Privacy Policy

Effective date: 11 April 2026  ·  Version 1.1

1. Who we are

Boekd is operated by Boekd ("Boekd," "we," "us," or "our"), a business registered in the Netherlands. Our website is located at getaqard.com.

For purposes of the General Data Protection Regulation (EU) 2016/679 ("GDPR"), Boekd is the data controller of the personal data described in this policy.

You can contact us at: hello@getaqard.com

2. What data we collect and why

Account data

When you create an account, we collect your first name, last name (optional), and email address. We store a cryptographic hash of your password — your plain-text password is never stored or accessible to us. This data is necessary to provide you with an account and to identify you when you log in.

Business and location data

When you set up your Boekd profile, you provide details about your business and locations: business name, address, phone numbers, email address, website, and appointment types. This data is displayed on your public scan page and included in calendar events generated for your clients. You choose what to enter — all fields except business name and location name are optional.

Scan event data

When a client scans your QR code, we log the timestamp of the scan, which calendar app (if any) they selected, and their browser's User-Agent string (which indicates device type, e.g. iPhone, Android). We do not collect the client's name, email, or any other identifying information at scan time. Scan data is used to provide you with analytics about your QR code usage.

Technical data

When you use the Boekd dashboard, our web server processes standard HTTP request data including your IP address and browser User-Agent. This data is not stored in our database but may appear in server access logs for security and troubleshooting purposes. Server logs are retained for a maximum of 30 days.

3. Legal basis for processing

We process your personal data on the following legal bases under GDPR Article 6:

  • Contract (Article 6(1)(b)): Processing your account data and business profile is necessary to provide the Boekd service you have signed up for.
  • Legitimate interests (Article 6(1)(f)): We process scan event data and server logs to maintain the security of the service, prevent abuse, and provide you with analytics about your QR code usage. These interests do not override your rights and freedoms.
  • Legal obligation (Article 6(1)(c)): We may process and retain certain data to comply with applicable Dutch and EU law.

4. How long we keep your data

  • Account data: Retained for as long as your account is active. If you delete your account, your account data is permanently deleted within 30 days.
  • Business and location data: Retained for as long as your account is active and deleted with your account.
  • Scan event data: Retained for up to 24 months from the date of the scan, then permanently deleted.
  • Server logs: Retained for a maximum of 30 days.

5. Who we share your data with

We do not sell your personal data. We share data only with the following third-party service provider as necessary to operate the service:

  • TransIP B.V. (Netherlands): Our hosting provider. All data is stored on servers located in the Netherlands (EU). TransIP is bound by a data processing agreement and operates under Dutch and EU law.

We may disclose your data to law enforcement or regulatory authorities if required to do so by applicable law.

6. Your rights

Under GDPR, you have the following rights regarding your personal data:

  • Access (Article 15): You can request a copy of the personal data we hold about you.
  • Rectification (Article 16): You can correct inaccurate data directly in your account dashboard, or by contacting us.
  • Erasure (Article 17): You can request deletion of your personal data. You can delete your account from the account dashboard.
  • Restriction (Article 18): You can request that we restrict processing of your data in certain circumstances.
  • Portability (Article 20): You can request a copy of your data in a structured, machine-readable format.
  • Objection (Article 21): You can object to processing based on legitimate interests.

To exercise any of these rights, contact us at hello@getaqard.com. We will respond within 30 days.

If you believe we have not handled your data lawfully, you have the right to lodge a complaint with the Dutch supervisory authority: Autoriteit Persoonsgegevens (AP).

7. Cookies

We use one cookie, which is strictly necessary for the service to function:

  • Session cookie: Set when you log in to keep you authenticated while you use the dashboard. It is deleted when you log out or close your browser. No consent is required for strictly necessary cookies under EU law.

We do not use any tracking, analytics, or advertising cookies. If this changes, we will update this policy and obtain your consent where required.

8. Data security

We take reasonable technical and organisational measures to protect your personal data, including: encrypted HTTPS connections for all data in transit, bcrypt hashing for passwords (your plain-text password is never stored), and access controls restricting data access to authorised personnel only. Our servers are located in the Netherlands and operated by TransIP, which maintains ISO/IEC 27001 certification.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. If the changes are material, we will notify you by email. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

10. Contact

For any questions about this Privacy Policy or how we handle your data, contact us at hello@getaqard.com.

Boekd™ · © 2026 · hello@getaqard.com · Privacy · Terms · Cookies