Privacy Policy

Last updated: October 12, 2025

1. Introduction

This Privacy Policy describes how You book Me (hereinafter "we", "our" or "the Company"), a company incorporated under Belgian law, collects, uses, stores and protects your personal data when you use our AI assistant platform for booking and sales management (hereinafter "the Service").

We are committed to protecting your privacy and processing your personal data in a transparent manner, in accordance with the General Data Protection Regulation (GDPR) of the European Union (EU 2016/679) and applicable Belgian data protection legislation.

By using our Service, you accept the practices described in this Privacy Policy. If you do not accept these practices, please do not use our Service.

2. Data Controller

The data controller for your personal data is:

You book Me
Company incorporated under Belgian law
Registered office: Belgium
Email: privacy@youbookme.com

For any questions regarding the processing of your personal data or to exercise your rights, you can contact us using the contact details above.

3. Personal Data Collected

3.1 Data you provide to us

When using our Service, we collect the following personal data that you communicate to us directly:

Account data: last name, first name, email address, phone number, password (encrypted), name of your company
Billing data: billing address, payment information (processed by our secure payment providers)
Configuration data: AI assistant preferences, custom instructions, booking settings
Communication content: messages, conversations with your customers via WhatsApp, Telegram or your website
Your customers' data: booking information, conversation history, preferences

3.2 Automatically collected data

When you use our Service, we automatically collect certain information:

Technical data: IP address, browser type, operating system, device identifiers
Usage data: pages viewed, features used, duration of use, interactions with the Service
Cookies and similar technologies: see our dedicated cookies section
Performance data: AI usage statistics, conversion rate, performance metrics

3.3 Data from third parties

We may receive data about you from:

Messaging platforms: WhatsApp, Telegram (in accordance with their respective policies)
Payment providers: transaction information (without direct access to complete bank details)
Analytics services: aggregated and anonymized data on Service usage

4. Purposes and Legal Basis of Processing

We process your personal data for the following purposes and on the indicated legal bases:

4.1 Performance of contract

Provide and maintain the Service
Manage your user account
Process your bookings and transactions
Provide customer support and respond to your requests
Send essential communications relating to the Service

4.2 Legitimate interest

Improve and optimize the Service
Analyze Service usage to develop new features
Detect, prevent and resolve technical and security issues
Protect our rights, property and the security of our users
Conduct statistical analyses and market research

4.3 Legal obligation

Comply with our accounting and tax obligations
Respond to requests from competent authorities
Prevent fraud and money laundering

4.4 Consent

Send you marketing communications (with the possibility to withdraw at any time)
Use non-essential cookies (according to your preferences)
Process sensitive data if you communicate it to us voluntarily

5. Sharing and Disclosure of Data

We never sell your personal data to third parties. We may share your data in the following cases:

5.1 Service providers

We use trusted third-party service providers to help us provide the Service:

Cloud hosting: to store your data securely
AI services: to provide artificial intelligence features
Payment processors: to process transactions securely
Analytics services: to understand Service usage
Communication tools: to send emails and notifications

These providers have access to your data only to the extent necessary to accomplish their tasks and are contractually required to protect it and not use it for other purposes.

5.2 Legal compliance

We may disclose your data if required by law or if we believe in good faith that such action is necessary to:

Comply with a legal obligation
Protect and defend our rights or property
Prevent or investigate possible wrongdoing
Protect the personal safety of users or the public

5.3 Business transactions

In the event of a merger, acquisition, asset sale or bankruptcy proceedings, your personal data could be transferred. We will inform you of any change of control of your personal data.

6. International Data Transfers

Your personal data may be transferred and processed in countries located outside the European Economic Area (EEA), particularly for cloud hosting and AI services.

When we transfer data outside the EEA, we ensure that an adequate level of protection is ensured by one of the following means:

Transfer to countries recognized by the European Commission as offering an adequate level of protection
Use of Standard Contractual Clauses approved by the European Commission
Transfer to companies certified under the EU-US Data Privacy Framework or equivalent
Obtaining your explicit consent to the transfer

You can obtain a copy of the safeguards put in place by contacting us.

7. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law.

Retention periods vary depending on the type of data:

Account data: retained for the duration of your use of the Service, then deleted within 30 days following termination of your account
Billing data: retained for 10 years in accordance with Belgian accounting obligations
Conversation data: retained according to your settings (default 12 months)
Support data: retained for 3 years after resolution of your request
Cookies: variable duration depending on type (see our cookie policy)

Upon expiration of retention periods, your data will be securely deleted or anonymized.

