Privacy Policy — NotificationBridge
Last updated: May 3, 2026
NotificationBridge ("the app") is a private business automation tool operated by my-bookings.co.uk ("we", "us"). It is distributed only to authorized client businesses through Google Play's Internal Testing track. This policy describes what data the app reads from the device on which it is installed, where that data is sent, and how long it is retained.
1. Who installs and uses the app
NotificationBridge is installed by a business operator onto a phone the operator owns and controls (typically a dedicated booking-line handset). The operator is the data subject as well as the user. The app is never intended to be installed on a third party's phone without their knowledge.
2. What the app reads on the device
When the operator explicitly enables each capability via Android system permission prompts, the app reads:
- Notifications posted by selected messaging apps the operator has enabled (WhatsApp, Messenger, Instagram, Telegram, Viber, etc.) and by the device's default SMS app. Only the sender display, message text, and any phone number the notification exposes are read; attachments, media, and contacts are not accessed.
- Outgoing SMS that the operator's booking system instructs the app to send, via the standard Android
SmsManagerAPI.
The app does not read the device's contacts, call log, location, camera, microphone, photos, or any data outside the messaging notifications the operator has granted access to.
3. What the app sends, and to where
The app forwards captured messaging-notification content to the operator's own backend at the URL the operator configures during setup (typically https://voice.rom2.co.uk for clients of my-bookings.co.uk). Transmission is over HTTPS / TLS-encrypted WebSocket. No data is sent to any third-party analytics service, advertising network, or external SaaS.
The data flow is:
We do not act as an intermediary or aggregator; we operate the backend on the operator's behalf as part of the booking-system service contract.
4. What is stored
On the device, the app keeps:
- An on-device journal of the last ~500 SMS / forwarding events for the operator's own diagnostics.
- A small cache mapping contact display names to phone numbers, populated from notifications the operator has already received.
- A list of phone numbers the operator has previously sent SMS to.
On the operator's backend, message content is stored for the duration the operator's booking-system contract requires (typically up to 12 months for booking-confirmation auditing). The operator can request deletion at any time.
5. Sharing with third parties
The app does not share data with any party other than the operator's own backend. It contains no analytics SDKs, advertising SDKs, or third-party data-collection libraries.
6. Security
- All transmission is encrypted (HTTPS / wss with TLS).
- The backend is access-controlled with operator-specific session tokens.
- The signing certificate of every release APK is held privately by my-bookings.co.uk.
7. Permissions used
| Permission | Why |
|---|---|
BIND_NOTIFICATION_LISTENER_SERVICE | Read notifications from messaging apps the operator selects, so the booking system can respond to client messages on the operator's behalf. |
SEND_SMS | Send SMS replies that the operator's booking system has explicitly composed, in response to inbound SMS the operator received. |
RECEIVE_BOOT_COMPLETED, FOREGROUND_SERVICE, WAKE_LOCK | Keep the bridge connection alive across reboots so the operator's booking system can reply to client messages without manual app re-launch. |
INTERNET, ACCESS_NETWORK_STATE | Forward captured data to the operator's configured backend. |
POST_NOTIFICATIONS | Show the foreground-service status notification to the operator (visible at all times when the bridge is running). |
REQUEST_INSTALL_PACKAGES | Allow the operator to accept self-hosted updates published by my-bookings.co.uk to clients enrolled outside the Play Store track. |
8. Operator's rights
Because the operator is both the user and the data subject, the operator may:
- Disable any individual channel (WhatsApp, SMS, etc.) at any time from within the app.
- Stop the SMS gateway entirely from within the app.
- Wipe all on-device journals, caches, and allowlists with the in-app "Clear logs" action or by clearing app data in Android system settings.
- Uninstall the app, which removes all on-device data.
- Request deletion of any backend-stored data by contacting us at the address below.
9. Children
The app is a business tool. It is not directed at children and is not intended for installation on devices used by anyone under 18.
10. Changes to this policy
If we materially change this policy we will update the "Last updated" date above and notify operators via in-app admin message and email.
11. Contact
Data controller: my-bookings.co.uk
Email: 
Mobile: 
Address: 57 Dickens Road, Gravesend, UK
For privacy questions, data deletion requests, or policy clarifications, contact us at the email above.
Ownership Notice: All rights of this application belong to J.K Romeo Ltd and cannot be used without the owner's accord.