BookMay
Privacy Policy
This Privacy Policy explains how KitVa Limited handles personal data for BookMay, BookMay Business, and related booking services.
1. Scope and Hong Kong privacy law
BookMay is a two-sided booking platform. The customer app helps users discover and book services. BookMay Business helps merchants manage shop profiles, services, staff, availability, bookings, chats, and reviews.
KitVa Limited is based in Hong Kong. We aim to handle personal data consistently with the Personal Data (Privacy) Ordinance, Cap. 486, including the Data Protection Principles on collection, accuracy, use, security, openness, access, and correction.
2. Platform roles
Customers and businesses both use BookMay. A business may receive customer booking details, notes, chat messages, and review information so it can provide the booked service. Businesses are independent service providers and may also be responsible for their own customer records and legal obligations.
3. Information we collect or process
Account and profile data may include name, nickname, username, email address, phone number, optional birthday, profile image, language, region, notification settings, and authentication records.
Business data may include shop name, category, description, address, location, coordinates, phone number, opening hours, cancellation cutoff, booking approval settings, private shop status, store code, access code, logo, cover images, work images, services, staff, service availability, and day offs.
Business verification and enforcement data may include business registration information, licence or permit information, proof of address, proof of phone, email, domain, or store-code control, owner or manager authorization, trade mark or brand authorization, public records, support evidence, and identity or contact details of authorized representatives where required.
Booking data may include business, customer, service, staff, start time, end time, status, customer name, email, phone, customer notes, business notes, rejection reason, deposit status, booking preference, party size, custom form responses, and price snapshots.
Communication and content data may include chat conversations, chat messages, inbox messages, unread counts, review ratings, review comments, review images, business replies, support emails, and other content you submit.
Technical data may include device, app, network, security, diagnostic, and log information generated when you use the apps or related services.
4. App permissions and device features
- Location may be used to rank nearby businesses, show distance, support region-aware discovery, or help choose a business location.
- Camera access may be used to scan BookMay shop QR codes.
- Photo library or camera access may be used for profile images, business images, staff images, work galleries, and review images.
- Notifications may be used for booking updates, inbox messages, reminders, and account or service notices.
- Calendar features, if enabled, may help you add or manage booking events on your device.
5. How we use information
- Create, authenticate, and maintain customer and business accounts
- Display public and private business listings, services, staff, availability, and images
- Process booking requests, confirmations, cancellations, completions, reminders, and manual bookings
- Enable customer-business chats, inbox messages, unread counts, review replies, and support
- Operate QR store code access, private shop unlocks, fraud prevention, security, and abuse detection
- Verify business ownership or authority, investigate impersonation, fake listings, malicious bookings, payment abuse, infringement, and misuse of customer data, and notify affected parties where appropriate
- Comply with legal obligations, enforce terms, protect rights, and improve reliability
6. Sharing of information
We do not sell personal data.
- Customers and businesses may see information needed for a booking, chat, review, or business listing.
- Service providers may process data for hosting, authentication, database, storage, analytics, diagnostics, email, payments, and platform operations. This may include providers such as Supabase, Apple, and payment processors where applicable.
- Where legally permitted or required, we may share relevant records with affected customers, the real business owner, payment providers, app stores, insurers, professional advisers, regulators, law enforcement, or courts to investigate or respond to impersonation, fraud, malicious bookings, infringement, disputes, or safety issues.
- Information may be disclosed where required by law, court order, regulator, law enforcement request, or where needed to protect rights, safety, security, and service integrity.
7. Storage, retention, and transfers
BookMay stores service data in cloud infrastructure and may process data outside Hong Kong through service providers. We use reasonable safeguards appropriate to the nature of the data and service.
We retain information for as long as reasonably needed to provide the services, maintain booking and business records, resolve disputes, enforce terms, comply with law, and support security. Some booking, message, verification, payment, abuse, and investigation records may need to be retained after account closure, suspension, deletion request, or listing removal where reasonably required for fraud prevention, dispute handling, legal claims, law enforcement, or legitimate business reasons.
8. Your choices and rights
- You can update certain profile, notification, language, region, business, and booking settings in the app where available.
- You can control iOS permissions such as Location, Camera, Photos, Notifications, and Calendar in device settings.
- Under Hong Kong privacy law, you may request access to and correction of personal data we hold about you, subject to lawful limitations.
- For deletion, account, or data requests, contact us using the details below. We may need to verify your identity and may retain records where legally or operationally necessary.
9. Security
We use reasonable administrative, technical, and organizational measures to protect personal data. No app, network, or storage system can be guaranteed to be completely secure.
10. Children and young users
BookMay is not intended for children to use without appropriate parental or guardian involvement. If you believe a child has provided personal data without proper consent or supervision, contact us.
11. Changes to this policy
We may update this Privacy Policy to reflect product, legal, operational, or security changes. The effective date will be updated when changes are published.
12. Contact
For privacy questions or data requests, contact kitvalimited@gmail.com.