Your data is in safe hands
Security isn't an add-on. It's how we built the product from day one — encryption, isolated data, audited payment processing, and full GDPR compliance.
Payments handled by Stripe
Card details never touch Bookr's servers. Stripe is PCI-DSS Level 1 — the highest standard in the payments industry. When customers pay, the card data goes directly to Stripe; we receive only a token and a confirmation.
Encryption everywhere
All traffic moves over TLS 1.2 or higher, and HTTP is redirected to HTTPS — there's no unencrypted path in. Data at rest is encrypted with AES-256. Database access requires authenticated keys plus row-level security (RLS) — so a business can only ever see their own bookings and their own customers, even if an application-layer bug tried otherwise. The platform aims for high availability, though we don't provide a formal SLA guarantee — see live status.
GDPR-compliant from day one
Built in the UK, compliant with UK GDPR. Customers can request a copy or deletion of their data any time. Business owners can export their full data with one click — no support ticket required.
Your data is yours
We don't sell data. We don't share it with advertisers. Bookings, customer info, financial records — all yours, exportable and deletable. If you ever leave Bookr, you take everything with you.
What we collect, what we don't
We collect what's needed to run a booking: email, name, booking times, payment amount. Card details never touch our servers — they go straight to Stripe. We don't run third-party advertising or analytics trackers (no Google Analytics, no Meta Pixel), and we never sell your data. Read the Privacy Policy for the full breakdown of what's collected and why.
Locked-down admin access
Access to production systems — database, hosting, email — is restricted to authorised team members only. Every login is protected by two-factor authentication (2FA) and logged, and access logs are reviewed for anything unusual.
If something goes wrong
No system is unbreakable. In the unlikely event of a personal-data breach that puts your rights at risk, we notify the ICO within 72 hours of becoming aware of it and tell affected people without undue delay — as UK GDPR requires.
Found a security issue?
Email support@mybookr.app — we respond within 24 hours and credit responsible disclosure in our security acknowledgements.