Datenschutzerklärung
Zuletzt aktualisiert: 7. April 2026
1. Introduction
This Privacy Policy describes how Appointr ("we", "us", "our") collects, uses, and protects your personal data when you use our scheduling platform at appointr.io. We are committed to safeguarding your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).
2. Data Controller
The data controller responsible for your personal data is Appointr, operated from Vienna, Austria. For any privacy-related inquiries, contact us at privacy@appointr.io.
3. Data We Collect
We collect the following categories of personal data: • Account Data: Name, email address, password (hashed), and company details when you register. • Booking Data: Appointment details, customer names, email addresses, phone numbers, and notes submitted through booking forms. • Usage Data: IP addresses, browser type, device information, pages visited, and interaction patterns collected automatically. • Payment Data: Billing information processed through our payment provider. We do not store credit card numbers. • Third-Party Integration Data: When you connect external services (such as Google Calendar), we store encrypted OAuth tokens and calendar event data necessary for synchronisation.
4. Google Calendar Integration
When you connect your Google Calendar to Appointr, we request the following permissions: • Read access to your calendar events (to check availability and prevent double-bookings). • Write access to create and manage booking events on your calendar. • Access to your Google account email address (to identify the connected account). We store your Google OAuth refresh token in encrypted form (AES-256-GCM) in our database. Access tokens are short-lived and refreshed automatically. We only access calendar data necessary for the scheduling features you use. You can disconnect your Google Calendar at any time from your dashboard, which immediately deletes the stored tokens. Appointr's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
5. How We Use Your Data
We use the data we collect to: • Provide, maintain, and improve our scheduling services. • Process and manage bookings and appointments. • Send booking confirmations, reminders, and notifications. • Synchronise appointments with connected calendar services. • Communicate with you about your account and our services. • Analyse usage patterns to improve the platform. • Comply with legal obligations. We do not sell your personal data to third parties.
6. Data Sharing
We may share your data with: • Service Providers: Third-party services that help us operate (e.g., Neon for database hosting, Resend for email delivery, Vercel for hosting). These providers process data on our behalf under data processing agreements. • Tenant Businesses: When you book an appointment, your booking details are shared with the business you are booking with. • Legal Requirements: When required by law, court order, or to protect our rights. We do not share Google Calendar data with any third parties beyond what is necessary to provide the calendar synchronisation feature.
7. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the services. Booking data is retained for the duration of the tenant's account. When you delete your account, we delete your personal data within 30 days, except where retention is required by law. Google Calendar tokens are deleted immediately upon disconnection.
8. Data Security
We implement appropriate technical and organisational measures to protect your data, including encryption at rest and in transit (TLS), encrypted token storage (AES-256-GCM), secure password hashing (bcrypt), and access controls. Our database is hosted on Neon Postgres with SSL connections required.
9. Your Rights
Under the GDPR and applicable laws, you have the right to: • Access your personal data. • Correct inaccurate data. • Delete your data ("right to be forgotten"). • Export your data in a portable format. • Object to certain processing activities. • Withdraw consent where processing is based on consent. • Disconnect third-party integrations at any time. To exercise these rights, contact us at privacy@appointr.io.
10. Cookies
We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. Analytics data is collected through Vercel Analytics in an anonymised, privacy-friendly manner without cookies.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date.
12. Contact
If you have questions about this Privacy Policy or our data practices, contact us at privacy@appointr.io.