Privacy Policy

The data controller responsible for your personal data is: LohiSoft s.r.o. Komenskeho 317/135 Sturovo, 943 01 Slovak Republic Tax ID: SK2121316725 Email: info@yappointment.com

We process your personal data for the following purposes and on the following legal bases under GDPR Articles 6 and 9:

• Contract performance (Art. 6(1)(b)) – Providing appointment booking services, user account management, customer support
• Consent (Art. 6(1)(a)) – Analytics cookies, marketing communications, SMS notifications
• Legitimate interest (Art. 6(1)(f)) – Service improvement, fraud prevention, platform security
• Legal obligation (Art. 6(1)(c)) – Tax records, regulatory compliance, law enforcement requests

We collect and process the following categories of personal data:

• Identity data – Name, email address, phone number, profile information
• Appointment data – Booking details, service history, preferences, cancellations
• Technical data – IP address, browser type, device information, operating system
• Usage data – Pages visited, features used, interaction patterns, session duration
• Payment data – Transaction records processed via Stripe (we do not store card numbers)
• Communication data – SMS messages, email correspondence, in-app notifications

We share your personal data with the following trusted service providers who process data on our behalf:

• Stripe, Inc. (USA) – Payment processing. Stripe is PCI DSS Level 1 certified. Data transfers governed by Standard Contractual Clauses (SCCs). Privacy: https://stripe.com/privacy
• Twilio, Inc. (USA) – SMS notifications and communication. Data transfers governed by SCCs. Privacy: https://www.twilio.com/legal/privacy
• Mistral AI (France, EU) – AI-powered features such as smart scheduling and text generation. Data stays within the EU. Mistral AI does not use your data to train its models. Privacy: https://mistral.ai/terms/#privacy-policy
• Google LLC (USA) – Google Analytics 4 for anonymous website usage statistics. Only activated with your consent. Data transfers governed by SCCs. Privacy: https://policies.google.com/privacy
• Rackforest Kft. (Hungary, EU) – Server hosting and infrastructure. Data remains within the EU. Contact: info@rackforest.com
• Firebase Cloud Messaging (Google, USA) – Push notifications for mobile app. Data transfers governed by SCCs.

Some of our service providers are located outside the European Economic Area (EEA). When transferring personal data outside the EEA, we rely on: • Standard Contractual Clauses (SCCs) approved by the European Commission • Adequacy decisions where available • Supplementary security measures including encryption in transit and at rest You can request a copy of the applicable SCCs by contacting us at info@yappointment.com.

We retain your personal data only as long as necessary for the purposes described in this policy:

• Appointment and booking data – 3 years from the last appointment
• Invoicing and billing records – 7 years (legal obligation for tax purposes)
• Analytics data (GA4) – 14 months (Google's maximum retention with anonymization)
• User account data – Until account deletion request + 30-day grace period
• SMS/communication logs – 1 year
• Server logs – 90 days
• Cookie consent records – 1 year (then re-consent required)

Under the General Data Protection Regulation, you have the following rights:

• Right of access (Art. 15) – Request a copy of your personal data we process
• Right to rectification (Art. 16) – Correct inaccurate or incomplete personal data
• Right to erasure (Art. 17) – Request deletion of your personal data ('right to be forgotten')
• Right to restriction (Art. 18) – Request limited processing of your data
• Right to data portability (Art. 20) – Receive your data in a structured, machine-readable format
• Right to object (Art. 21) – Object to processing based on legitimate interest
• Rights related to automated decision-making (Art. 22) – We do not make solely automated decisions that significantly affect you

Our platform uses Mistral AI to provide intelligent features such as: • Smart scheduling suggestions • Automated text generation for business communications • Data analysis and reporting insights Mistral AI is a French company operating within the European Union. Your data processed by Mistral AI remains within the EU and is subject to GDPR protections. Mistral AI does not use your personal data to train or improve its AI models. All AI features are optional and you can choose not to use them.

We use SMS for appointment reminders and booking confirmations. SMS delivery is handled through: • Twilio (cloud-based SMS provider, USA) • Android SMS Gateway App (business phone direct SIM-based sending) Transactional SMS (appointment reminders, booking confirmations) are sent based on the service agreement when you book an appointment. Marketing SMS requires your explicit opt-in consent and you can unsubscribe at any time by replying STOP or through your account settings.

We use cookies and similar technologies. For detailed information about the cookies we use, please see our Cookie Policy. We implement Google Consent Mode v2, which means no analytics cookies are set unless you give explicit consent.

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where possible, by email. We recommend reviewing this policy periodically. The 'Last updated' date at the top indicates the most recent revision.

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with: Urad na ochranu osobnych udajov Slovenskej republiky (Office for Personal Data Protection of the Slovak Republic) Hranicna 12 820 07 Bratislava 27 Slovak Republic Website: https://www.dataprotection.gov.sk/ Email: statny.dozor@pdp.gov.sk You may also lodge a complaint with the supervisory authority of your country of residence.

For any questions about this Privacy Policy or to exercise your data protection rights: LohiSoft s.r.o. Komenskeho 317/135 Sturovo, 943 01, Slovak Republic General inquiries: info@yappointment.com Billing inquiries: billing@yappointment.com