Privacy Policy

GETBOOKINGS PTY LTD (Tablfy)   Last updated: 11 April 2026

1. Introduction / Who We Are

GETBOOKINGS PTY LTD (“we”, “us”, “our”) operates Tablfy, a B2B SaaS platform available at tablfy.com. Tablfy is built for restaurant owners and managers to consolidate their marketing and booking data into a single dashboardhelping them understand the real ROI of their advertising spend against actual reservations.

This Privacy Policy explains what personal and business information we collect, how we use it, who we share it with, and what rights you have. It applies to all users of the Tablfy platform and any restaurant staff accounts created within it.

We are committed to handling all information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Questions? Contact us at admin@getbookings.io.

2. What Information We Collect

2.1 Account Information

  • Full name
  • Email address
  • Password (stored as a hashed valuewe never store plaintext passwords)
  • Role within your organisation (owner, admin, manager, or staff)

2.2 Restaurant & Venue Data

  • Venue name and location details
  • Timezone settings
  • Revenue configuration and cover settings
  • Branding preferences

2.3 Booking Data

When you connect your booking management software via email forwarding or direct integration, we collect and process:

  • Customer names, email addresses, and phone numbers
  • Booking history, dates, party sizes, and statuses

This data is sourced from your existing booking systems and belongs to your restaurant. We process it on your behalf.

2.4 Financial & Sales Data

  • Daily sales figures
  • Payment method breakdowns (e.g. cash, card, split)
  • Revenue per cover metrics

2.5 Google Analytics 4 (GA4) Data

When you connect your Google account via OAuth, we pull website sessions, traffic sources, conversion events, and geographic and device breakdowns from your GA4 property. We access only the GA4 properties you explicitly authorise.

2.6 Meta Ads Data

When you connect your Meta Business account via OAuth, we pull ad spend, impressions, clicks, ROAS, and conversion events linked to your Meta Pixel.

2.7 Gmail Data

When you grant Gmail access via OAuth, we access your inbox solely to identify and parse booking confirmation emails from your reservation system. We do not read, store, or process any other emails.

2.8 OAuth Tokens

We securely store OAuth tokens for your Google and Meta accounts to enable ongoing data synchronisation. These tokens are stored server-side and are never exposed to the browser.

2.9 Session Data

We use HTTP-only secure cookies to manage authenticated sessions. These cookies are not accessible to JavaScript and are used only for authentication purposes.

3. How We Use Your Information

PurposeLawful Basis
Providing and operating the Tablfy platformPerformance of contract
Connecting to Google GA4, Gmail, and Meta Ads via OAuthYour explicit consent (granted during OAuth flow)
Parsing booking confirmation emails to populate your dashboardYour explicit consent
Generating ROI and marketing performance reportsPerformance of contract
Displaying booking, financial, and ad data in your dashboardPerformance of contract
Sending transactional emails (account setup, alerts)Performance of contract
Troubleshooting, debugging, and platform supportLegitimate interest
Improving the platform and fixing bugsLegitimate interest
Complying with legal obligationsLegal obligation

We do not use your dataor your customers' datafor advertising, profiling, or any purpose unrelated to operating the Tablfy platform for your business.

4. Third-Party Integrations

4.1 Supabase

All Tablfy data is stored in a PostgreSQL database hosted by Supabase, based in the United States. All database tables are protected by Row-Level Security (RLS), ensuring each restaurant account can only access its own data. Supabase does not use your data for its own purposes.

4.2 Google (GA4 and Gmail)

We integrate with Google's services using OAuth 2.0. You grant Tablfy access to specific Google resources during the authorisation flow. Our use of Google API data is subject to the Google API Services User Data Policy, including the Limited Use requirements. See Section 5.

4.3 Meta (Facebook Ads Manager)

We integrate with the Meta Marketing API using OAuth 2.0 to retrieve ad performance data from your Meta Business Manager account. We access only the ad accounts you explicitly authorise. See Section 6.

4.4 Meta Pixel

Tablfy supports use of your restaurant's own Meta Pixel for tracking booking conversion events. The pixel is owned and controlled by you. We facilitate configuration and reporting of conversion data but do not operate a shared pixel or use pixel data across accounts.

5. Google API Limited Use Disclosure

Tablfy's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

  • We only request access to Google user data that is necessary for Tablfy to function.
  • We use Gmail data only to parse booking confirmation emails and populate your Tablfy dashboard. We do not use Gmail data for any other purpose.
  • We do not use Google user data to serve advertisements.
  • We do not allow humans to read your Google user data unless you have explicitly given us permission, it is necessary for security purposes, or we are required to do so by law.
  • We do not transfer or sell Google user data to third parties.
  • We do not use Google user data to build or augment user profiles for purposes unrelated to Tablfy's core functionality.

