Privacy Policy
Last updated: June 2, 2026 · Effective date: June 2, 2026
1. Introduction
This Privacy Policy explains how iBooker.online (“we”, “us”, “our”), operated by Antreprenor Independent · IAROSLAV IASINSKI (IDNO: 1026023037338), accessible at ibooker.online, collects, uses, and protects information when you use our Service. By using iBooker.online, you agree to the practices described in this Policy.
2. Who We Are
iBooker.online is an independent conversion tracking tool for Square Appointments. We are not affiliated with Square, Block, Inc., Google, Meta, or Polar. We act as a data processor on your behalf — we relay booking event signals to the analytics platforms you configure.
Data Controller:
Antreprenor Independent · IAROSLAV IASINSKI
IDNO: 1026023037338
📧 team@ibooker.online
🌐 ibooker.online
3. What Data We Collect
3.1 Account Data
When you register, we collect:
- Your email address
- Your name (if provided)
- Your subscription plan and billing status (managed by Polar)
3.2 Integration Configuration Data
When you connect your Square account and configure tracking, we store:
- Your Square OAuth access token (encrypted)
- Your GA4 Measurement ID and/or Meta Pixel ID
- Your project settings (location preferences, configured events)
We do not store your Square password. Ever.
3.3 Event Relay Data (Transient)
When a booking event occurs, we briefly process the following data in memory to relay it to your configured analytics platform:
- Event type (e.g. purchase, begin_checkout)
- Service name and price
- Location name
- Staff name
- Booking ID
- Currency and duration
This data is not written to any persistent database. It passes through our system and is sent immediately to Google or Meta on your behalf.
3.4 Technical and Usage Data
We may automatically collect:
- IP address
- Browser type and version
- Pages visited within the Service
- Date and time of access
- Referrer URL
This data is used solely for security, debugging, and service improvement.
4. What Data We Do NOT Collect
We want to be explicit about what we never collect or store:
- Your customers' personal data (names, emails, phone numbers)
- Your customers' payment card information
- Full appointment history or booking records
- Your Square account password or secret keys
- Any data beyond what is listed in Section 3
Your customers' data lives exclusively within Square's platform, governed by Square's own Privacy Policy.
5. How We Use Your Data
We use the data we collect to:
- Provide and operate the Service
- Authenticate your Square account via OAuth
- Relay conversion events to your configured analytics platforms
- Send you transactional emails (account confirmation, subscription receipts, service notices)
- Respond to your support requests
- Detect and prevent fraud, abuse, or security incidents
- Comply with legal obligations
We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.
6. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:
- Contract performance — to provide the Service you signed up for
- Legitimate interests — to maintain security, prevent abuse, and improve the Service
- Legal obligation — to comply with applicable laws
- Consent — where you have explicitly provided it (e.g. marketing communications)
7. Data Sharing and Third Parties
We share data only in the following limited circumstances:
- Square (Block, Inc.) — We connect to Square via their official OAuth API to retrieve booking events. Square's Privacy Policy governs all data within their platform.
- Google — If you configure GA4 or Google Ads, booking event data is sent to Google's servers under your Google account. Google's Privacy Policy applies.
- Meta (Facebook) — If you configure Meta Conversion API, booking event data is sent to Meta under your Meta account. Meta's Privacy Policy applies.
- Polar — Payment processing is handled entirely by Polar, our Merchant of Record. We never see your card or bank details. Polar's Privacy Policy applies.
- Service providers — We may use infrastructure providers (hosting, email) who process data solely on our behalf under data processing agreements.
We do not sell your data to anyone.
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion + 30 days |
| OAuth tokens | Until you revoke access or delete account |
| Configuration settings | Until account deletion |
| Technical/usage logs | 90 days |
| Transient event relay data | Not stored — processed in memory only |
After account deletion, all your data is permanently removed within 30 days.
9. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption of OAuth tokens at rest
- HTTPS/TLS encryption for all data in transit
- Access controls limiting who can access production systems
- Regular security reviews
However, no system is 100% secure. We cannot guarantee absolute security and are not liable for unauthorized access resulting from circumstances beyond our reasonable control.
10. Your Rights (GDPR / EEA Users)
If you are located in the EEA or UK, you have the following rights:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your personal data (“right to be forgotten”)
- Restriction — request that we limit processing of your data
- Portability — request your data in a machine-readable format
- Objection — object to processing based on legitimate interests
- Withdraw consent — where processing is based on consent, withdraw it at any time
To exercise any of these rights, contact us at team@ibooker.online. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
11. Cookies
We use a minimal number of cookies necessary to operate the Service:
- Session cookies — to keep you logged in
- Security cookies — to prevent CSRF attacks
We do not use advertising cookies, tracking pixels on our own site, or third-party behavioral tracking cookies. You can disable cookies in your browser settings, but this may affect the functionality of the Service.
12. Children's Privacy
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at team@ibooker.online and we will delete it promptly.
13. International Data Transfers
Your data may be processed on servers located outside your country of residence. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place in accordance with GDPR requirements (e.g. Standard Contractual Clauses).
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 14 days before they take effect. The latest version is always available at ibooker.online/privacy. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.
15. Contact
For any privacy-related questions, requests, or complaints:
iBooker.online
Antreprenor Independent · IAROSLAV IASINSKI
IDNO: 1026023037338
📧 team@ibooker.online
🌐 ibooker.online
This Privacy Policy was last updated on June 2, 2026.