Updated: May 22, 2025
Welcome to Bookify! This Privacy Notice describes how personal information is collected, used and stored through use of the clinic management platform by Bookify Software Inc. ("Bookify" or "we" or "us" or "our") and through use of our websites and web-based resources. We refer to our platform, websites and web-based resources as the "Services".
In this Notice, we use the word "Subscriber" to refer to anyone who has subscribed to and paid for use of our clinic management platform (for example, a health clinic or health practitioner), and also includes their individual sub-users. We use the word "you" and "your" to refer to any individual user of our Services, such as a practitioner, staff member or patient of a Subscriber, or an individual browsing or using our websites and web-based resources. We use the word "Patient" to refer to any individual that interacts with Bookify's clinic management platform to book or use the services of a Subscriber.
If you are a Patient at any of our Subscriber clinics or practitioners, your clinic or practitioner controls your patient information, including your contact information, billing details and patient records. The only exception is if you setup an account for booking appointments using the Bookify Mobile App, your Bookify ID authentication credentials (user ID or email and password) are controlled by Bookify. Please contact your clinic or practitioner for any questions about your patient information or contact Bookify for any questions about management of your Bookify ID authentication information. See the section titled Patient Data below for further information.
Bookify collects personal information in order to provide our Services to our Subscribers and their users, for our own business purposes (such as managing your subscription and payments), to learn about use of our Services (for improvement, accessibility and relevant content), and to provide you with information about our Services, including features and promotions. We collect only the minimum amount of personal information needed for these purposes. We do not sell or trade personal information, and we will only share your personal information with third parties in the ways that are described in this Privacy Notice.
We collect your contact information, such as your name, email address and organization, when you fill out our online forms or set up your user account for our Services. We use your contact information to activate your user account, give you access to the Services, and to send you notices about your user account. We may also use your contact information for marketing purposes, such as promotional emails, direct mail and sales contacts. You can opt-out of our marketing communications at any time by unsubscribing or contacting us at [email protected]. Please note that other than email addresses used in authentication credentials, Bookify does not collect or manage the contact information of patients, or any marketing or other communications between a Subscriber and its patients.
We collect your authentication credentials (user ID or email and password) ("Patient Authentication Information") when you create an account to link, book and obtain services from one or more Subscriber clinics as a Patient. We manage the authentication process to allow you to use the same authentication credentials for the different Subscriber clinics you elect to have an account with.
When a Subscriber subscribes to our Services, we also ask them to provide credit card information to process payments. We do not keep your credit card information. Credit card information is provided directly to our payment processor who is PCI-compliant. We receive a 'token' from the payment processor that replaces sensitive information and acts as a non-sensitive identifier which can be used by the payment processor to reference your credit card information when future payments need to be processed.
When you access and browse our Services, we collect information about how you are accessing our Services, such as your internet or mobile network connection, your browser or the type of mobile device you are using (if applicable). We use this log and device information to identify how our Services are being accessed and used so we can optimize them for the types of connections, browsers and devices being used. This information is not used to market or send promotions at an individual user level.
Our website uses cookies. Cookies are small data files that are downloaded to your computer or device by a website. Your web browser lets you manage cookies through its "settings" or "options" menus. You can change your browser settings to display a warning before accepting a cookie or to refuse all cookies other than essential cookies required for the functioning of the Services. You can also delete cookies at any time; however, please note that certain cookies must remain in order to use certain portions of the Services.
We also use web beacons, which are tiny graphic objects embedded in a web page or an email which allows us to determine if a user has viewed the web page or email.
We use cookies and web beacons:
For more information about cookies, see our Cookie Policy.
If you login to our Services using a third-party sign-in service, such as Google, Facebook Connect or Twitter, we will receive personal information from those services, such as your name and email address in order to pre-populate our online forms. We also include social media "Like" and "Share" buttons on our websites. These features may collect your IP address and the page you are visiting on our website. They may also set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policies of the third parties who provide them.
For personal information that is subject to the General Data Protection Regulation (GDPR), we rely on the following legal bases for collecting and using your personal information:
You may withdraw your consent at any time. Where we are using your personal information for our legitimate interests, you have the right to object to that use. See below under Your Rights for how to withdraw consent or object.
If you are a Patient of one of our Subscriber clinics, please contact your clinic or practitioner if you have any questions about the legal basis for collecting and using your personal information other than your Bookify ID authentication information, about which you can contact us. Our Subscribers may have a different legal basis for collecting and using a Patient's personal information, such as providing health care or treatments as a regulated healthcare professional.
Subscribers use our business management platform to collect personal information from their clients and create client records. These records may include a client's name, address, billing information, client notes, appointment history and other client data ("Client Data"). This information is sometimes referred to as "personal information", "protected information", "data concerning health" or "sensitive data" depending on the location of the Subscribers and the privacy laws applicable to them.
