bukt

Privacy Policy

Last updated: 6 June 2026

This Privacy Policy explains how bukt ("we", "us", or "our") collects, uses, stores, and shares personal data when you visit bukt.co.uk, use bukt.app, or otherwise interact with our event management platform and related services (together, the "Service").

We are committed to protecting your privacy and handling personal data in accordance with applicable data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

bukt provides software for managing events, bookings, availability, locations, and professional profiles. The Service is operated from the United Kingdom.

If you have questions about this policy or how we handle your data, contact us at support@bukt.app.

2. Personal data we collect

Depending on how you use the Service, we may collect:

  • Account information: name, email address, password (handled by our authentication provider), mobile number, timezone, and account preferences.
  • Profile information: skills, biography, fee settings, profile and gallery images, directory visibility settings, and optional home address or location details you choose to provide.
  • Booking and event data: event names, dates, venues, participant details, availability blocks, invitations, and related communications.
  • Location data: venue and address information you add, including data resolved through mapping services where you use those features.
  • Calendar connection data: if you connect Google Calendar, we receive your connected Google account email, the calendar IDs and names you choose to sync, and event details (such as start and end times, titles, and busy/free status) needed to import availability blocks.
  • Communications: messages we send to you (such as welcome emails, booking notifications, and password reset emails) and support correspondence.
  • Technical and usage data: IP address, browser type, device information, pages viewed, and similar diagnostic data collected through normal operation of our websites and applications.

We do not intentionally collect special category data unless you choose to include it in free-text fields such as a profile biography.

3. Google Calendar integration

If you choose to connect Google Calendar, bukt requests read-only access to the calendars you select. We use this access solely to import busy events as availability blocks in your bukt account, so others can see when you are unavailable or flexible.

Specifically, when you connect Google Calendar:

  • What we access: read-only access to event data in the Google Calendars you choose to sync, including event times, titles, and availability status.
  • What we do not do: we do not write to, modify, or delete events in your Google Calendar; we do not access calendars you have not selected; and we do not sell Google user data.
  • How we store data: OAuth refresh tokens are stored encrypted on our servers. Imported availability blocks are stored in bukt and linked to your account.
  • Your control: you can disconnect Google Calendar at any time from your Availability settings. When you disconnect, we revoke access and remove availability blocks that were imported from Google Calendar.
  • Legal basis: we process Google Calendar data based on your consent, which you give when you initiate the connection.

4. How we use personal data

We use personal data to:

  • create and manage your account;
  • provide, operate, and improve the Service;
  • facilitate bookings, invitations, notifications, and collaboration between users;
  • sync availability from Google Calendar when you choose to connect it;
  • store and display content you upload, such as profile and venue images;
  • send service-related emails and in-app notifications;
  • respond to support requests and protect the security of the Service;
  • comply with legal obligations and enforce our terms.

5. Legal bases for processing

Where UK GDPR applies, we rely on one or more of the following legal bases:

  • Contract: processing necessary to provide the Service you sign up for.
  • Legitimate interests: operating, securing, and improving the Service, preventing misuse, and communicating with you about your account, where those interests are not overridden by your rights.
  • Consent: where required, such as for optional Google Calendar connection, optional marketing communications, or certain optional profile visibility settings.
  • Legal obligation: where we must retain or disclose information to comply with law.

6. How we share personal data

We may share personal data with:

  • Other users: when you create bookings, accept invitations, connect with contacts, or make parts of your profile visible in the directory or publicly, as controlled by your settings.
  • Service providers: trusted processors that help us run the Service, such as cloud hosting, database, authentication, email delivery, file storage, and mapping providers. These providers process data only on our instructions and under appropriate safeguards.
  • Professional advisers and authorities: where required by law or court order, or to protect rights, safety, and security.

We do not sell your personal data.

7. International transfers

Some of our service providers may process data outside the UK. Where this happens, we use appropriate safeguards such as UK adequacy regulations, standard contractual clauses, or equivalent protections required by applicable law.

8. Data retention

We keep personal data for as long as needed to provide the Service, meet legal and accounting requirements, resolve disputes, and enforce our agreements. When data is no longer required, we delete or anonymise it within a reasonable period.

9. Your rights

Under UK data protection law, you may have the right to access, rectify, erase, restrict, or object to certain processing of your personal data, and to data portability where applicable. You may also withdraw consent at any time where processing is based on consent.

To exercise these rights, contact support@bukt.app. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK.

10. Cookies and similar technologies

Our websites and applications may use cookies, local storage, and similar technologies that are necessary for sign-in, security, and core functionality. We may also use analytics or preference technologies as the Service develops. Where required, we will provide additional notice and choices.

11. Security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, or alteration. No online service can guarantee absolute security.

12. Children

The Service is not intended for children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

13. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page shows when it was most recently revised. Material changes will be communicated where appropriate.