Privacy notice
This page explains how Meetimely processes personal data for owner accounts, business profiles, and customer bookings. It is designed for GDPR transparency and should be reviewed with your legal counsel before production launch.
1. Controller information
Meetimely
Germany
Email: privacy@meetimely.com
Privacy contact: privacy@meetimely.com
2. Roles in the platform
Meetimely is generally the controller for owner account registration, login sessions, business onboarding, support, package settings, and platform security. For customer booking data submitted to a business, the business will generally act as controller and Meetimely will generally act as processor on behalf of that business. This allocation should also be reflected in your contracts with business customers.
3. Categories of data
Owner account data: full name, email address, password hash, verification status, sessions.
Business profile data: business name, slug, address, phone, description, logo, Google listing data, opening hours, settings.
Booking data: customer name, email, phone, notes, appointment details, selected services, appointment status.
Technical and security data: session identifiers, verification tokens, password-reset tokens, server-side operational logs.
4. Purposes and legal bases
Account creation, login, and owner verification: Article 6(1)(b) GDPR.
Business onboarding, public booking page delivery, and appointment management: Article 6(1)(b) GDPR.
Platform security, fraud prevention, duplicate-account prevention, and limited operational logging: Article 6(1)(f) GDPR.
Email notifications necessary for the service, including booking confirmations and password resets: Article 6(1)(b) GDPR and, where relevant, Article 6(1)(f) GDPR.
Where a business uses Meetimely to receive customer bookings, Meetimely processes booking data on the business's documented instructions under Article 28 GDPR.
5. Recipients and processors
Hosting and application infrastructure providers.
Database and storage providers.
Email delivery providers used to send verification, password reset, and booking emails.
Google services where a business chooses to import listing information.
A written processor agreement should be in place with each relevant service provider, and business customers should receive a subprocessor list through your contractual documentation.
6. International transfers
If service providers process data outside the EEA, transfers must rely on a valid GDPR transfer mechanism such as an adequacy decision, including the EU-U.S. Data Privacy Framework where applicable, or the Standard Contractual Clauses with any supplementary measures required.
7. Retention
Sessions and verification tokens should be deleted when expired and no longer needed.
Owner account data should be retained for as long as the account remains active and afterwards only as long as required for legal claims, bookkeeping, or security documentation.
Business customer booking data should be retained according to the business customer's documented retention policy and legal obligations.
Meetimely should implement documented deletion schedules and cleanup procedures to support these retention periods.
8. Cookies and similar technologies
Meetimely currently uses a necessary session cookie for authentication. If you later introduce analytics, advertising, or other non-essential tracking technologies, additional consent under German TDDDG rules and GDPR will be required before those technologies are activated.
9. Data subject rights
Individuals may request access, rectification, erasure, restriction, portability, or object to processing where the GDPR provides those rights. They may also lodge a complaint with a competent supervisory authority. Requests can be sent to privacy@meetimely.com.
10. Security
Meetimely uses technical and organisational measures such as hashed passwords, hashed verification tokens, access control, transport security in production, and security headers. Additional measures such as rate limiting, backup and restore procedures, and breach-response workflows should be documented and maintained.