BookWell

Privacy Policy

Last updated: 30 March 2026

BestAI Labs Ltd ("we", "us", "our") operates the BookWell platform. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our Service. We are committed to complying with the Privacy Act 2020 (New Zealand) and the Health Information Privacy Code 2020.

1. Information We Collect

We collect the following types of information:

  • Account information: Name, email address, and password when you register for a BookWell account.
  • Clinic information: Clinic name, contact details, services offered, practitioner details, and business hours.
  • Booking information: Client names, contact details, appointment dates and times, and service selections made through the booking widget.
  • Payment information: Billing details processed through Stripe. We do not store credit card numbers on our servers.
  • Usage data: Information about how you interact with the Service, including IP addresses, browser type, pages visited, and timestamps.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the BookWell Service
  • Process bookings and send appointment notifications
  • Process subscription payments and manage billing
  • Send transactional emails (booking confirmations, reminders, account updates)
  • Respond to support requests and communicate with you about the Service
  • Comply with legal obligations and enforce our Terms of Service

3. Health Information

BookWell is designed for use by health and wellness clinics. While the Service itself does not require clients to provide detailed health records, booking information (such as the type of service selected) may constitute health information under the Health Information Privacy Code 2020.

We handle all health-related information with the heightened protections required by the Health Information Privacy Code 2020. Clinic operators who use BookWell remain the primary custodians of their clients' health information and are responsible for ensuring their own compliance with the Code, including obtaining appropriate consents and providing privacy notices to their clients.

4. Data Storage and Security

We take reasonable steps to protect personal information from misuse, loss, unauthorised access, modification, and disclosure. Our security measures include:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • Secure password hashing using industry-standard algorithms
  • Regular security reviews and updates
  • Access controls limiting data access to authorised personnel

Data is stored on servers located in secure data centres. While we endeavour to protect your information, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

5. Third-Party Service Providers

We use the following third-party service providers to operate BookWell:

  • Stripe - Payment processing. Stripe handles all credit card data and is PCI DSS Level 1 certified. See Stripe's Privacy Policy.
  • Resend - Transactional email delivery (booking confirmations, account notifications). See Resend's Privacy Policy.
  • Telegram - Real-time booking notifications sent to clinic operators via the Telegram Bot API. Only booking summary information (no sensitive health details) is transmitted. See Telegram's Privacy Policy.

We ensure that our third-party providers maintain appropriate security and privacy standards. We do not sell your personal information to any third parties.

6. Cookies

BookWell uses cookies and similar technologies for the following purposes:

  • Essential cookies: Required for authentication, session management, and security. These cannot be disabled without breaking core functionality.
  • Preference cookies: Used to remember your language and display preferences.

We do not use advertising or tracking cookies. The booking widget embedded on clinic websites uses only essential session cookies required for the booking process.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you close your account, we will delete your personal information within 30 days, except where we are required by law to retain certain records (for example, financial records for tax purposes, which we retain for 7 years as required by the Tax Administration Act 1994).

Booking records are retained for the duration of the clinic's subscription. Clinic operators may export or request deletion of their data at any time.

8. Your Rights

Under the Privacy Act 2020, you have the right to:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct any inaccurate or incomplete personal information.
  • Deletion: Request that we delete your personal information, subject to any legal obligations requiring us to retain certain records.

To exercise any of these rights, please contact us using the details below. We will respond to your request within 20 working days, as required by the Privacy Act 2020.

9. Children's Privacy

BookWell accounts are intended for adults aged 18 and over. We do not knowingly collect personal information from children under 16. Booking records for minors may be created by their parents or guardians through the clinic's booking widget. If you believe a child has provided us with personal information directly, please contact us so we can take appropriate action.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the Service at least 14 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

11. Office of the Privacy Commissioner

If you are not satisfied with how we have handled your personal information, you have the right to make a complaint to the New Zealand Privacy Commissioner:

12. Contact Us

If you have questions or concerns about this Privacy Policy or how we handle your personal information, please contact us:

  • BestAI Labs Ltd
  • Email: privacy@bookwell.nz
  • New Zealand