Legal

Acceptable Use Policy

Rules for using the Bookable platform, widget and APIs

This Acceptable Use Policy (the "AUP") applies to all use of the Bookable Services by Operators, Authorised Users and any other person who accesses the Services. It is incorporated into the Master Terms of Service and related agreements by reference. Capitalised terms used but not defined in this AUP have the meanings given in the Master Terms of Service.

We may update this AUP from time to time. The current version is always the one published at /legal/aup.

1. General principles

You must:

• comply with all applicable laws and regulations, including consumer protection, advertising, alcohol licensing, food information and data protection laws;
• use the Services only for lawful business purposes connected with operating your venue(s) and integrated channels;
• not use the Services in a way that could damage, disable, overburden or impair our systems, or interfere with any other customer's use of the Services.

2. Prohibited content

You must not upload, store, transmit or make available through the Services any content that:

• is unlawful, infringing, defamatory, obscene, harassing, discriminatory or otherwise objectionable;
• infringes any intellectual property, privacy, confidentiality or other rights of any third party;
• contains or links to malicious code (including viruses, worms, trojans, ransomware, spyware) or exploits;
• contains personal data that you are not authorised to process;
• is deceptive, fraudulent or misleading, including false reviews, fake bookings, spoofed identities, or pricing or availability that you know to be inaccurate;
• promotes or facilitates activities that are illegal in the relevant jurisdiction.

3. Prohibited uses

You must not:

• use the Services to send unsolicited marketing or other communications in breach of PECR, UK GDPR or equivalent laws;
• attempt to probe, scan, test, reverse engineer, decompile or disassemble any part of the Services, except to the extent permitted by law;
• attempt to gain unauthorised access to the Services, to other accounts, or to networks or systems connected to the Services;
• circumvent, disable or interfere with security, authentication, access control, rate-limiting or usage-metering features;
• use automated means (including bots, scripts or scrapers) to access or extract data from the Services, except through our documented APIs and subject to applicable rate limits;
• use the Services to build, train or improve a competing product or service, or to benchmark for such purposes;
• resell, sublicense, rent, lease or otherwise provide the Services to third parties, except as expressly permitted in the Agreement;
• misrepresent your identity or affiliation, impersonate another person, or create accounts using false information;
• use the Services in a way that could result in Bookable being placed in breach of its obligations to TMS partners, Integration Partners or other third parties.

4. API and integration use

If you or your developers use our APIs:

• you must comply with our API documentation, rate limits and authentication requirements;
• you must keep API credentials confidential and rotate them promptly if compromised;
• you must not use the APIs to duplicate, replicate, cache or mirror the Services for competitive purposes;
• we may throttle, suspend or revoke API access where usage is excessive, abusive or threatens service stability.

5. Data quality and guest experience

Because the Services touch real guests, you must also:

• keep venue details, availability, menus, pricing and policies accurate and up to date;
• honour bookings made through the Services, or promptly cancel and communicate with affected guests where necessary;
• handle guest personal data in accordance with your own privacy notice and the Data Processing Agreement;
• not use guest contact details obtained through the Services for any purpose other than fulfilling the relevant booking and related communications, except where you have an independent lawful basis to do so (for example, your own marketing with appropriate consent);
• not disable or bypass allergen, age-restriction or consumer-disclosure features required by law.

6. Security responsibilities

You must:

• use strong, unique passwords and enable multi-factor authentication where available;
• promptly revoke access for personnel who no longer need it;
• notify us without undue delay of any suspected security incident, including unauthorised access to your account, credential compromise or suspected data breach;
• not share accounts between individuals; each Authorised User should have their own credentials.

7. Reporting breaches

If you become aware of any actual or suspected breach of this AUP, please report it to security@bookabletech.com (for security issues) or support@bookabletech.com (for other issues).

8. Consequences of breach

We take breaches of this AUP seriously. Depending on the circumstances, we may:

• issue a warning and give you the opportunity to remediate;
• remove or disable offending content or functionality;
• suspend access to some or all of the Services in accordance with the Master Terms of Service;
• terminate the Agreement in accordance with its terms;
• report the matter to relevant authorities where we are required or permitted to do so.

Where a breach causes loss or damage, you remain liable in accordance with the Master Terms of Service.

9. Urgent action

Where there is a material and immediate risk to the Services, our customers or third parties (for example, ongoing abuse of the APIs, active security exploitation, distribution of malware, or a live regulator order), we may take immediate action without prior notice, and will notify you as soon as reasonably practicable afterwards.

The Bookings Group Limited

Registered in England and Wales with company number 11689193

Registered office: c/o Bright Beany Accounting, Cumberland House, 35 Park Row, Nottingham, England, NG1 6EE

Version: 1.0 | Last updated: 1 March 2026