Is there an app my students need to download?

No. Booking lessons isn't a daily activity — your students don't need to clutter their phones with another app. Ontime is fully mobile-friendly from the browser. They book, pay, and manage their lessons from any phone, tablet, or computer.

Is there an app I need to download to manage my business?

No app needed. Your bookings sync directly to your Google Calendar, so you get real-time updates in the native calendar app already on your phone. For everything else — creating bookings, managing students, taking payments — the platform is 100% mobile-friendly.

How does onboarding work?

We walk you through it personally. Book a demo, and our team will help you set up your brand, configure services and instructors, import existing customer data, and have you taking bookings within days — not weeks.

Is there a long-term contract?

No contracts. Ontime is month-to-month with flat pricing. Cancel anytime, and we'll help you export your data. You stay because it works, not because you're locked in.

How is pricing structured?

One flat monthly fee. No per-booking commissions, no hidden charges, no surprises. You pay the same whether you take 50 bookings or 500 — the upside of growing is yours.

What does "white-labelled" mean?

Your students see your brand — your logo, your colours, your voice. Ontime runs invisibly in the background. Your customers, your data, your business.

Do my students need to create an account to book?

No. Guest checkout means students book in under 60 seconds — no signup wall, no password, no friction. We quietly create an account for them behind the scenes so if they come back, they can sign in with email OTP and access their booking history, vouchers, and invoices.

Can customers pay by cash or credit card?

Yes — absolutely. Cash payments are tracked in the system just like card payments, so your books stay clean no matter how students pay. For students who prefer paying online, we support credit card, Apple Pay, Google Pay, and Afterpay via Stripe, plus bank transfer via PayID.

Can I manage multiple instructors?

Yes. Each instructor gets their own calendar, availability rules, service areas, and commission settings. Ontime auto-generates ATO-compliant RCTIs every pay cycle, so commission payouts and tax compliance stay effortless.

How secure is my business and student data?

Very. Ontime is hosted on AWS in Australian data centres — your data stays in Australia. We never store credit card details (Stripe handles all card data at the PCI-DSS highest tier). Every piece of sensitive information in our database is encrypted. All activity is logged and auditable.

Can I use my own website domain?

Every school gets its own subdomain (e.g. yourschool.ontimebookings.com.au) with full white-label branding. Full custom domain support is planned. In the meantime, we offer embeddable widgets — drop our suburb selector and booking flow straight into your existing website.

Are SMS notifications included?

Email notifications are included in every plan. SMS is optional at a small per-message cost — you choose exactly which notifications go via SMS (confirmation, reminder, follow-up), so you stay in full control of your spend.

Privacy Policy

Your privacy is important to us. This policy outlines how On Time Bookings collects, uses, and protects your personal information when you use our booking management platform.

TL;DR – Privacy Policy Summary

•We protect your data: We use encryption, access controls, and AWS Sydney hosting to keep your information secure.
•You own your data: If you're an organisation, you control end-customer data. We're just the processor following your instructions.
•We keep data for 7 years: For tax and legal compliance. You can request deletion anytime (subject to legal holds).
•Anonymised data for AI: We may use de-identified booking patterns to improve our platform features—no personal details are used.
•Your rights: You can access, correct, delete, or export your data. Email us at support@ontimebookings.com.au anytime.
•No data selling: We never sell or share your information with third parties for marketing.
•Australian Privacy Law: We comply with the Privacy Act 1988 and Australian Privacy Principles (APPs).

👉 For organisations: You're responsible for informing your end-customers about how their booking data is collected and used. We recommend referencing this Privacy Policy in your own privacy notice.

Effective Date: 01 February 2026

Last Updated: 01 February 2026

1. Introduction

Ontime Bookings Pty Ltd ("we," "us," "our," or "Company") is committed to protecting your privacy and ensuring you have a positive experience on our website and services. This Privacy Policy explains how we collect, use, disclose, and otherwise handle your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Important:

In most cases, we provide our services to organisations (such as hair salons, spas, wellness providers, and driving schools), and personal information of their end-customers is collected by those organisations using our platform. We act as a service provider and processor on behalf of these organisations. The organisations are responsible for ensuring they have appropriate consents and privacy notices in place for their end-customers. This policy explains how we handle all personal information in this context.

