Bizzly
HomeFeaturesHow It WorksLaunch Packs
Industries
PricingHelp
Privacy & Data Protection

Privacy Policy

This policy explains how Bizzly Ltd collects, uses, and protects your personal data. Last updated: 28 April 2026.

1Who We Are

We are Bizzly Ltd ("we," "us," or "our"), a technology service provider registered in the United Kingdom. We operate the Bizzly platform at www.bizzly.net.
We are the data controller of the personal information we collect about you under UK GDPR and EU GDPR. We are also a data processor when we handle personal data on behalf of businesses ("tenants") that use the Bizzly platform to serve their customers.

2What Data We Collect

2.1 Account & Contact Information

  • Name, email address, and phone number
  • Business name and subdomain chosen during sign-up
  • Profile information you provide in your account settings

2.2 Booking & Service Data

  • Services you book or subscribe to, including dates, times, and session details
  • Booking history, cancellations, and attendance records
  • Subscription plan and quota usage

2.3 Payment Information

Payment processing is handled entirely by Stripe. We do not store your full card number, CVV, or bank details. We retain only a Stripe customer reference ID and subscription metadata necessary to manage your account.

2.4 Google Calendar Data

When a business owner connects their Google Account, we request the following OAuth scope:
https://www.googleapis.com/auth/calendar
This scope is required because Bizzly creates and manages dedicated Google Calendars on behalf of the business — not only writes events to existing ones. It grants the ability to create, read, update, and delete calendars and their events.

Data Access

We only access Google Calendar data that is directly created or managed by Bizzly on the business owner's behalf. We do not read, retrieve, or display any pre-existing calendar events, personal appointments, or calendar contents that were not created by our system.

Data Usage

Access granted by the above scope is strictly used to:
  • Create dedicated Google Calendars to be used by the business
  • Write booking events to those calendars when customers make reservations, including customer name and session details in the event description
  • Update calendar events when bookings are modified (e.g. time changes, capacity updates)
  • Delete calendar events when all bookings for a slot are cancelled
  • Rename calendars when the business owner updates service settings in Bizzly
  • Register webhook push notifications with Google Calendar to receive real-time updates when events are changed directly in Google Calendar, keeping both systems in sync

Data Storage & Protection

OAuth access tokens and refresh tokens are encrypted at rest using industry-standard encryption before being stored in our database. Access to these tokens is restricted to authorised system components only and is never exposed to end users or third parties.

User Control & Revocation

Business owners can disconnect their Google Calendar integration at any time from the Integrations panel within Bizzly. When access is revoked:
  • All associated OAuth tokens are permanently deleted from our database immediately
  • No Google Calendar data is retained after disconnection
  • Calendar-dependent features (View Calendar, Booking Management) are disabled until reconnected
  • The public booking page will not show available slots until the integration is restored
Access can also be revoked directly from Google Account settings at myaccount.google.com/permissions.

Data Sharing

We do not sell, share, transfer, or disclose Google Calendar data or OAuth tokens to any third party under any circumstances, except as strictly required to operate the Google Calendar API connection itself.

2.5 CRM Data (HubSpot)

When a business owner connects HubSpot, we create or update HubSpot contacts and deal records when customers make bookings. We store an encrypted HubSpot OAuth token to maintain this connection. Contact data synced to HubSpot is subject to HubSpot's own privacy policy.

2.6 Communications Data

  • WhatsApp messages sent to or received from the Bizzly AI booking assistant (processed via Twilio)
  • Automated email notifications relating to bookings, account activity, and service updates
  • Messages and feedback you send us directly via our contact or support forms

2.7 Technical & Analytics Data

  • IP address, browser type, device type, and operating system
  • Pages visited, session duration, and referral source (via Google Analytics, where enabled)
  • Cookies and similar tracking technologies (see Section 9)

3How We Use Your Data

  • To create and manage your Bizzly account
  • To provide booking, scheduling, and subscription management services
  • To synchronise booking events with Google Calendar on behalf of business owners
  • To process payments and manage subscription billing via Stripe
  • To send booking confirmations, reminders, and account notifications
  • To sync customer contact data with HubSpot CRM when the integration is enabled
  • To deliver WhatsApp AI booking assistance via Twilio when enabled
  • To respond to support enquiries and resolve issues
  • To improve the platform through aggregated, anonymised analytics
  • To comply with our legal and regulatory obligations

