This Data Processing Agreement ("DPA") forms part of the Terms of Service between Appointer, operated by [FOP/TOV NAME] ("Processor"), and the customer ("Controller"). It defines how Appointer processes personal data on the Controller's behalf in compliance with GDPR.
1. Scope
This DPA applies to all personal data processed by Appointer in the course of providing the Service. It supersedes any previous data processing terms.
2. Roles
The Controller determines the purposes and means of processing. The Processor (Appointer) processes only on the Controller's documented instructions, as set out in the Terms and this DPA.
3. Subject of processing
- Categories of data subjects: the Controller's customers, staff, and end-clients who book through Appointer.
- Categories of personal data: name, email, phone, booking history, service notes, payment metadata.
- Duration: for the term of the Service plus 30 days, after which data is permanently deleted.
4. Sub-processors
Appointer engages the following sub-processors. The Controller authorises this list at signup; Appointer notifies the Controller of any addition or replacement at least 30 days in advance so the Controller may object.
- LiqPay (PrivatBank) — online card payment processing. Payments are taken through the Controller's own LiqPay merchant account and settle directly to the Controller; Appointer does not hold funds or store full card details.
- Resend — transactional email delivery (confirmations, reminders, notifications).
- Twilio — SMS delivery, including reminder and notification messages.
- PostHog — product analytics and session replay, configured with input masking and with the public booking app excluded from replay.
- Cloud infrastructure and hosting providers — servers, storage, and encrypted backups.
5. Security
Appointer implements technical and organisational measures appropriate to the risk: encryption of all traffic in transit, hashed credentials, per-tenant data isolation, role-based access to production systems, audit logging of administrative actions, and regular encrypted backups. An overview is published on our Security page.
6. Data subject requests
The Controller can act on most data-subject requests directly in Appointer: a client record can be exported in a machine-readable format or erased (anonymised and removed from lists and search) from within the account. For anything the app doesn't cover, Appointer will assist the Controller with reasonable requests (access, correction, deletion, portability) within seven business days — send these via our contact page.
7. Audits
On request, Appointer will complete security questionnaires and provide a written description of its technical and organisational measures. Independent audit reports will be made available under NDA as they are obtained.
8. Cross-border transfers
Where sub-processors process personal data outside the EU/EEA, transfers are protected by GDPR safeguards such as Standard Contractual Clauses. Details about processing locations are available on request.
9. Termination
On termination of the Service, Appointer deletes or returns all personal data within 30 days, unless retention is required by law. Backups roll off after a further 30 days.
10. Liability
Liability under this DPA is governed by the limitations set out in the Terms of Service.
Need a counter-signed copy with your company stamp? Reach us via our contact page — we turn DPAs around within a few business days.