BookAnything

Privacy Policy

Last updated: 7 June 2026

1. Who We Are

BookAnything ("we", "us", "our") is a trading name of Blue Cactus Digital Ltd, a company registered in England and Wales.

  • Registered address: 143 St Georges Park Avenue, Westcliff, Essex, SS0 9UB
  • Contact email: hello@bluecactus.digital
  • Website: bookanything.uk

Blue Cactus Digital Ltd is registered with the Information Commissioner's Office (ICO) as a data controller.

2. What Information We Collect

We collect and process different types of personal data depending on how you interact with BookAnything:

2.1 Account Registration

When you sign up for a demo or trial account, we collect:

  • Full name
  • Email address
  • Phone number
  • Company/business name
  • Password (stored securely using bcrypt hashing — we never store plain text passwords)
  • Business type/sector

2.2 Booking Data

When bookings are made through the platform, we collect:

  • Customer name and email address
  • Booking date, time, and duration
  • Resource/service booked
  • Payment amounts and transaction references
  • Any notes or additional information provided during booking

2.3 Payment Information

Payments are processed securely through Stripe. We do not store credit card numbers, CVVs, or full payment card details on our servers. Stripe handles all payment data in accordance with PCI-DSS Level 1 compliance. We only store Stripe customer IDs and transaction references.

2.4 Usage Data

We automatically collect certain technical information when you use our platform:

  • IP address and approximate location
  • Browser type and version
  • Pages visited and actions taken
  • Date and time of access
  • Referring website

This data is collected via Google Analytics and is used to improve the service. See Section 7 for details on cookies and tracking.

2.5 AI Booking Assistant

When you use the AI Booking Assistant chat feature, your messages are processed by OpenAI's API to generate responses. Messages are stored in our database to maintain conversation context. OpenAI's data usage policies apply to the processing of these messages. We do not use your chat data to train AI models.

3. How We Use Your Information

We use your personal data for the following purposes:

  • Providing the service: Creating and managing your account, processing bookings, sending confirmations and reminders
  • Payment processing: Collecting subscription fees and booking payments via Stripe
  • Communications: Sending transactional emails (booking confirmations, trial reminders, password resets)
  • Service improvement: Analysing usage patterns to improve features and user experience
  • Customer support: Responding to your enquiries and resolving issues
  • Legal compliance: Meeting our legal and regulatory obligations

4. Legal Basis for Processing

Under the UK General Data Protection Regulation (UK GDPR), we process your data on the following legal bases:

  • Contract: Processing necessary to perform our contract with you (providing the booking platform service)
  • Legitimate interests: Improving our service, preventing fraud, and ensuring platform security
  • Consent: Where you have given explicit consent, such as for marketing communications
  • Legal obligation: Where we are required to process data to comply with the law

5. Who We Share Your Data With

We share personal data only with the following categories of third parties, and only to the extent necessary:

  • Stripe (payments) — to process subscription and booking payments
  • Resend (email delivery) — to send transactional emails such as booking confirmations
  • OpenAI (AI features) — to power the AI Booking Assistant chat functionality
  • Google (analytics and calendar) — for website analytics and optional calendar synchronisation
  • Meta (advertising) — for conversion tracking via Meta Pixel on our marketing pages

We do not sell your personal data to any third party. Business administrators using BookAnything are data controllers for their own customers' booking data. We act as a data processor on their behalf.

6. Data Retention

We retain your personal data for as long as necessary to provide our services:

  • Active accounts: Data is retained for the duration of your account
  • Closed accounts: Account data is retained for up to 12 months after closure, then permanently deleted
  • Booking records: Retained for 6 years in line with UK tax and accounting obligations
  • Payment records: Retained by Stripe in accordance with their retention policy and financial regulations
  • AI chat history: Retained for 90 days, then automatically deleted

7. Cookies and Tracking

BookAnything uses the following cookies and tracking technologies:

  • Essential cookies: Authentication tokens (JWT) stored in your browser to keep you logged in. These are strictly necessary for the service to function.
  • Google Analytics: We use Google Analytics to understand how visitors use our website. This collects anonymised usage data. You can opt out by installing the Google Analytics Opt-out Browser Add-on.
  • Meta Pixel: Used on our marketing pages to measure the effectiveness of our advertising. You can manage your Meta ad preferences at facebook.com/adpreferences.

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing: Request that we limit how we use your data
  • Right to data portability: Request your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at hello@bluecactus.digital. We will respond within one month.

9. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

  • Passwords are hashed using bcrypt and never stored in plain text
  • All data is transmitted over HTTPS (TLS encryption)
  • Payment data is handled exclusively by Stripe (PCI-DSS Level 1 compliant)
  • Database access is restricted and authenticated
  • Regular security reviews and updates

10. International Transfers

Some of our third-party service providers (Stripe, OpenAI, Google) may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the ICO, or the service provider's participation in recognised data protection frameworks.

11. Children's Privacy

BookAnything is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at hello@bluecactus.digital and we will promptly delete it.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of any material changes by email. The "last updated" date at the top of this page will always reflect the most recent revision.

13. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

We would appreciate the opportunity to address your concerns before you contact the ICO — please reach out to us at hello@bluecactus.digital first.

14. Contact Us

If you have any questions about this privacy policy or how we handle your data, please contact us:

  • Email: hello@bluecactus.digital
  • Address: Blue Cactus Digital Ltd, 143 St Georges Park Avenue, Westcliff, Essex, SS0 9UB

Made with Emergent