-only access controls for tenant data
  • No storage of payment card numbers or government IDs

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your personal data (see Section 8 below)
  • Object to or restrict certain processing activities
  • Data portability – receive your data in a structured, machine-readable format

To exercise any of these rights, contact us at privacy@bookingbot.co.

8. Data Deletion

You may request deletion of your data at any time. For detailed instructions, see our Data Deletion page.

When you request data deletion, we will remove all personal data associated with your account from our systems within 30 days. This includes messages, contact information, booking history, and account data. Some data may be retained in encrypted backups for up to 90 days before automatic expiry.

For users who logged in via Facebook or Instagram, you can also request deletion through our automated callback. Meta will notify us, and we will process the deletion and provide a confirmation code.

9. Cookies & Tracking

Our platform uses only essential cookies required for authentication and session management. We do not use advertising cookies, analytics trackers, or third-party tracking scripts.

10. Children's Privacy

Our service is intended for businesses and their adult customers. We do not knowingly collect personal data from anyone under the age of 16. If we discover that we have inadvertently collected data from a child, we will promptly delete it.

11. International Data Transfers

Your data may be processed in countries outside of Georgia, including the United States (where Convex and AI providers operate). We ensure that appropriate safeguards are in place, including contractual protections consistent with applicable data protection laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify business tenants via email or through the platform. The "Last updated" date at the top reflects the most recent revision.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

BookingBot (operated by Receptionist.ge)
Email: privacy@bookingbot.co