If you are a Client, Client Data is collected from you when you visit your Subscriber business or practitioner and when you create a profile or book appointments with the Subscriber business through our online booking Service.
Subscribers retain sole control over Client Data and may be referred to as a "health information custodian", a "covered entity" or a "controller" depending on their location and the privacy laws applicable to them. Subscribers determine:
Subscribers are responsible for complying with laws and regulations governing the use of Client Data, and for determining the legal basis for such use.
Bookify is a service provider to Subscribers and may be referred to as an "agent", "business associate" or "processor" of the Subscriber. Bookify stores Client Data in its secure data centers and makes it available to Subscribers and their users through our business management platform. Therefore, except in relation to Patient Authentication Information, Bookify otherwise has no control over Client Data.
Bookify will only access Client Data on the instructions of the Subscriber or its representatives or, in rare cases, where needed in order to prevent or address technical problems, your requests for support, or if required by law or court order. Please note that in order for Bookify to verify that we have true consent to access your account and its data, that we may verify the person requesting that we access. We may store and access non-identifiable usage data in connection with managing your subscription and licenses.
In the interest of facilitating a more convenient and comprehensive experience to Clients, Bookify allows Clients to use their Client Authentication Information to link, book and obtain services from multiple Subscribers; the user ID, email, phone number and password for these unified accounts used by Clients are referred to as Client Authentication Data. Bookify shall be considered a "personal information custodian" or a "controller" of Client Authentication Data for the purpose of administration of authentication and access to the business management platform and to each of the Subscriber accounts that the Client is linked to. Client Authentication Data shall not be considered Subscriber Data. Furthermore, for the purpose of Client Authentication Data, Bookify does not qualify as a "covered entity" because Client Authentication Data is not deemed to be personal health information. Bookify assumes responsibility for the safeguarding of Client Authentication Data and will not disclose Client Authentication Data to any Subscriber without the prior consent of the Client. Bookify shall be responsible to ensure that only Clients who have successfully authenticated and are linked to a specific Subscriber account are allowed to access such Subscriber account.
Client Data is stored in the regional data centre for the location chosen by the Subscriber during the sign-up process. We currently have regional data centres in Canada, the United States, UK, and Australia, though this may change from time to time. If we do not have a data centre in the Subscriber's region, Client Data will be stored in our Canadian data centre, unless otherwise requested by the Subscriber.
Please note that we use US-based service providers for appointment reminders sent by SMS and, therefore, Client Data contained in appointment reminders will go through and may be stored temporarily in the United States. Similarly, the group telehealth Service is facilitated by a provider which utilizes the nearest available data centre to ensure quality of calls; therefore, in such cases, we do not guarantee that the processing of your data will always remain within your chosen region. We require all our data centres and service providers to maintain a high level of security and to comply with applicable privacy laws.
Clients have certain rights with respect to their Client Data, which may include knowing what information your Subscriber business has about you, correcting any inaccurate Client Data, obtaining a record of your Client Data and, in certain circumstances, deleting or removing your Client Data. Please note that Subscribers have strict legal and regulatory obligations around Client Data and may not always be permitted to delete or remove Client Data.
If you have any questions about your Client Data or wish to exercise any or your client rights, please contact your Subscriber business or practitioner. If your Subscriber business or practitioner has any questions about the management of Client Data in the Services, they may contact us and we will support them as needed to respond to your request. Please note that, in order to maintain strict security of your Client Data, we can only access Client Data upon instruction from the Account Owner of the Subscriber. If your questions are about your Client Authentication Data, you may contact us directly and we will respond to your request.
We do not sell or distribute personal information to third parties for their own commercial or marketing purposes. We will only share personal information we collect in the following circumstances:
In order to operate our business and provide the Services to our Subscribers and their users, we may need to share a limited amount of personal information, including Client Data, with our third-party suppliers and service providers. Before sharing personal information, we ensure that the third parties receiving the personal information have provided appropriate safeguards, and that privacy rights are protected and preserved.
Some of the areas where we use third-party suppliers and service providers include:
A list of the sub-processors we use for processing of Subscriber Data can be found here.
We may share personal information in connection with negotiating or carrying out a financing or acquisition of our business, a merger or amalgamation with another business, or a sale of all or part of our company assets. Before sharing personal information, we will ensure that appropriate confidentiality and non-disclosure undertakings are in place. We will not share Client Data in these circumstances.
