Bookimo — software di prenotazione per artigiani
Trust center

Security and privacy, by design

Your core data is hosted in France and the EEA. Specialised processing outside the EEA is protected in line with the GDPR. Our voice agent always states that it is an AI.

Data in France and the EU

Core services hosted with OVHcloud in France and the European Economic Area.

Encryption in transit

All communications are encrypted over HTTPS / TLS.

Multi-tenant isolation

Each organisation's data is isolated from every other.

48-hour notification

For a client data breach, notification where reasonably possible within 48 hours.

Security

Defense in depth, least privilege and a secure development lifecycle. Program aligned with ISO/IEC 27001 Annex A controls, audited internally.

Privacy

GDPR legal bases, bounded retention periods, data-subject rights and an Article 28 data processing agreement (DPA).

Responsible AI

Our voice agent states that it is an AI, redirects emergencies to emergency services, and limits audio processing to what the Service requires.

Subprocessors

Carefully selected subprocessors, controlled data location and mechanisms framing transfers outside the EU.

Documents

Available to our clients once signed in. Prospects: ask us for the package.

Frequently asked questions

Where is the data hosted?

With OVHcloud, with core data in France and the European Union.

Is the data encrypted?

Yes, all communications are encrypted in transit over HTTPS / TLS.

Do you sign a data processing agreement (DPA)?

Yes. Our Article 28 GDPR data processing agreement is incorporated into the Terms and is available in the client Trust Center.

Can I retrieve my data at the end of the contract?

Yes, data reversibility and export are provided. Details are in our documents.

What happens in the event of a data breach?

We follow an incident response process and notify affected clients, where reasonably possible, within 48 hours after becoming aware of a breach.

Do you hold an ISO 27001 or SOC 2 certification?

Our program is aligned with ISO/IEC 27001 Annex A controls and audited internally. No certification is claimed at this stage.

A security question?

Our team answers security requests and vulnerability reports.

Contact security@bookimo.io