Our Details:

Business Name: Ontime Bookings
Email: support@ontimebookings.com.au
ABN: 30 246 362 400

This policy applies to:

Organisation Users: Small-to-medium business owners, managers, and staff who manage bookings and/or provide services through our platform
End-Customers: Customers being served by Organisation Users.

2. What Personal Information Do We Collect?

We collect personal information in the following ways:

2.1 Information You Provide Directly

Organisation Users (Business Owners & Staff):

Name, email address, phone number, and other contact information
Business name, location details, organisational information, and related business identifiers
Payment information (processed securely via Stripe)
Login credentials and authentication details
Account preferences, configuration settings, and other system information

End-Customers (via Organisation Users):

Name, contact details (such as phone, email, or other contact information), and identifying information
Booking history, service preferences, and related booking information
Payment information (processed via Stripe; we do not store full card details)
Notes, special requests, or other information provided during booking or service interactions

2.2 Information Collected Automatically

IP address, browser type, and device information
Device specifications and operating system details
Pages visited, time spent on platform, and browsing behaviour
Referral source and usage patterns
Login and access logs, and security events
Service usage analytics and feature interactions

2.3 Information from Third Parties

Service providers (including but not limited to, AWS, Stripe, Google, Resend, Mailgun) may provide technical and transactional data
Payment processors may provide transaction confirmations and fraud detection information

3. How We Use Your Personal Information

3.1 For Organisation Users

We use information to:

Create, maintain, and manage your account
Deliver booking management services and features
Process payments and manage subscriptions
Communicate service updates, support requests, and billing information
Improve and personalise our platform based on usage patterns
Comply with legal and regulatory obligations
Detect and prevent fraud, security breaches, and misuse

3.2 For End-Customers

We use information to:

Facilitate bookings and manage service reservations
Send booking confirmations, reminders, and receipts
Provide customer support related to their bookings
Improve our services based on aggregated usage data
Comply with legal obligations and prevent fraud

3.3 Anonymised Data & AI Model Training

We may use anonymised and aggregated booking data (data stripped of personally identifiable information) to train artificial intelligence models that improve our platform's features, including predictive analytics and natural language booking capabilities. Anonymised data cannot be used to identify you or end-customers and is permanently de-identified before use.

Examples of anonymised data we may use include aggregate booking patterns, service duration distributions, cancellation rates by service type, and geographic booking trends.

4. Legal Basis for Processing Personal Information

Under the Privacy Act 1988, we collect and use personal information only where permitted by law, including where it is reasonably necessary for our business activities, required by law, or where you have consented. This includes:

Fulfilling our contractual obligations to deliver our booking platform services
Complying with tax, financial, and regulatory obligations
Processing information with your explicit consent
Protecting our platform from fraud and maintaining security
Managing organisation accounts and providing customer support

5. Who We Share Your Information With

5.1 Third-Party Service Providers

We use the following sub-processors to deliver our services. These organisations process personal information on our behalf:

Service Provider	Purpose	Data Processed	Location
Amazon Web Services (AWS)	Cloud hosting and data storage	All personal data	ap-southeast-2 (Sydney)
Stripe	Payment processing	Name, email, billing address, payment token	Global (tokenised)
Google	Email services, analytics	Email address, usage analytics	Global
Resend	Email delivery	Email address, contact details	Global
Mailgun	Transactional email	Email address, booking details	Global

All sub-processors are bound by data processing agreements requiring them to implement appropriate security measures and use data only for the specified purposes.

5.2 Data Controller vs. Data Processor

For End-Customer Data:

The organisation (your business) is the primary data controller
Ontime Bookings acts as a data processor on your behalf when processing end-customer information
We only process end-customer data according to the organisation user's instructions

For Organisation User Data:

Ontime Bookings is the data controller

Note: These terms are used for explanatory purposes to clarify our roles in managing personal information. They are not intended to limit or replace our obligations under the Australian Privacy Act 1988.

