Bukza
Privacy

Privacy Policy

Last Updated: 12 July 2025

This Privacy Policy ("Policy") describes how Bukza Pte. Ltd. ("Bukza", "we", "us", or "our"), a company registered in Singapore (UEN: 202441730M), located at 68 Circular Road #02-01, Singapore 049422, collects, uses, discloses, and protects your personal data when you use our Software-as-a-Service (SaaS) platform and related services (the "Service").

For privacy-related inquiries, contact us at: support@bukza.com.

This Policy applies to:

  • Business users (businesses, their employees or representatives, who register with and manage bookings through Bukza)
  • End users (clients of business users, who make bookings via Bukza-powered widgets)
  • Visitors (who access our website or documentation)

By using Bukza, you consent to the practices described in this Policy.

1. Personal Data We Collect

1.1. Business Users

  • Name
  • Email address
  • Company name
  • Time zone, culture/localization settings
  • IP address
  • Browser/device metadata
  • (Optional) Messaging app IDs (e.g., LINE, Telegram)
  • (Optional) Google Calendar integration, allowing you to synchronize bookings between Bukza and your Google Calendar account. Bukza may access events from specified calendars to block unavailable time slots. You may also choose to send booking details, including personal contact information of end users, into your connected Google Calendar as event details.
  • (Optional) Custom outbound web requests configured by the Business User. These requests may include booking or order-related data as defined by the Business User.
  • (Optional) Integration with custom payment systems via Payments API, including webhook URL provided by the Business User.
  • (Optional) Transaction metadata submitted via Payments API (e.g., payment status, reference ID, or custom fields sent by the Business User's server)
  • Account activity logs
  • Messages or inquiries sent to Bukza (e.g., via support@bukza.com or messaging apps)

1.2. End Users

  • First name and Last name, Email address, Phone number (provided via booking forms)
  • (Optional) Messaging app IDs (e.g., LINE, Telegram)
  • IP address
  • Custom fields configured by the business user
  • Order or reservation details (e.g., time, resource, booking codes)

Note: Bukza prohibits the collection of special categories of personal data such as health, religion, or government identifiers via custom fields. These may include data types restricted under GDPR, PDPA, APPI, or similar privacy laws. Business Users are responsible for ensuring compliance with applicable data protection regulations.

1.3. Visitors

  • IP address and browser metadata
  • Messages or inquiries sent to Bukza (e.g., via support@bukza.com or messaging apps)

1.4. Technical Data

  • Authentication tokens stored via browser localStorage (no cookies used)

Note: Business users may embed their own scripts within booking flows. Bukza is not responsible for any third-party data processing initiated by such scripts.

2. How We Use Your Data

We use your personal data for the following purposes:

  • Registering and managing business accounts
  • Providing booking management services
  • Delivering, confirming, or managing bookings
  • Communicating with you regarding the Service
  • Processing payments for our own services (via Paddle).
  • Assisting Business Users with payment processing via their configured Stripe or PayPal accounts, where applicable.
  • Facilitating payment flows via the Payments API, including exchanging transaction metadata between your server and our platform, as configured by you.
  • Sending data to third-party endpoints as configured by Business Users through web request templates. Bukza does not control the content or destination of such data.
  • Providing customer support
  • Improving our Service (excluding behavioral profiling)
  • Security, fraud prevention, and logging
  • Compliance with legal obligations

3. Legal Bases for Processing

We process personal data under the following legal bases, depending on your jurisdiction:

  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate interests (e.g., fraud prevention, service security)
  • Consent: when enabling optional features that require user authorization, such as sending notifications via LINE or Telegram, connecting to Google Calendar, or verifying email addresses.

We act as a data controller for business user accounts and as a data processor for end user data collected via our platform.

Regional Disclosures

  • GDPR (EU/EEA/UK): See Section 7
  • PDPA (Singapore, Thailand): See Section 7
  • APPI (Japan): See Section 7
  • Personal Data Protection Act (Taiwan): See Section 7

4. Data Retention

  • Business user data: stored while account is active; some data may be retained for up to 6 months after account closure for legal, billing, or backup reasons.
  • End user booking data: stored based on business user configuration, or automatically deleted after 6 months of inactivity.
  • Database backups: encrypted and securely stored for 30 days.
  • Outbound emails and web requests sent from our system (e.g., order notifications, web request calls): stored securely for 30 days for troubleshooting, auditing, and delivery confirmation.

To request the deletion of your personal data, please contact us at support@bukza.com. If you are an end user (i.e., you made a reservation via a Bukza-powered widget), we may refer your request to the relevant business user who manages your data.

