Privacy Policy

Last updated: 2026-04-24.

Appoinly ("we", "us", "our") operates the appointment booking platform available at appoinly.com.cy and the per-tenant subdomains under it. This Privacy Policy explains what personal data we process, why we process it, on what lawful basis, where we store it, who we share it with, and the rights you have under the EU General Data Protection Regulation (GDPR) and Cyprus data-protection law.

This policy applies to two distinct groups: tenants (the businesses that subscribe to our service to manage their bookings) and the customers of those tenants (the end-users who book an appointment with one of our tenants). When a tenant uses Appoinly to manage its own customer data, we act as a data processor on behalf of that tenant; the tenant is the data controller. For account, billing, and operational data of tenants themselves, we act as the data controller.

What we collect

• Account email and profile. When a tenant signs up, we collect the email address, first name, business name, and chosen workspace URL (slug) of the tenant owner.
• Authentication data. Hashed passwords (we never store them in clear text) and short-lived magic-link tokens used to sign in. Tokens expire and are single-use.
• Business profile. Information about the tenant's services, staff, opening hours, locations, pricing, and any other data the tenant chooses to enter into the platform.
• Customer contact information. Names, email addresses, phone numbers, and any notes that tenants enter for their own customers in order to manage bookings.
• Booking metadata. Appointment date, time, duration, service, assigned staff, status (confirmed / cancelled / completed / no-show), payment status, and any free-text notes.
• Security and operational logs. IP address, user-agent string, request path, and timestamps. We use these to detect abuse (brute-force attempts, scraping, spam) and to diagnose errors.
• Payment metadata. When a tenant subscribes to a paid plan or a customer pays a deposit, we record the Stripe customer ID, subscription ID, and a reference to the payment. We do not store full card numbers. Card data is handled directly by Stripe.

Why we collect it

• To deliver the booking service the tenant subscribes to.
• To send transactional emails: booking confirmations, reminders, cancellations, password resets, magic-link sign-ins, invoices.
• To prevent abuse — rate-limiting, fraud detection, and protection against credential-stuffing.
• To comply with our legal obligations (e.g. invoicing and tax records under Cyprus law).
• To improve the product through aggregated, non-identifying usage statistics.

Lawful basis (GDPR Art. 6)

• Consent. When a customer of one of our tenants submits a booking, they consent to that tenant processing the booking via our platform.
• Contract. Processing the personal data of a paying tenant is necessary to perform the subscription contract between the tenant and Appoinly.
• Legitimate interest. Security logging, fraud-prevention, and minimal product analytics rely on our legitimate interest in operating a safe service. We have performed an internal balancing test; you have the right to object (see below).
• Legal obligation. Invoice records and other financial documents are retained because Cyprus tax law requires it.

Where we store it

All operational data is stored on managed PostgreSQL databases hosted in the European Union (Hetzner data centres in Helsinki, Finland and Falkenstein, Germany — your account configuration determines the region). Data is encrypted at rest at the storage layer (LUKS) and in transit (TLS 1.2+). Daily encrypted backups are retained for 30 days and then deleted.

We do not transfer personal data outside the European Economic Area except where the third-party processors listed below operate. Where a transfer is necessary, it is governed by the EU Standard Contractual Clauses.

Who we share with

• Stripe Payments Europe Ltd. (Ireland). Payment processor for subscriptions and customer deposits. Stripe acts as an independent controller for fraud-prevention purposes; see stripe.com/privacy.
• Brevo SAS (France). Transactional email provider. Receives recipient address, name, and the rendered email body.
• Google LLC (Google Calendar). Only if a tenant explicitly connects a Google Calendar to sync bookings. The tenant grants and can revoke this access at any time.
• Cloudflare, Inc. DNS and edge CDN. Cloudflare processes IP addresses and request metadata for the purpose of DDoS protection.
• Hetzner Online GmbH (Germany). Infrastructure hosting. Hetzner has no application-layer access to data.

We do not sell, rent, or share personal data with advertisers. We do not use third-party tracking on our marketing or product pages.

Your rights

Under GDPR you have the following rights, free of charge:

• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure ("right to be forgotten") — request deletion of your data, subject to legal retention obligations.
• Portability — receive your data in a structured, machine-readable format (JSON or CSV).
• Restriction and objection — restrict or object to certain processing, including processing based on legitimate interest.
• Withdraw consent at any time, where processing is based on consent.
• Lodge a complaint with the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus.

To exercise any of these rights, email [email protected] from the address on file. We will respond within 30 days. If you are a customer of one of our tenants, please contact that tenant first; they are the data controller for the booking data they hold about you.

Cookies

We use a small number of strictly necessary cookies. We do not use third-party advertising or analytics cookies.

• sessionid — keeps you signed in. Expires when the browser closes or after 14 days.
• csrftoken — protects against cross-site request forgery. Required by Django.
• booking_draft — temporarily holds an in-progress booking so you can refresh without losing your place. Expires after 30 minutes.
• cookie_consent — records that you have seen the cookie banner. Lasts 12 months.
• django_language — remembers your language preference (Greek or English). Lasts 12 months.

Retention

• Active tenant accounts: data retained for as long as the subscription is active.
• Cancelled tenant accounts: data retained for 12 months in case the tenant returns, then permanently deleted.
• Encrypted backups containing your data are deleted within 30 days after the live data is deleted.
• Invoice and tax records: 7 years, as required by Cyprus law.
• Security and access logs: 90 days, except where a security incident requires longer retention.

Children

Appoinly is a B2B SaaS product not intended for children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact [email protected] and we will delete it.

Updates to this policy

We may update this policy occasionally to reflect new features, legal requirements, or processor changes. Material changes will be announced by email to the tenant owner at least 30 days before taking effect. The "Last updated" date at the top of this page always reflects the current version. Previous versions are available on request.

Contact

Appoinly — [email protected] · Republic of Cyprus.