The data controller is Mando Systems Ltd (Company No. 17168657), trading as Bookora, registered in England and Wales. We comply with the UK GDPR (Retained Regulation (EU) 2016/679) and the Data Protection Act 2018. Privacy enquiries: privacy@bookora.co.uk.
| Category | Examples |
|---|---|
| Identity | First name, last name, title, date of birth (optional, for birthday vouchers and flight bookings) |
| Contact | Email, phone number, postal address (for receipts and ID-verification only) |
| Account credentials | Hashed password (bcrypt), Apple ID identifier, Google ID identifier, 2FA phone, last login timestamp |
| Profile | Avatar image (if uploaded), preferences, language, theme |
| Travel documents | Passport number, expiry, issuing country, nationality — only when making flight bookings |
| Payment | Last 4 digits of card, card brand, Stripe payment-method ID, billing address. Never full card numbers. |
| Booking data | Booking references, dates, locations, prices paid, cancellation history, reviews |
| Loyalty | XP balance, voucher codes earned, referral relationships |
| Device & technical | IP address, user agent, OS version, app version, device model |
| Push device tokens | APNs tokens, FCM tokens (only if you grant push permission) |
| Geolocation | Approximate location (city-level) only when you actively use “Nearby” |
| Communications | Support tickets, chat messages, emails sent to/from us |
| Purpose | Lawful basis (UK GDPR Art. 6) |
|---|---|
| Creating your account & processing bookings | Performance of a contract (Art. 6(1)(b)) |
| Sending booking confirmations & service emails | Performance of a contract (Art. 6(1)(b)) |
| Customer-support communications | Performance of a contract / legitimate interests |
| Fraud prevention, security, abuse detection | Legitimate interests (Art. 6(1)(f)) and legal obligation |
| Anti-money-laundering checks | Legal obligation (Art. 6(1)(c)) |
| Marketing emails & push (other than transactional) | Consent (Art. 6(1)(a)) — opt-in only, withdrawable any time |
| Analytics & product improvement | Legitimate interests, with anonymisation where possible |
| Storing financial records | Legal obligation (HMRC; 6 years) |
When you sign in with Apple, we receive: stable identifier, and on first sign-in only, your name and email. If you choose “Hide my email”, we receive a privaterelay forwarding address only.
When you sign in with Google, we receive: name, email, profile picture URL, stable Google identifier.
We store these credentials and use them only to identify you on subsequent logins. Apple and Google’s privacy policies govern any data they collect on their side.
Apple Wallet: we generate a signed .pkpass file containing your booking reference, route or address, name and a QR code. Apple does not see this content unless you choose to add the pass to your device. The pass-update protocol may transmit subsequent changes (gate change, delay) to Apple’s push relay, which forwards them to your device. We use a Pass Type ID registered under Apple’s Developer Program.
Google Wallet: when you save a pass to Google Wallet, the pass details (name, route/address, QR) are transmitted to Google to be stored in your Wallet account. Google’s privacy policy applies.
You can remove a pass at any time from the respective Wallet app.
When you pay with Apple Pay or Google Pay, the underlying card transaction is still processed by Stripe. Apple/Google return only a tokenised payment method to Stripe. Bookora never sees your real card number, only the last 4 digits and brand for display purposes.
We use Stripe Payments UK Ltd (registered with the FCA) for all payments. Stripe is PCI-DSS Level 1 certified.
To fulfil your bookings, we share necessary data with the airlines, hotels, transfer operators, activity operators and connectivity carriers that actually deliver the service:
| Booking type | Data shared with the operator |
|---|---|
| Flights | Passenger name, date of birth, gender, passport details, contact details, payment authorisation, special-assistance requests where given |
| Hotels | Lead-guest name, email, phone, check-in/out dates, room preferences, special requests |
| Activities | Lead-guest name, email, phone, party size, special requests, age confirmations where required |
| Transfers | Lead-passenger name, contact phone, flight number, pickup/dropoff addresses, party size and luggage count |
| eSIMs | Customer email and country selection only — the connectivity carrier needs this to provision the eSIM and email install codes |
Each operator processes the data under their own privacy policy and applicable consumer law (UK / EU GDPR or equivalent in their jurisdiction). We share only what is necessary for fulfilment. We do not share your password, payment-method tokens, or unrelated bookings.
If you grant push permission, we store your device token (APNs for iOS, FCM for Android) along with platform, app version, and OS version. We send pushes via Apple/Google’s relay services; the message body itself transits their infrastructure but is not stored long-term by them.
You can manage categories or revoke push permission at any time via iOS/Android settings.
If you use our optional passport-OCR feature:
We request approximate location only when you actively use the “Nearby” feature. Coordinates are sent to our backend, used for the radius search, and not stored. We do not track your location in the background.
If you upload an avatar or photos to a support ticket, those files are stored in our private storage and are accessible only to authenticated users associated with the relevant account/ticket. Avatars are publicly readable via signed URLs because they appear in business chat threads after you book.
We send marketing emails only with explicit opt-in (unticked at signup; you can opt-in later in account settings). Every marketing email contains an unsubscribe link.
For analytics we use aggregate, anonymised data wherever possible. We do not currently use Meta Pixel, Google Analytics, or any third-party tracker that personally identifies you.
Bookora maintains a mail server that catches all @bookora.co.uk addresses. Emails sent to any address are forwarded to a secure inbox and triaged by Bookora staff. Replies come from the appropriate functional email so customers never see personal addresses.
The “X people viewing this now” counter on business profile pages tracks aggregate, anonymous viewer counts for the last 5 minutes — no individual profile is identified to other users.
The “Recent bookings” rotator at the top of pages displays first names and city names of recent bookings for social proof. This data is anonymised before display.
Where we transfer data outside the UK (e.g. to airlines headquartered abroad, hotels worldwide, connectivity carriers in Europe), we rely on:
| Data | Retention |
|---|---|
| Account profile (active accounts) | For the lifetime of the account |
| Account profile (deactivated) | 30 days, then anonymised (replaced with hash) |
| Booking records (financial) | 6 years from booking date (HMRC requirement) |
| Payment records | 6 years from payment date |
| Server logs (incl. IPs) | 30 days, then deleted |
| Support tickets | 3 years after last activity |
| Marketing opt-in records | Until you withdraw + 1 year audit period |
| Passport-OCR images | 24 hours; the extracted text is retained as part of the booking |
| Push device tokens | Until you log out or revoke permission |
| Avatar images | Until you remove or delete account |
We will notify affected users and the ICO within 72 hours of any breach affecting personal data, as required by UK GDPR Art. 33.
To exercise any right, email privacy@bookora.co.uk. We respond within 30 days.
Bookora is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided data, contact us and we will delete it.
Detailed in our separate Cookies Policy. We use essential cookies (session, CSRF, theme), and you can opt out of analytics via the cookie banner.
Bookora pages may link to third-party sites (airlines for online check-in, hotels, partner help centres). Our Privacy Policy does not cover those sites; check theirs.
Material changes will be notified by email and an in-app banner at least 14 days before taking effect.
Mando Systems Ltd, trading as Bookora
Company No. 17168657 — England & Wales
Privacy & data requests: privacy@bookora.co.uk
If you are not satisfied with our response, you may complain to the UK’s Information Commissioner’s Office:
Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Web: ico.org.uk/make-a-complaint