Privacy Policy
Last Updated: May 15, 2026
Looking to delete your data? Jump straight to our Data Deletion Instructions.
1. Data Collection
We collect personal information that you voluntarily provide, including your name, email address, phone number, business details, and any data necessary to operate the platform. We also collect technical data such as IP addresses, device identifiers, and usage logs through cookies and analytics.
2. Use of Data
We use your data to operate the Appointfy service, process your subscription, send service-related notifications via WhatsApp, Instagram, email, or other channels, prevent fraud, and comply with legal obligations in the United Arab Emirates (where our company is incorporated), the United Kingdom, the European Union (GDPR), and any other jurisdiction where we offer the service. Our lawful bases for processing are: (a) performance of the contract with you, (b) our legitimate interests in operating and securing the platform, (c) your consent where required (e.g. for non-essential analytics), and (d) compliance with legal obligations.
3. Sub-Processors
To operate Appointfy we engage the following sub-processors. Each is bound by their own privacy policy and (where applicable) a data-processing agreement that limits use of personal data to the purposes listed below.
| Provider | Purpose | Data categories | Location | Privacy policy |
|---|---|---|---|---|
| Stripe, Inc. | SaaS subscription billing and Stripe Connect marketplace payments. Cardholder data is processed directly by Stripe under PCI-DSS β Appointfy never stores raw card numbers. | Cardholder data, billing address, name, email, payment metadata | United States, Ireland | stripe.com/privacy |
| Supabase, Inc. | Managed Postgres database, authentication, and storage. | All application data: profiles, shops, customers, appointments, message metadata | United Kingdom (production), Singapore (development) | supabase.com/privacy |
| Vercel, Inc. | Application hosting, edge delivery, web analytics, and speed insights. | Request logs, IP addresses, user-agent strings, aggregate usage metrics | Global edge network (primary region: Singapore) | vercel.com/legal/privacy-policy |
| Hostinger International Ltd. | VPS infrastructure for the self-hosted WhatsApp gateway (Evolution API / Baileys). | Customer WhatsApp phone numbers, message routing metadata (delivery status, timestamps) | European Union | hostinger.com/privacy-policy |
| Meta Platforms, Inc. | Instagram Login API, Instagram Business messaging webhook, and outbound Instagram DM delivery for shops that connect their IG Business account. WhatsApp Cloud API messaging (incoming and outbound) for shops that choose the official Cloud API connection method instead of the self-hosted Evolution gateway. | Instagram Business User ID, end-customer Instagram user IDs and usernames; WhatsApp Business Account (WABA) ID, phone number ID, end-customer phone numbers; message content and routing metadata (delivery status, timestamps, conversation IDs) | United States, Ireland | facebook.com/privacy/policy |
| Google LLC | Google Calendar synchronization (optional, only if a shop owner connects their Google account). | Calendar event titles, appointment times, durations, customer names; OAuth refresh tokens | Global | policies.google.com/privacy |
| Functional Software, Inc. (Sentry) | Error tracking and performance monitoring. | Stack traces, user IDs, request paths, anonymized IP addresses | United States, Germany | sentry.io/privacy |
| Upstash, Inc. | Managed Redis cache (optional) for accelerating booking page loads. | Cached query keys: user IDs, shop slugs (no plaintext personal data) | Global edge (primary region: Singapore) | upstash.com/trust/privacy |
Changes to this list. We will give at least 30 days' prior notice β via in-app notification and an update to the "Last Updated" date at the top of this page β before adding or replacing a sub-processor that handles personal data. If you object, you may terminate your account before the change takes effect.
4. Stripe Connect & End-Customer Data
When a Service Provider (Salon/Barber) connects a Stripe account through Appointfy, payments from end-customers flow directly from the customer to the Service Provider's Stripe account. Appointfy does not hold, custody, or transfer end-customer funds at any stage. Cardholder information is collected solely by Stripe. End-customer personal data (name, phone, email) provided during booking is shared with the relevant Service Provider so they can fulfill the appointment.
5. Data Retention
We retain your data for as long as your account is active or as required by law. Upon account closure, we may retain certain records (such as payment history and audit logs) to comply with tax, accounting, and anti-fraud obligations. You may request deletion of personal data subject to these legal requirements.
6. Security
We apply industry-standard security measures including encryption in transit (TLS), encryption at rest, role-based access controls, and regular monitoring. However, no system is fully secure. You acknowledge that data transmission over the internet carries inherent risks, and Appointfy cannot guarantee absolute security.
7. Your Rights
Subject to applicable law, you may request access to, correction of, portability of, or deletion of your personal data. We do not sell your personal data to third parties.
For residents of the European Union, the United Kingdom, and other GDPR-equivalent jurisdictions: in addition to the rights above, you have the right under the GDPR (EU Regulation 2016/679) and the UK GDPR / Data Protection Act 2018 to object to or restrict processing, to lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner's Office at ico.org.uk), and to withdraw consent at any time without affecting the lawfulness of prior processing.
The most common request β deletion of your account or data β is documented step-by-step on our Data Deletion Instructions page. We respond to verified requests within 30 days.
8. Contact
For privacy concerns or data subject requests, contact us at support@appointfy.ai.