6. Meta Ads Integration Disclosure

  • We access only the ad accounts and campaigns you explicitly authorise during the OAuth flow.
  • Meta Ads data is used solely to populate your Tablfy marketing dashboard.
  • We do not share, sell, or transfer your Meta Ads data to any third party.
  • We do not use Meta Ads data for our own advertising or marketing purposes.
  • OAuth tokens for Meta are stored securely server-side and are never exposed to the client browser.
  • You may revoke Tablfy's access to your Meta account at any time through Meta Business Manager settings, or by disconnecting the integration within Tablfy.

7. Data Storage & Security

  • Row-Level Security (RLS):Every database table enforces RLS policiesone restaurant account cannot access another's data.
  • HTTP-only secure cookies: Session tokens are stored in HTTP-only cookies inaccessible to JavaScript.
  • Server-side OAuth token handling: OAuth tokens for Google and Meta are stored and used server-side only.
  • HTTPS and HSTS: All communications are encrypted in transit using TLS with HTTP Strict Transport Security enforced.
  • Hashed passwords: User passwords are never stored in plaintext.

If you believe your account has been compromised, contact us immediately at admin@getbookings.io.

8. Data Retention

Data TypeRetention Period
Account and restaurant dataRetained while active; deleted within 30 days of account closure upon request
Booking and customer dataRetained while active; deleted within 30 days of account closure upon request
Google GA4 and Meta Ads dataRetained as cached snapshots; refreshed on a rolling basis
Gmail-parsed booking dataOnly structured booking records retained; raw email content is not stored
OAuth tokensRetained while integration is active; deleted immediately upon disconnection
Session cookiesExpire at end of session or within the defined authentication window

To request account deletion, contact admin@getbookings.io. We will process it within 30 days.

9. Your Rights

9.1 Access

You have the right to request a copy of the personal information we hold about you. We will respond within 30 days.

9.2 Correction

Most account and restaurant data can be updated directly within Tablfy. For other corrections, contact admin@getbookings.io.

9.3 Deletion

You may request deletion of your personal information. We will process requests within 30 days, subject to legal retention obligations.

9.4 Withdrawal of Consent

Where we rely on your consent (e.g. Google or Meta OAuth access), you may withdraw it at any time by disconnecting the integration within Tablfy or revoking access via Google's or Meta's security settings.

9.5 Complaints

Contact us first at admin@getbookings.io so we can attempt to resolve the issue. If unsatisfied, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5218, Sydney NSW 2001

10. Australian Privacy Principles Compliance

GETBOOKINGS PTY LTD is committed to complying with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth):

  • APP 1This Privacy Policy sets out clearly how we manage personal information.
  • APP 3We only collect personal information that is reasonably necessary for operating Tablfy.
  • APP 5Users are informed of what data is collected and why at the point of collection.
  • APP 6We only use personal information for the primary purpose for which it was collected.
  • APP 7We do not use personal information for direct marketing without consent.
  • APP 8Where data is disclosed to overseas recipients, we take reasonable steps to ensure equivalent protection.
  • APP 11Technical and organisational measures protect personal information from misuse and unauthorised access.
  • APP 12 & 13Individuals may request access to and correction of their personal information (see Section 9).

11. Cross-Border Data Transfers

Tablfy stores data using Supabase, based in the United States. This means personal information may be transferred to and stored in the US. Supabase maintains SOC 2 compliance and industry-standard data protection practices.

By using Tablfy and creating an account, you acknowledge that your data may be stored in the United States and consent to that transfer.

12. Cookies & Tracking

12.1 Session Cookies

Tablfy uses HTTP-only secure session cookies to manage authenticated user sessions. These cookies are set server-side, inaccessible to JavaScript, and used solely for authenticationnot for advertising or tracking.

12.2 Meta Pixel

If you have configured a Meta Pixel on your restaurant's website, that pixel is your own, operating under your Meta Business Manager account. As the operator, your restaurant is responsible for appropriate disclosure to your website visitors.

12.3 No Third-Party Advertising Cookies

Tablfy does not use third-party advertising cookies, tracking pixels, or behavioural analytics tools on the Tablfy platform itself.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date and notify active users via email or an in-app notification. Your continued use of Tablfy after any changes constitutes acceptance of the updated policy.

14. Contact Us

GETBOOKINGS PTY LTD

Trading as Tablfy

Email: admin@getbookings.io

Website: tablfy.com

This Privacy Policy reflects the data practices of the Tablfy platform as at the date shown above. It does not constitute legal advice.