Privacy Policy
Last Updated: April 23, 2026
Your Data, Your Rights
Under GDPR, you have the right to access, correct, export, or delete your personal data at any time. Contact us at privacy@morabookai.com to exercise these rights.
1. Information We Collect
When you book an appointment through MoraBookAI, we collect:
- Personal Information: Name, email address, phone number
- Appointment Details: Service selected, date, time, and practitioner preference
- Payment Information: Deposit payments processed securely through Stripe (we do not store card details)
- Communication Preferences: Your consent for email and SMS communications
2. How We Use Your Information
We use your personal data solely for:
- Managing your appointment bookings
- Sending appointment confirmations and reminders
- Processing deposit payments
- Maintaining waitlists for fully booked dates
- Sending marketing communications (only if you explicitly consent)
3. Legal Basis for Processing
Under GDPR, we process your data based on:
- Contract: Processing necessary to fulfill your booking
- Consent: For marketing communications (you can withdraw consent anytime)
- Legitimate Interest: For appointment reminders and service improvements
4. Data Retention
We retain your data for:
- Active Clients: Duration of your relationship with us plus 2 years
- Marketing Consent: Until you withdraw consent or 3 years of inactivity
- Financial Records: 7 years as required by UK law
5. Your Rights Under GDPR
You have the right to:
- Access: Request a copy of all data we hold about you
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your personal data ("Right to be Forgotten")
- Portability: Receive your data in a structured, machine-readable format
- Restriction: Limit how we use your data
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw marketing consent at any time
6. Data Security
We implement appropriate technical and organizational measures:
- SSL/TLS encryption for all data transmission
- Secure database hosting on Microsoft Azure (UK data centers)
- Regular security audits and penetration testing
- Access controls and authentication
- Regular staff training on data protection
7. Third-Party Processors
We use the following trusted third parties:
- Stripe: Payment processing (PCI DSS compliant)
- Microsoft Azure: Secure cloud hosting (UK South region)
- Twilio: SMS messaging (when you consent to SMS)
8. Cookies and Tracking
We use minimal cookies:
- Essential Cookies: Required for booking functionality
- No Marketing Cookies: We do not use tracking cookies for advertising
- No Third-Party Analytics: We do not use Google Analytics or similar
9. Data Breach Notification
In the unlikely event of a data breach, we will:
- Notify the ICO within 72 hours as required by law
- Inform affected individuals without undue delay
- Provide clear information about the breach and steps taken
10. Contact Information
For privacy-related inquiries:
- Email: privacy@morabookai.com
- Data Protection Officer: James Brown
- ICO Registration: [Your ICO registration number]
11. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any significant changes via email or through our website.
← Back to Home