Back to home

Privacy Policy

Last updated: April 5, 2026

1. Who we are

Timebooking (“we”, “us”, “our”) is an online appointment booking platform that enables businesses to manage their schedules and allows their customers to book appointments. This Privacy Policy explains how we collect, use, and protect personal data when you use our service at timebooking.app.

2. Data we collect

We collect different data depending on how you interact with Timebooking:

Business owners (account holders)

  • Name and email address (provided at registration)
  • Password (stored as a secure hash, never in plain text)
  • Company, location, and service information you create
  • Session data: IP address and user agent (for security and fraud prevention)

Customers (booking a service)

  • Name, email address, and phone number (provided when booking)
  • Booking details: date, time, selected services, and any notes

All visitors

  • We use a privacy-friendly, cookieless analytics service hosted in the EU that collects aggregated usage patterns without identifying individual visitors or storing personal data. No consent is required under the ePrivacy Directive
  • Standard server logs (IP address, request path, timestamp) for security and debugging

3. How we use your data

  • To provide and operate the booking service
  • To send booking confirmations and notifications
  • To authenticate your account and maintain session security
  • To prevent fraud, abuse, and unauthorized access
  • To improve the service (aggregated, non-personal usage patterns)

4. Legal basis (GDPR)

We process personal data under the following legal bases:

  • Contract performance — Processing necessary to provide the booking service you requested (Art. 6(1)(b) GDPR)
  • Legitimate interest — Security measures, fraud prevention, and service improvement (Art. 6(1)(f) GDPR)
  • Legal obligation — Where required by applicable law (Art. 6(1)(c) GDPR)

5. Data sharing

We do not sell personal data. We share data only in these limited cases:

  • Business ownerssee their customers' booking data (name, email, phone, booking details) to manage appointments
  • Payment processor — We use Stripe to process subscription payments. Stripe receives company name, email, and payment details under their own privacy policy
  • Infrastructure providers — We use EU-hosted services for database hosting, email delivery, and application hosting. These providers process data on our behalf under data processing agreements
  • Legal requirements — If required by law, court order, or regulatory authority

6. Data storage and security

All data is stored on servers located in the European Union. We use encryption in transit (TLS/HTTPS) and follow security best practices including hashed passwords, secure session management, and database access controls. Only essential personnel have access to production data.

7. Data retention

  • Account data — Retained while your account is active. Deleted upon account deletion request.
  • Booking data — Retained for business records. Customer personal data (name, email, phone) is anonymized upon account deletion or after a reasonable retention period.
  • Session data — Expired sessions are periodically cleaned up.
  • Server logs — Retained for up to 90 days for security and debugging purposes.

8. Your rights

Under the GDPR, you have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate personal data
  • Erasure — Request deletion of your personal data
  • Data portability — Receive your data in a machine-readable format
  • Restriction — Request limited processing of your data
  • Objection — Object to processing based on legitimate interest

Account holders can export and delete their data directly from their account settings. For other requests, contact us at the address below.

9. Cookies

Timebooking uses only strictly necessary cookies for session authentication. These are exempt from consent requirements under the ePrivacy Directive. We use a cookieless, privacy-friendly analytics service that does not set any cookies or track individual visitors. We do not use advertising or third-party tracking cookies.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. The “Last updated” date at the top reflects the most recent revision.

11. Contact

For privacy-related questions or to exercise your rights, contact us at: [email protected]