5. Data Sharing and International Transfers

We do not sell personal data. We may share data with:

  • The business managing your booking (for end users)
  • Business User payment servers (if using Payments API): Bukza may transmit and receive data to/from the server specified by the Business User, including booking and transaction details.
  • Authorized subprocessors necessary to deliver the Service, as listed at https://bukza.com/subprocessors
  • Regulators, courts, or law enforcement, if required by law

We may transfer personal data to countries outside of your jurisdiction as necessary to operate and provide the Service. For such transfers:

  • For the EEA/UK: we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and UK authorities.
  • For other regions: we apply appropriate safeguards, such as contractual obligations with subprocessors, encryption of data in transit and at rest, strict access controls, and audit procedures.

6. End User & Minor Privacy

  • Business users must be 18 years or older
  • End users must be 16+ or have guardian consent, if required by law
  • If we become aware of data from minors collected without consent, we will delete it

7. Your Data Protection Rights

Depending on your location, you may have rights to:

  • Access, correct, or delete your personal data
  • Restrict or object to processing
  • Withdraw consent
  • Receive a copy of your data (portability)
  • Business Users may also initiate account deletion by clicking the "Delete Account" button within the application interface. This action sends an automated request to our system to begin data removal.

To exercise your rights, email: support@bukza.com. We may verify your identity. If you're an end user, we may refer your request to the relevant business.

GDPR (EU/EEA/UK)

  • Bukza is a controller for business account data, processor for end user data
  • SCCs are used for international transfers
  • You may contact your local data protection authority

PDPA (Singapore, Thailand), PDP Act (Taiwan)

  • You may access or correct your data, or withdraw consent

APPI (Japan)

  • You may request notification, disclosure, correction, suspension, or deletion of your personal data

8. Security Measures

We implement the following safeguards:

  • Encrypted connections (HTTPS, VPN)
  • Access control, audit logging
  • IP-based restrictions on internal services
  • Encrypted backups with restricted access

No system is 100% secure. If you suspect a breach, contact us immediately.

9. Subprocessors and Integrations

See our current list of subprocessors at https://bukza.com/subprocessors.

No analytics or tracking pixels are used by Bukza. Business users may insert their own code via iframe widgets. Bukza is not responsible for third-party scripts embedded by business users.

Stripe and PayPal are not used by Bukza to process payments on behalf of itself, but may be integrated by Business Users. In such cases, Bukza accesses the necessary credentials provided by the Business User solely for facilitating the payment process on their behalf.

If a Business User integrates a custom payment system via Payments API, Bukza transmits booking-related information to the designated server and receives webhook responses containing transaction status or related metadata. Business Users are solely responsible for securing and operating such external systems.

Business Users may configure outbound web requests (e.g., webhooks) to send booking data to third-party systems. Bukza executes these requests on behalf of the Business User and does not access or store the external responses. Business Users are responsible for ensuring such transmissions comply with data protection laws.

10. Cookies and Tracking

Bukza does not use cookies or tracking on its platform. Authentication is handled via localStorage. Embedded scripts are the responsibility of business users.

11. Data Processing Agreement (DPA)

Our Data Processing Agreement (DPA) applies automatically to all business users and forms part of these terms. It includes safeguards such as SCCs where applicable.

12. Changes to this Policy and Notifications

We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. The latest version is always available at https://bukza.com/privacy.

Whenever we make material changes, we will notify:

  • Business users via email and/or account notifications
  • End users (if affected) may be notified by email, if their contact information is available and relevant to the change

Your continued use of the Service after such updates constitutes acceptance of the revised Policy.

13. Contact & Complaints

Contact:
Bukza Pte. Ltd.
68 Circular Road #02-01
Singapore 049422
Email: support@bukza.com

If you reside in the EEA/UK and are not satisfied with our handling of your data, you may contact your local supervisory authority.

14. Governing Law

This Privacy Policy is governed by the laws of Singapore. Any disputes shall be subject to the exclusive jurisdiction of the Singapore courts.

Language: This Privacy Policy is provided in English. In case of conflict with any translation, the English version shall prevail.

Effective Date: 12 July 2025

This Privacy Policy is designed to comply with GDPR, PDPA (Singapore and Thailand), APPI (Japan), and the Personal Data Protection Act (Taiwan).

Piston
Piston
Bukza
© 2025 Bukza Pte. Ltd.
Singapore
ContactFAQPricingTerms of ServicePrivacy Policy