Privacy Policy

Last updated: January 2025

1. Introduction

BookMore ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered lead qualification service for wedding photographers and creative professionals.

2. Information We Collect

We collect information in the following ways:

Account Information

  • Email address and authentication credentials
  • Business name, location, and years of experience
  • Service packages and pricing information you configure
  • Bot settings and style preferences

Instagram Integration Data

  • Instagram Business account username and profile information
  • Instagram access tokens (encrypted and stored securely)
  • Direct messages received through your Instagram account
  • Conversation history with potential leads

Lead Information

  • Names and contact details of people who message you
  • Wedding dates, budgets, venues, and preferences shared in conversations
  • Lead qualification scores and status
  • Message history and AI-generated responses

Usage Data

  • Bot performance metrics and response times
  • Feature usage and interaction patterns
  • Error logs for troubleshooting

3. How We Use Your Information

We use the information we collect to:

  • Provide AI-powered automatic responses to your Instagram DMs
  • Qualify leads based on budget, date, and other criteria you set
  • Store and organize your lead information in your dashboard
  • Generate personalized responses based on your business profile and packages
  • Improve our AI models and service quality (using anonymized, aggregated data only)
  • Send you important service updates and notifications
  • Provide customer support

4. AI and Automated Processing

BookMore uses artificial intelligence to analyze incoming messages, detect intent, extract information (like wedding dates and budgets), and generate appropriate responses. Our AI is trained to respond in your configured style (tone, language, emoji usage) and follows your custom behavior rules. You maintain full control over the bot and can pause it at any time for individual leads or globally.

Important: Your specific conversation data is never used to train our AI models. We only use anonymized, aggregated patterns to improve our service.

5. Data Security

We implement robust security measures to protect your data:

  • All data is encrypted at rest and in transit using industry-standard encryption
  • Instagram access tokens are securely stored and automatically refreshed
  • We use Supabase with Row Level Security (RLS) to ensure you can only access your own data
  • Regular security audits and monitoring
  • Secure authentication via email/password or Facebook OAuth

6. Data Sharing

We do not sell your personal information. We may share data with:

  • Service Providers: Supabase (database), Meta/Instagram (messaging API), AI providers (for response generation)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

7. Data Retention and Deletion

We retain your data for as long as your account is active. Lead data and conversation history are kept to provide you with a complete record of your interactions.

How to Delete Your Data

You have the right to request deletion of your data at any time. There are several ways to do this:

  • Email Request: Send an email to privacy@bookmore.in with the subject "Data Deletion Request"
  • In-App: Go to Settings → Account → Delete Account
  • Via Facebook/Instagram: Remove BookMore from your connected apps in Facebook Settings → Apps and Websites

What Gets Deleted

Upon receiving a valid deletion request, we will permanently delete:

  • Your account information (email, password, profile)
  • Business profile and settings
  • All lead data and conversation history
  • Bot configuration and custom rules
  • Instagram access tokens and connection data

Deletion Timeline

  • Within 48 hours: We acknowledge your request and verify your identity
  • Within 7 days: Your account is disabled and bot activity stops
  • Within 30 days: All your data is permanently deleted from our systems

Data Retention Exceptions

We may retain limited data where required by law, including:

  • Transaction records for tax and accounting purposes (up to 7 years)
  • Data required for ongoing legal proceedings
  • Anonymized, aggregated analytics (cannot be linked back to you)

For detailed instructions, visit our Data Deletion page.

8. Your Rights

You have the right to:

  • Access: View all data we have about you through your dashboard or request a data export
  • Correction: Update your business profile and settings at any time
  • Deletion: Delete individual leads or request full account deletion
  • Portability: Export your lead data in a machine-readable format
  • Disconnect: Revoke Instagram access at any time through settings
  • Control: Pause or disable the AI bot for specific leads or entirely
  • Object: Object to processing of your data for certain purposes
  • Restrict: Request restriction of processing in certain circumstances

GDPR Rights (EEA Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority.

9. Instagram & Meta Compliance

Our use of Instagram data complies with Meta's Platform Terms and Developer Policies. We only access the permissions necessary to provide our service (instagram_basic, instagram_manage_messages, pages_show_list, pages_read_engagement, business_management). You can revoke our access at any time through your Instagram settings or our app.

We process data deletion callbacks from Meta when you remove our app from your Facebook/Instagram settings, ensuring your data is deleted in compliance with Meta's platform requirements.

10. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or sell data to advertisers.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses approved by relevant authorities.

12. Children's Privacy

BookMore is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the app at least 14 days before they take effect. Your continued use of BookMore after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy, your data, or wish to exercise your rights, please contact our Data Protection Officer: