Guest Booking SystemPowered by My Future Business
← Back to home

Privacy Policy

Version 1.0 — Effective 8 April 2026

Guest Booking System (“we”, “us”, “our”) is operated by My Future Business®. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our platform at guestbookingsystem.com (the “Service”).

We are committed to protecting your privacy and complying with applicable data protection laws including the EU General Data Protection Regulation (GDPR), the UK GDPR, the Australian Privacy Act 1988, and the CAN-SPAM Act.

Please read this policy carefully. By creating an account or using the Service, you confirm that you have read and understood this policy.

1. Who We Are

Data Controller: My Future Business®
Website: guestbookingsystem.com
Contact: support@guestbookingsystem.com
Postal address: [REGISTERED BUSINESS ADDRESS — update before go-live]

Note: If you are located in the EU or UK and wish to contact us regarding data protection matters, please email the address above with “Data Protection” in the subject line.

2. Information We Collect

a) Account Registration

When you create an account: full name, email address, password (stored as a secure hash — we never see it), and account role (Host or Guest).

b) Guest Application Data

When applying to appear on a podcast: biography, topic pitch, professional category, interview format preference, and an optional PDF bio. This data is shared with the relevant Host.

c) Booking Data

Scheduled interview times, timezone, booking status, and meeting room links associated with confirmed bookings.

d) Payment Information

We do not store credit card or bank account details. Payments are processed by Stripe or PayPal. We store only transaction references, amounts, and payment status. For Host subscriptions, we store your Stripe Customer ID.

e) Communications

Messages exchanged between Hosts and Guests through the platform’s built-in chat feature, and email correspondence we send you.

f) Google Calendar Integration (Hosts Only)

If you choose to connect your Google account, we store an OAuth refresh token and your Google email address. This is used solely to create Google Calendar events and Google Meet links on your behalf when you approve a booking. We do not read, modify, or delete any existing calendar events.

g) Technical and Usage Data

Log data, IP addresses, browser type, and session information collected automatically by our infrastructure providers (Supabase, Vercel) for security and service operation purposes.

h) Policy Acceptance Records

The date, time, and version of this Privacy Policy and our Terms of Service that you agreed to at registration — retained for compliance purposes.

3. How We Use Your Information

  • To create and manage your account
  • To facilitate bookings between Hosts and Guests
  • To process payments via Stripe or PayPal
  • To send transactional emails (booking confirmations, reminders, approval notifications)
  • To create Google Meet events on behalf of Hosts who have connected their Google account
  • To enable chat messaging between Hosts and Guests
  • To provide customer support
  • To maintain platform security and prevent fraud
  • To comply with legal obligations

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and United Kingdom, we process your personal data under the following legal bases:

Contract performance (Article 6(1)(b)): Processing necessary to provide the Service — account creation, bookings, payments, and transactional communications.
Legitimate interests (Article 6(1)(f)): Platform security, fraud prevention, service improvement, and technical infrastructure operation — where these interests are not overridden by your rights.
Consent (Article 6(1)(a)): Google Calendar integration — only when you explicitly connect your Google account. You may withdraw consent at any time by disconnecting from Dashboard → Integrations.
Legal obligation (Article 6(1)(c)): Financial records retention for tax and accounting obligations.

5. Data Sharing and Third-Party Processors

We share your data only with trusted service providers who process it on our behalf under appropriate data processing agreements:

ProviderPurposeLocation
SupabaseDatabase hosting, authentication, real-time featuresUSA (EU data centre available)
VercelWeb hosting and deploymentUSA / Global CDN
StripePayment processing — host subscriptions and booking feesUSA (GDPR compliant)
PayPalAlternative payment processingUSA (GDPR compliant)
Brevo (Sendinblue)Transactional email deliveryFrance (EU — GDPR native)
Google LLCreCAPTCHA v3 (bot protection) and Calendar/Meet integration (opt-in)USA (Standard Contractual Clauses)

We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.

6. International Data Transfers

Some of our service providers are located outside the EEA and UK. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, adequacy decisions. For details of the safeguards applied by each provider, please contact us.

7. Data Retention

Account dataUntil you delete your account or request erasure, plus 30 days for backup purposes.
Booking and application data7 years from the booking date (financial record-keeping obligation).
Chat messages2 years after the associated booking is marked complete or cancelled.
Payment records7 years (legal and tax obligation).
Google OAuth tokensUntil you disconnect the integration from Dashboard → Integrations.
Policy acceptance recordsFor the duration of your account plus 7 years (compliance evidence).
Email logs12 months for delivery troubleshooting.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Ask us to correct inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.
  • Restriction: Ask us to restrict processing of your data in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at support@guestbookingsystem.com with “Data Rights Request” in the subject line. We will respond within 30 days.

If you are in the EEA or UK, you also have the right to lodge a complaint with your local supervisory authority. In the EU, find your authority at edpb.europa.eu. In the UK, contact the Information Commissioner’s Office (ico.org.uk).

9. Cookies and Session Data

We use strictly necessary session cookies to keep you logged in. These cookies are set by Supabase Auth and are essential for the Service to function. We do not use advertising or tracking cookies. By using the Service, you consent to these essential cookies.

10. Emails and CAN-SPAM Compliance

We send two types of email:

  • Transactional emails: Booking confirmations, reminders, approval notifications, password resets. These are essential to the Service and are sent based on contract performance.
  • Service communications: Account updates, policy changes, and important notices.

In compliance with the CAN-SPAM Act: every email we send clearly identifies us as the sender, includes our physical postal address, and contains clear instructions for opting out of non-essential communications. To unsubscribe from non-transactional emails, reply to any email with “UNSUBSCRIBE” in the subject line and we will process your request within 10 business days.

Note: Transactional emails (booking confirmations, interview reminders) are necessary to deliver the Service you requested and cannot be opted out of while you have active bookings.

11. Children’s Privacy

The Service is intended for users aged 18 and over. We do not knowingly collect personal data from children under 18. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it.

12. Security

We implement industry-standard security measures including encrypted data transmission (TLS), database-level Row Level Security (RLS), hashed passwords, and role-based access controls. However, no method of internet transmission or electronic storage is 100% secure. We encourage you to use a strong, unique password and to contact us immediately if you suspect any unauthorised access to your account.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the version number and effective date at the top of this page and notify registered users by email at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

14. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: support@guestbookingsystem.com
Post: [REGISTERED BUSINESS ADDRESS — update before go-live]

Version History

v1.08 April 2026Initial policy published.