4Legal Basis for Processing

  • Contractual necessity — to provide the services you signed up for, including account management, booking processing, and payment handling.
  • Legitimate interests — to maintain platform security, improve our services, and communicate important account or service updates.
  • Consent — for optional integrations (Google Calendar, HubSpot), marketing communications, and cookies. You can withdraw consent at any time.
  • Legal obligation — where we are required to process or retain data by applicable law.

5Third-Party Services & Data Sharing

We do not sell your personal data. We share data only with the following categories of third parties, and only to the extent necessary to provide our services:
  • Stripe — payment processing and subscription billing. Stripe Privacy Policy
  • Google — Google Calendar API (for booking sync) and Google Analytics (for platform analytics, where enabled). Google Privacy Policy
  • HubSpot — CRM and contact management, when the HubSpot integration is enabled by a business owner. HubSpot Privacy Policy
  • Twilio / WhatsApp — delivery of WhatsApp AI booking messages when the WhatsApp feature is enabled. Twilio Privacy Policy
  • Microsoft Azure — authentication services (Azure Active Directory B2C) and cloud hosting infrastructure.
  • Supabase — database hosting and storage of platform data, operated within the EU.
  • Professional advisors — accountants, insurers, and legal advisors bound by confidentiality obligations.
  • Authorities — law enforcement or regulatory bodies where we are legally required to disclose information.
All third-party processors are required to handle your data securely and only in accordance with our instructions or their own applicable legal obligations.

6International Data Transfers

Some of our third-party service providers may process data outside the UK or EU (for example, Stripe and Twilio operate US-based infrastructure). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the UK ICO or the European Commission, or equivalent transfer mechanisms.

7Data Retention

We retain personal data only for as long as necessary to fulfil the purposes set out in this policy:
  • Account data is retained for the duration of your subscription and deleted within 90 days of account closure, unless a longer retention period is required by law.
  • Booking and transaction records are retained for up to 7 years to comply with UK financial record-keeping requirements.
  • Google Calendar OAuth tokens are deleted immediately upon disconnecting the Google Calendar integration.
  • HubSpot OAuth tokens are deleted immediately upon disconnecting the HubSpot integration.
  • WhatsApp message logs are retained for a maximum of 90 days.
  • Analytics data is retained in aggregated, anonymised form indefinitely.

8Your Rights

Under UK GDPR and EU GDPR, you have the following rights regarding your personal data:
  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of your data ("right to be forgotten"), subject to legal retention requirements.
  • Restriction — request that we restrict processing of your data in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — withdraw any consent you have previously given at any time, including revoking Google Calendar or HubSpot access.
  • Lodge a complaint — you have the right to complain to the UK Information Commissioner's Office (ICO) or your local data protection authority if you believe we have not handled your data lawfully.
To exercise any of these rights, contact us using the button below.

9Cookies

We use cookies and similar technologies to operate and improve the Bizzly platform:
  • Essential cookies — required for authentication, session management, and core platform functionality. These cannot be disabled.
  • Analytics cookies — used to understand how visitors use our platform (via Google Analytics). These are only set where you have given consent.
  • Preference cookies — used to remember your settings and personalise your experience.
You can manage or disable non-essential cookies in your browser settings at any time. Note that disabling essential cookies may prevent core platform features from functioning correctly.

10Security

We implement industry-standard security measures to protect your data, including encryption at rest and in transit (TLS), encrypted storage of all OAuth tokens, access controls limiting data access to authorised personnel, and regular security reviews. However, no system is completely secure and we cannot guarantee absolute security of data transmitted over the internet.

11Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or in-platform notification. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.

12Contact Us

If you have questions or concerns about this Privacy Policy, or to exercise your data rights, please get in touch:
Bizzly Ltd
Data Controller — United Kingdom
Contact Us About Your Data
Bizzly Privacy Policy — Protecting Your Personal Data