H
HallBooking

Privacy Policy

Last updated: June 21, 2026

This page explains what data HallBooking ("we", "the service") collects from studio owners and from clients who book halls through our software, why we collect it, and what rights you have. HallBooking is currently in early access and this policy will be updated as the product evolves.

1. Who is the data controller

For studio owners: HallBooking is the data controller for the account data you give us directly (email, studio name, settings, billing).

For end clients booking a hall: the studio owner is the data controller for booking data (name, email, phone, booking details). HallBooking acts as the data processor and stores this data on the owner's behalf.

2. What we collect

  • Account data: email address, authentication identifier, sign-in provider (Google, Apple, or email/password).
  • Studio data: studio name, URL slug, timezone, currency, contact email, hall configuration, availability rules.
  • Booking data (when public booking ships): client name, email, phone, hall, start/end time, price, payment status.
  • Technical data: server logs (IP address, user agent, request path) kept for up to 30 days for abuse prevention and debugging.

We do not currently use third-party analytics or advertising cookies.

3. Legal basis (GDPR)

  • Contract: account, studio, and booking data — necessary to provide the service.
  • Legitimate interest: server logs for security and abuse prevention.
  • Consent: any optional feature (marketing email, future analytics) will ask explicitly.

4. Who we share data with

  • Infrastructure: our hosting and database provider process data on our behalf under their DPAs.
  • Payments (planned): when payments ship, card data is handled directly by Stripe / LiqPay / your chosen provider. We never see card numbers.
  • Email: transactional sign-in and booking emails are sent via our email provider.

We do not sell personal data. We do not share data for advertising.

5. Retention

  • Account data: while your account is active, then 30 days after a deletion request.
  • Booking data: kept by the studio owner; deleted when the owner deletes the booking or closes the account.
  • Server logs: 30 days.

6. Your rights

Under GDPR (EU/UK) and similar laws, you can request access, correction, deletion, export, or restriction of your data. Email privacy@hallbooking.app and we will respond within 30 days. Studio owners are responsible for handling these requests for their own clients' booking data.

7. International transfers

Our infrastructure may process data in the EU and the US. Where data leaves the EEA, it is covered by Standard Contractual Clauses with our providers.

8. Security

All traffic uses TLS. Database access is gated by row-level security policies. Payment credentials, when added, will be stored encrypted and isolated from the main application database.

9. Children

HallBooking is not intended for users under 16. We do not knowingly collect data from children.

10. Changes

We will update this page when the product changes (especially when payments and public booking ship). Material changes will be announced by email to active accounts.

11. Contact

Email privacy@hallbooking.app for any privacy question or data request.

← Back to home