Privacy Notice
Last updated: March 16, 20261. Introduction
This Privacy & Cookie Notice explains how YouCanBookMe (“YCBM”, “we”, “us”, or “our”) collects, uses, stores, and protects personal data.
YouCanBookMe is provided by:
AI Software (Capacity) UK Ltd
Trading as YouCanBookMe
Registered in England and Wales with company number 7221202
Registered Office: Bedford Heights, Brickhill Drive, Bedford, United Kingdom, MK41 7PH
We operate globally and are committed to protecting personal data in accordance with applicable data protection laws.
If you have questions about this Notice, please contact:
Privacy Team: compliance@youcanbook.me
At a Glance
- We act as a data processor for booking data collected through customer booking pages.
- We act as a data controller for account, website, marketing, and support data.
- Our infrastructure is hosted in the United States (AWS).
- Analytics and advertising technologies are disabled by default and activated only after your consent.
- We do not store payment card numbers.
- We do not sell personal data for monetary consideration.
2. Our Role: Controller and Processor
When We Act as a Data Processor
When booking data is submitted through a YCBM booking page:
- The booking organiser (our customer) is the data controller.
- The organiser determines what information is collected.
- We process personal data solely on their instructions.
- We do not determine how booking data is used outside providing the service.
If you have questions about data entered into a booking form, please contact the booking organiser directly.
When We Act as a Data Controller
We act as a data controller for:
- Account registration and administration
- Subscription and billing management
- Website usage and analytics
- Marketing communications
- Customer support interactions
- Security monitoring and fraud prevention
3. Personal Data We Collect
Information You Provide
- Name
- Email address
- Account credentials
- Company information
- Support communications
Booking Data (Processor Role)
Booking Data (also referred to as ‘Customer Personal Data’ in our Data Processing Addendum). Booking organisers configure what personal data is collected. This may include:
- Name
- Appointment details
- Custom booking form fields
We do not intentionally require special category data.
Information Collected Automatically
When you visit our website, we may collect:
- IP address
- Device identifiers
- Browser type and version
- Operating system
- Pages viewed
- Interaction timestamps
- Referring URLs
This data is collected using cookies and similar technologies (see Section 11).
4. How We Use Personal Data
We use personal data for the following purposes and lawful bases:
|
Purpose |
Lawful Basis |
|
Provide the scheduling service |
Performance of contract |
|
Administer your account |
Performance of contract |
|
Sending booking confirmations and reminders, including via email or SMS where enabled. |
Performance of contract |
|
Customer support |
Legitimate interests |
|
Improve product performance |
Legitimate interests |
|
Security and fraud detection |
Legitimate interests |
|
Marketing communications |
Consent |
|
Compliance with legal obligations |
Legal obligation |
We do not sell personal data for monetary consideration.
5. Advertising and Marketing Technologies
We use third-party advertising and marketing partners, including:
- Google Ads
- LinkedIn Ads
- Microsoft (Bing) Ads
- Meta (Facebook) Ads
- HubSpot advertising tools
These technologies may use cookies or similar tools to:
- Measure marketing campaign performance
- Deliver relevant advertising
- Enable remarketing
We operate a global opt-in cookie framework. Advertising and analytics technologies are activated only after your consent.
Under certain US state privacy laws, sharing identifiers for cross-context behavioural advertising may be considered “sharing.” Where applicable, you may opt out via our cookie settings or by contacting us.
6. Artificial Intelligence
YouCanBookMe does not use automated decision-making within its booking platform that produces legal or similarly significant effects.
We may use AI-assisted tools within our customer support systems to assist support agents in responding to enquiries. These tools:
- Do not make automated decisions
- Do not train external AI models using booking data
7. Payment Processing
We do not store or process payment card numbers within the YouCanBookMe platform.
Payments are processed by PCI DSS-compliant third-party providers such as Stripe.
Customers must not collect payment card information within booking forms.
8. International Data Transfers
Our infrastructure is hosted in the United States via Amazon Web Services (AWS).
Personal data transferred from the UK, EU, or EEA to the United States is protected using:
- EU Standard Contractual Clauses (SCCs)
- The UK International Data Transfer Addendum
- Supplementary safeguards and transfer risk assessments
9. Data Sharing
We share personal data with trusted service providers that support our operations, including:
- Amazon Web Services (hosting)
- Stripe (payments)
- Google Analytics
- Mixpanel
- Hotjar
- HubSpot
- G2
- Ahrefs
- Advertising partners listed above
All providers are contractually required to protect personal data and use it only for authorised purposes.
