Privacy Policy

How we protect the personal information of our vendors and their clients.

1. Introduction

BookAm respects your privacy and complies with the Nigerian Data Protection Regulation (NDPR) 2019. We are committed to transparency in the collection, usage, and safeguarding of the personal information handled by our platform.

2. Information We Collect

  • From Vendors: Business name, email, phone number, physical address, business logo, operating hours, KYC verification data (such as BVN, business registration documents, and utility bills), and bank settlement details.
  • From Clients (Your Customers): Name, email address, WhatsApp/phone number, and any specific appointment notes provided during the booking process on a vendor's custom page.
  • Automated Data: IP addresses, browser types, and usage metrics to help us optimize the platform's performance and security.

3. How Information is Used

We use collected data solely to:

  • Facilitate the scheduling and confirmation of services between Vendors and their Clients.
  • Process automated WhatsApp and Email notifications regarding appointments.
  • Handle deposit settlements securely through Monnify or other authorized financial institutions.
  • Provide Vendors with analytics regarding their booking page visits and booking conversions.
  • Ensure the security of the platform and prevent fraudulent transactions.

4. Data Sharing & Third Parties

BookAm does not sell, rent, or trade your personal information. We only share necessary data with trusted and regulated third-party services that make our platform function:

  • Payment Processors: We transmit transaction data to Monnify for the sole purpose of clearing payments. We do not store your payment information on our servers.
  • Identity Verification: We securely transmit encrypted KYC data to authorized verification partners (e.g., Monnify verification endpoints) to validate your identity and prevent fraud.
  • Messaging APIs: We transmit phone numbers and appointment details to our WhatsApp Business API providers solely for sending transactional reminders.
  • Cloud Infrastructure: Our platform runs on secure, SOC 2 compliant cloud environments.

5. Vendors as Data Controllers

When a client books an appointment through a Vendor's BookAm page, the Vendor is the primary Data Controller for that client's information. BookAm acts as the Data Processor on behalf of the Vendor. Vendors are independently responsible for ensuring they have the right to collect and manage their clients' data in accordance with local regulations.

6. Security Measures

We implement commercially reasonable technical and organizational measures to protect personal data from unauthorized access, accidental loss, or destruction. This includes robust encryption in transit (HTTPS/TLS) and encryption at rest. Sensitive KYC data is stored securely using advanced encryption standards and is only accessed or routed when legally required or for verification purposes.

7. User Rights

Under the NDPR, users possess the right to:

  • Request access to their personal data stored by us.
  • Request the correction or deletion of inaccurate data.
  • Request the complete deletion of their account and associated data ("Right to be Forgotten").

For data deletion requests, privacy concerns, or compliance inquiries, please contact our Data Protection Officer at privacy@bookam.ng.