5.3 Disclosure of Information

We do not sell, rent, or lease your personal information to third parties. However, we may disclose information:

To comply with legal obligations (court orders, tax authorities, law enforcement)
To protect our rights, privacy, safety, or property
To establish, exercise, or defend legal claims
With your explicit consent

5.4 International Data Transfers

Your data is primarily hosted in AWS Sydney (ap-southeast-2), an Australian data centre. However, some sub-processors (Stripe, Google, Resend, Mailgun) may process data globally. These providers comply with the Privacy Act 1988 and implement Standard Contractual Clauses or similar safeguards for international transfers.

6. Data Retention

6.1 Booking & Customer Data

We retain booking and end-customer data for 7 years after:

The organisation account is closed, or
The end-customer's last booking

This retention period complies with Australian tax and financial record-keeping obligations under the Income Tax Assessment Act 1997.

6.2 Organisation Account Data

Organisation user account data is retained for the duration of the subscription, plus 7 years post-closure for:

Tax and billing records
Dispute resolution
Legal compliance

6.3 Automatic Deletion

Data is automatically deleted or de-identified after the retention period expires. You may request earlier deletion (see Section 8: Your Rights).

7. Security & Data Protection

7.1 Security Measures

We implement industry-standard security controls to protect your personal information:

Encryption: Data in transit (TLS/SSL) and at rest (AES-256)
Access Control: Role-based access control with principle of least privilege
Authentication: JWT-based authentication with secure refresh token management
Infrastructure: AWS managed services with VPC isolation
Monitoring: Continuous logging and audit trails for all data access
Rate Limiting: API rate limiting and DDoS protection
Regular Testing: Penetration testing and security assessments

7.2 ISO 27001 Commitment

We are committed to working towards ISO 27001 certification as part of our long-term information security roadmap. We are building information security management systems aligned with this standard and continuously improving our practices. Current security measures already include encryption, access controls, authentication systems, monitoring, and regular security assessments.

8. Your Privacy Rights

Under the Privacy Act 1988, you have the following rights:

8.1 Right of Access

You can request access to personal information we hold about you. We will provide this within 30 days in a format that is clear and portable (if requested).

8.2 Right of Correction

You can request correction of inaccurate or incomplete personal information. If we disagree with your correction request, we will note your request in our records.

8.3 Right of Deletion

You can request deletion of your personal information, subject to:

Legal retention obligations (e.g., tax records)
Active dispute resolution or legal proceedings
Ongoing operational necessity

We will delete non-essential data within 30 days of your request.

8.4 Right to Withdraw Consent

If we process your information based on consent, you can withdraw that consent at any time. This does not affect the lawfulness of prior processing.

8.5 Right of Portability

You can request a copy of your personal information in a structured, commonly used format (e.g., CSV) for transfer to another service provider.

8.6 How to Exercise Your Rights

To exercise any of these rights, contact us at support@ontimebookings.com.au with:

Your name and account details
A description of the information you're requesting or the right you wish to exercise
Proof of identity (if required)

We will respond within 30 days. If we cannot comply, we will explain the reasons.

9. Data Breach Notification

9.1 Our Responsibility

If a personal data breach occurs that is likely to result in serious harm to you, we will:

Notify you without undue delay (within 30 days where practicable)
Provide details of the breach, data affected, and likely consequences
Recommend protective actions (e.g., password changes, credit monitoring)

9.2 Regulatory Notification

We will also notify the Office of the Australian Information Commissioner (OAIC) if required under the Privacy Act 1988.

10. Complaints & Dispute Resolution

10.1 Lodging a Complaint

If you believe we have breached your privacy rights, you can lodge a complaint by:

Email: support@ontimebookings.com.au
Mail: Level 10, 123 Pitt Street, Sydney NSW 2000, Australia

Include:

Your name and contact details
Description of the alleged breach
Dates and relevant facts
Your preferred resolution

10.2 Our Response

We will acknowledge your complaint within 5 business days and provide a response within 30 days. If your complaint is complex, we will keep you informed of our progress.