10. Data Retention
Booking Data
Booking data is retained for a default period of 24 months unless modified by the account holder.
If an account is permanently deleted (not merely closed), associated booking data is deleted immediately, subject to backup processes.
Account Data
Retained for the duration of the account and any applicable legal obligations.
Support Communications
Retained for up to 7 years unless deletion is requested or legally required.
11. Cookies and Tracking Technologies
We use cookies and similar technologies to operate our website, analyse performance, and support marketing.
Non-essential cookies are disabled by default and activated only after your consent.
Strictly Necessary
- Required for core functionality (authentication, security, payments, cookie preferences).
|
Cookie |
Provider |
Duration |
Purpose |
|
Authentication tokens |
YouCanBookMe |
Session |
Secure login and session management |
|
Load balancing cookies (e.g. INGRESSCOOKIE) |
YouCanBookMe |
Session |
Traffic routing and infrastructure stability |
|
Security cookies |
YouCanBookMe / Cloud provider |
Session |
Protect against fraud and abuse |
|
__hs_opt_out |
HubSpot |
6 months |
Stores cookie preferences |
|
Stripe session cookies |
Stripe |
Session |
Payment processing |
Performance & Analytics
- Used to understand how visitors use our website and improve services.
|
Provider |
Cookies |
Purpose |
Retention |
|
Google Analytics |
_ga, _gid, _gat |
Usage analytics |
1 day–2 years |
|
HubSpot |
__hstc, __hssc, etc. |
Visitor tracking |
Up to 13 months |
|
Hotjar |
_hjSession* |
Session analytics |
30 mins – 1 year |
Functional
- Enable enhanced features such as support chat and preference storage.
|
Cookie |
Provider |
Duration |
Purpose |
|
_BEAMER_* |
Capacity Helpdesk |
Up to 1 year |
In-app announcements and messaging |
|
Helpdesk session tokens |
Capacity |
Session |
Support functionality |
|
jane_webui_token |
Capacity |
Up to 1 year |
Support authentication |
|
YouTube cookies |
YouTube |
Varies |
Embedded video playback |
Advertising & Targeting
- Used to measure marketing performance and deliver relevant advertisements.
|
Provider |
Cookies |
Purpose |
Retention |
|
Google Ads |
_gcl_au |
Conversion tracking |
3 months |
|
DoubleClick |
IDE |
Advertising personalisation |
1 year |
|
Meta (Facebook) |
_fbp |
Advertising & remarketing |
3 months |
|
|
li_gc, lidc, bcookie |
Advertising & analytics |
Up to 2 years |
|
Microsoft Ads |
_uetvid, MUID |
Conversion tracking |
13 months |
All non-essential cookies require your consent before activation.
You may update your preferences at any time via our cookie settings.
The above list represents the primary cookies used within our website and application. Infrastructure-level and session-based security cookies may also be used to ensure the secure and reliable operation of our services.
12. Your Privacy Rights (Global)
Depending on your location, you may have rights to:
- Access your personal data
- Correct inaccurate data
- Request deletion
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent
- Lodge a complaint with a supervisory authority
To exercise your rights, contact:
compliance@youcanbook.me
We may verify your identity before responding.
13. Children’s Data
Our services are not directed at children under 16.
If we become aware of unlawful collection of children’s data, we will delete it.
14. Security
We implement appropriate technical and organisational safeguards including:
- Encryption in transit and at rest
- Access controls
- Monitoring and logging
- ISO/IEC 27001:2022 certification
15. Data Processing Addendum (DPA)
Where YouCanBookMe acts as a data processor, our Data Processing Addendum forms part of our customer agreement and sets out our obligations under applicable data protection laws.
Customers may request a signed copy of the DPA for their records or compliance purposes.
You can access our current DPA here: https://app.hellosign.com/s/5J4cPLm9
16. Changes to This Notice
We may update this Notice periodically. The updated version will be published with a revised “Last updated” date.
17. Contact
Privacy Contact: compliance@youcanbook.me
You may lodge a complaint with the UK Information Commissioner’s Office or your local supervisory authority.