We may disclose personal information to governmental or judicial authorities (to respond to a request, subpoenas, registrations, or legal processes) or other third parties (as required by law, to comply with our legal and regulatory obligations, or to protect and secure our interests, rights, and our assets), to enforce security requirements, or to respond to an emergency which we believe, in good faith, requires us to disclose personal information. . We may also be required to disclose personal information to enforce our legal rights, to enforce security requirements, or to respond to an emergency which we believe, in good faith, requires us to disclose personal information.
In such instances, we carefully review a request to make sure it complies with applicable law; if we consider the request to be too broad, we may try to narrow it to minimize the scope of the request, and, if permissible, we will make every reasonable effort to give you as much notice and detail as we can regarding the disclosure of your personal information, what information was disclosed and why. We will not disclose Client Data unless legally required to do so.
Bookify shall not share your Client Authentication Data with any of the Subscribers that you, as a client, elect to link your account to.
Bookify may use computer-generated algorithms to gather anonymous and aggregated information from Subscriber Data in order to assist in our continued development and improvement of the Services, and for the purpose of analysis or compiling statistical data. We will ensure that such anonymized individualized information is not shared outside of Bookify without the consent of the Subscriber, but we are permitted to share aggregated analysis about the use of the Services.
We take reasonable measures, including firewall barriers, SSL/TLS encryption techniques, and authentication procedures, to help protect personal information from accidental loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. In addition, we limit access to Subscriber Data to those employees, agents, contractors and other third parties who have a business need to know.
We protect your personal information, including Client Data stored in our platform, by:
While we employ industry standard measures to protect your information, no electronic communication can ever be completely secure. You share responsibility for protection of your personal information by setting a strong password and by keeping your username and password confidential, along with utilizing the security features available to you and according to your needs.
We retain personal information only for as long as necessary to achieve our stated purposes, or as required by applicable law. For example, Contact and Billing information is kept for as long as a Subscriber account is active and for a reasonable period after it has been deactivated in the event you or your Subscriber wish to re-activate the account as well as for Bookify to meet legal requirements and internal record retention policies. User account information may also be retained as necessary to comply with our legal obligations, resolve disputes or maintain our relationship with a Subscriber.
If you are a patient of one of our Subscriber clinics, please contact your clinic or practitioner for information regarding the storage period for your Client Data.
Personal information may be transferred to and processed in Canada and the United States. Before transferring your personal information, we ensure that appropriate safeguards are in place and that your privacy rights are protected and preserved. Such safeguards may include the existence of an EU adequacy decision, certification and adherence to EU-US Data Privacy Framework, Swiss-US Data Privacy Framework and the UK Extension to the EU-US Data Privacy Frameworks, the Standard Contractual Clauses approved by the European Commission, the International Data Transfer Agreement approved by the Information Commissioner's Office in the UK, binding corporate rules, or other legal mechanisms to safeguard the personal information being transferred.
Individuals have certain rights with respect to their personal information. These rights are set out below. If you are a patient of one of our Subscriber clinics, please contact your clinic or practitioner to exercise any of these rights with respect to your Client Data. To exercise your rights over your Client Authentication Data, please Contact Us.
We will make reasonable efforts to ensure that the personal information we collect from you is accurate and complete. You may update, correct or delete your account information at any time by logging into your user account and modifying your personal information, including your preferences to receive messages from us. You may also update, correct or delete your personal information by contacting us as noted below.
Where we have relied on your consent to use your personal information, you have the right to withdraw that consent at any time by contacting us as noted below, which we will give effect to promptly. In addition, all our marketing email messages contain the ability to automatically "opt-out" or unsubscribe from our mailing lists and marketing messages.
You have the right to request a record of the personal information that we have collected about you and to ask that the information be provided in a structured, used electronic format (where applicable and technically feasible). There may be some cases where we cannot provide you with certain information about you if it would mean disclosure of personal information of another person or other confidential information, or if it would compromise our security systems. If you require access to your personal information, please Contact Us. We will respond to you within thirty (30) days of receiving your request. We may charge a fee where permitted by applicable law.
In certain limited circumstances, individuals in the EU, Switzerland or the UK may request that we restrict our use of their personal information and, where we rely on legitimate interests as the legal basis for using your personal information, you have the right to object to such use. In these cases, we can be required to no longer use your personal information; however, this may mean that certain components of our Services cannot be made available to you. If you wish to exercise your right to restrict or object, please Contact Us.
You have the right to lodge a complaint with a supervisory authority (i.e., the independent public authority responsible for monitoring data protection laws in your country). You may also contact the Information and Privacy Commissioner of Ontario (for Ontario matters) ( http://www.oipc.bc.ca/ ) or the Privacy Commissioner of Canada (for international matters and inter-provincial matters) ( http://www.priv.gc.ca/ ).
If you have any questions or concerns about our Privacy Notice and our privacy practices, please contact us at:
Bookify Software Inc.Scheduling for humans