10.3 External Dispute Resolution

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au
Phone: 1300 363 992
Mail: GPO Box 5218, Sydney NSW 2001

The OAIC is the independent regulator for privacy in Australia and can investigate your complaint at no cost.

11. Cookies & Tracking

11.1 Cookies

We use cookies to:

Maintain your login session and authentication
Remember your preferences and settings
Analyse platform usage and performance
Prevent fraud and enhance security

11.2 Cookie Types

Essential Cookies: Required for platform functionality (cannot be disabled)
Analytics Cookies: Track usage to improve our services (can be disabled via browser settings)
Third-Party Cookies: May be set by sub-processors for their services

11.3 Your Cookie Choices

You can control cookies via your browser settings. Disabling essential cookies may impair platform functionality.

12. Children's & Young People's Privacy

12.1 Users Under 18

Our Service may be used by individuals under 18 years of age, particularly in contexts such as driving schools where learner drivers are often minors. In these cases:

A parent, guardian, or responsible adult (such as a driving instructor or organisation staff member) must provide information on behalf of the minor
We collect only information reasonably necessary for booking and service delivery
We do not use personal information of minors for marketing or AI training purposes
We take appropriate steps to protect the privacy of young users

12.2 Parental Responsibility

If you provide information on behalf of a minor, you confirm that:

You are authorised to provide their information (e.g., parent, guardian, or organisation staff)
You have informed them of this Privacy Policy or will do so
You accept responsibility for the information provided

13. Changes to This Privacy Policy

We may update this policy to reflect:

Changes in our practices or services
Legal or regulatory developments
Feedback from users

We will notify you of material changes by:

Posting the updated policy on our website
Sending an email to your registered address
Requesting your consent if required

Your continued use of our services after changes constitutes acceptance of the updated policy.

14. Direct Marketing (Australian Privacy Principle 7)

14.1 Promotional Communications

We may send you promotional and marketing communications about our services, updates, and features, but only where you have consented or where permitted by law.

14.2 Opt-Out Rights

You can opt-out of promotional communications at any time by:

Clicking the "unsubscribe" link in any marketing email
Contacting us at support@ontimebookings.com.au with your request
Updating your communication preferences in your account settings

We will stop sending promotional content within 5 business days of receiving your opt-out request. Note: We will continue to send service-related communications (account alerts, billing notices, security updates) regardless of your promotional preferences.

14.3 Third-Party Marketing

We do not sell or provide your personal information to third parties for their marketing purposes.

15. Organisation Users' Responsibility for Privacy Notices

15.1 Notification Obligations

If you are an organisation user, you are responsible for ensuring that end-customers are informed of:

Your organisation's own privacy practices and data handling
How personal information will be collected and used
Your organisation's compliance with privacy laws
End-customers' rights regarding their personal information

15.2 Reference to Ontime Bookings

In your privacy notices to end-customers, we recommend you inform them that:

Booking data is stored and managed using the Ontime Bookings platform
We act as a service provider on your behalf
A link or reference to this Privacy Policy is available if needed

15.3 Your Accountability

We are not responsible for your organisation's privacy notices or your compliance with privacy laws in informing end-customers. Organisations are responsible for their own privacy obligations under the Privacy Act 1988.

16. Contact Us

For privacy-related questions, requests, or complaints, please contact:

Ontime Bookings

Email: support@ontimebookings.com.au
Website: www.ontimebookings.com.au
Privacy Officer Email: support@ontimebookings.com.au
Response Time: Within 5 business days

17. Applicable Law

This Privacy Policy is governed by the laws of New South Wales and the Privacy Act 1988 (Cth). Any disputes will be resolved in the courts of New South Wales.

Document Version: 1.0

Date Prepared: 01 February 2026

Next Review Date: 01 February 2027