PreBookmtPreBookmt

Privacy Policy — PreBookmt

Last updated: 2026-05-02

This Privacy Policy explains how PreBookmt ("we", "us", "the App") collects, uses, and protects your personal information when you use our mobile application and services. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and the Maltese Data Protection Act.

1. Who we are

PreBookmt is operated from Malta. For privacy-related questions, contact us at support@prebookmt.com.

2. Information we collect

Information you provide

  • Account information — full name, email, password (stored hashed), phone number (optional)
  • Profile information — preferred language, profile photo (optional)
  • Business information (for business owners) — business name, address, hours, services, photos, payment details
  • Booking and order data — services booked, times, special requests, payment method
  • Messages — conversations between customers and businesses
  • Reviews — ratings and written feedback you post about businesses

Information collected automatically

  • Device information — device type, operating system, app version
  • Usage data — screens viewed, features used, time spent (via PostHog)
  • Crash reports and errors — anonymised diagnostic data (via Sentry)
  • Push notification tokens — Expo Push token for sending notifications
  • Location — only if you grant permission, for showing nearby businesses

Information from third parties

  • Stripe — for payment processing, we receive transaction confirmations and card last-4 digits (never full card numbers)

3. How we use your information

We use your data to:

  • Provide and improve the booking, ordering, and messaging features
  • Process subscription payments for business owners
  • Send transactional notifications (booking confirmations, reminders)
  • Send marketing communications (only if you opt in)
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

4. Legal basis for processing (GDPR)

We process your data under these legal bases:

  • Contract — to deliver the service you signed up for
  • Legitimate interest — to keep the platform secure, debug issues, and improve the product
  • Consent — for marketing emails and push notifications (you can withdraw at any time)
  • Legal obligation — for tax records, dispute resolution

5. Who we share your data with

We share data only with:

  • Supabase (database hosting, EU region) — stores your profile, bookings, messages
  • Stripe (payments, EU + global) — processes subscription billing
  • Expo Push Service (notifications) — delivers push notifications
  • PostHog (analytics, EU region) — anonymised product usage
  • Sentry (error monitoring, EU region) — crash reports
  • Resend (email delivery) — transactional emails

We do not sell your data to advertisers or third parties.

We may share data when required by law or to comply with valid legal requests.

6. Data retention

  • Account data — retained while your account is active. Deleted within 30 days of account deletion request.
  • Bookings & orders — retained for 7 years for tax and legal compliance, even after account deletion.
  • Anonymised analytics — retained indefinitely.
  • Messages — deleted with the account.

7. Your rights

Under GDPR, you have the right to:

  • Access your personal data — request a copy from support@prebookmt.com
  • Correct inaccurate data — update in the app or email us
  • Delete your account — use the in-app "Delete account" option in your profile
  • Restrict processing
  • Port your data to another service
  • Object to processing for marketing purposes
  • Withdraw consent at any time
  • Lodge a complaint with the Maltese Information and Data Protection Commissioner (idpc.org.mt)

8. International transfers

Some of our service providers (e.g. Stripe, Sentry) may process data outside the EU. We ensure appropriate safeguards are in place — Standard Contractual Clauses or equivalent.

9. Security

We use industry-standard security:

  • Encryption in transit (HTTPS) and at rest
  • Row-level security on our database
  • Encrypted password storage (bcrypt)
  • Limited employee access on a need-to-know basis

No system is 100% secure — please use a strong password and enable two-factor authentication.

10. Children's privacy

PreBookmt is not intended for users under 16. We do not knowingly collect data from children. If you believe a child has registered, contact us and we will delete the account.

11. Cookies and similar technologies

The mobile app does not use cookies. Our website (prebookmt.com) uses essential cookies only.

12. Changes to this policy

We may update this policy. Significant changes will be notified via email and in-app banner.

13. Contact

Email: support@prebookmt.com Subject line: Privacy Request

For data protection complaints, you can also contact: Information and Data Protection Commissioner Level 2, Airways House, Triq Il-Kbira HMR 1100, Floriana, Malta idpc.org.mt

This is a starter draft. Have a Maltese-licensed lawyer review before launch — Malta has additional requirements around consumer-facing apps and electronic commerce that may need specific clauses.