8. Data Security

We take the security of your data very seriously and implement appropriate technical and organizational measures to protect your personal data against:

Unauthorized or illegal access
Accidental loss, destruction or damage
Unauthorized use, modification or disclosure

These measures include in particular:

Encryption: encryption of data in transit (HTTPS/TLS) and at rest (AES-256)
Access control: strong authentication, access rights management, access logging
Monitoring: intrusion detection, regular security audits
Training: raising awareness among our teams about data protection
Backup: regular and secure backups of your data
Security testing: penetration testing and regular vulnerability analyses

Despite these measures, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security of your data.

9. Your Rights

In accordance with the GDPR, you have the following rights regarding your personal data:

9.1 Right of access

You have the right to obtain confirmation that your data is being processed and to access that data. You can request a copy of your personal data.

9.2 Right to rectification

You can request correction of inaccurate or incomplete data concerning you. You can also modify your information directly from your personal space.

9.3 Right to erasure ("right to be forgotten")

You can request deletion of your data in certain circumstances, in particular when:

The data is no longer necessary for the purposes for which it was collected
You withdraw your consent and there is no other legal basis for processing
You object to processing and there is no overriding legitimate ground
The data has been processed unlawfully

9.4 Right to restriction of processing

You can request restriction of processing of your data in certain cases, for example while we verify the accuracy of your data.

9.5 Right to data portability

You have the right to receive your data in a structured, commonly used and machine-readable format, and to transmit it to another data controller.

9.6 Right to object

You can object at any time to processing of your data for reasons relating to your particular situation, in particular in case of processing based on our legitimate interest. You can also object to processing for direct marketing purposes.

9.7 Right to withdraw your consent

When processing is based on your consent, you can withdraw it at any time. This withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

9.8 Right to lodge a complaint

You have the right to lodge a complaint with the competent supervisory authority:

Data Protection Authority (DPA) - Belgium
Rue de la Presse, 35
1000 Brussels, Belgium
Email: contact@apd-gba.be
Phone: +32 2 274 48 00
Website: www.autoriteprotectiondonnees.be

9.9 Exercising your rights

To exercise any of these rights, you can:

Contact us by email at privacy@youbookme.com
Access your personal space to modify your settings
Use our dedicated data protection contact form

We will respond to your request within one month. This period may be extended by two additional months if necessary, taking into account the complexity of the request. We will inform you of any extension.

10. Cookies and Similar Technologies

We use cookies and similar technologies to improve your experience, analyze Service usage and personalize content.

10.1 Types of cookies used

Strictly necessary cookies: essential for Service operation (authentication, security)
Performance cookies: collect information about Service usage (pages visited, errors encountered)
Functionality cookies: remember your preferences (language, display settings)
Advertising cookies: used to display relevant ads (with your consent)

10.2 Cookie management

You can manage your cookie preferences:

Via the consent banner displayed during your first visit
From your browser settings
By contacting us for any questions

Note that refusing certain cookies may limit your access to certain Service features.

11. Minors' Data

Our Service is not intended for persons under 18 years of age. We do not knowingly collect personal data from minors.

If you are a parent or legal guardian and discover that your child has provided us with personal data without your consent, please contact us immediately. We will take the necessary measures to delete this information from our servers.

12. Changes to the Privacy Policy

We may modify this Privacy Policy from time to time to reflect changes in our practices, the Service, legal requirements or for other operational reasons.

We will inform you of any significant changes by:

Email sent to the address associated with your account
Visible notification on the Service
Updating the "Last updated" date at the top of this page

Significant changes will take effect 30 days after notification. We encourage you to regularly review this Privacy Policy to stay informed about how we protect your data.

Your continued use of the Service after the changes take effect constitutes acceptance of the updated Privacy Policy.

13. Links to Third Party Sites

Our Service may contain links to third-party websites, applications or services (for example, WhatsApp, Telegram). We are not responsible for the privacy practices of these third parties.

We encourage you to read the privacy policies of each third-party site or service that you visit or use. This Privacy Policy applies only to information collected via our Service.

14. Databases and Register

In accordance with our obligations under the GDPR, we maintain a register of processing activities of personal data. This register is available to the Data Protection Authority (DPA) upon request.

Where applicable, we conduct Data Protection Impact Assessments (DPIA) for processing likely to result in a high risk to the rights and freedoms of individuals.

15. Contact

For any questions regarding this Privacy Policy or the processing of your personal data, you can contact us:

Email: privacy@youbookme.com
General email: contact@youbookme.com
Form: contact form

We strive to respond to all requests in the shortest possible time and, in any case, within the legal timeframes.