Last updated: February 2026
Appointmint is a brand and software operated by AMBITIOUS WORLD, Lda. (NIPC 519085027), with registered office at Rua Sabino Pedro Henriques, 10, Santa Iria de Azóia, Loures, Portugal ("Appointmint", "we"). Privacy contact: [email protected]. Support: [email protected].
Controller: The Customer is the controller of personal data they enter into the Services.Appointmint acts as Processor to provide Services to Customer and as Controller only for usage/website data necessary for its own operation.
3.1. By Customer (via Services): identification and contact of clients/patients (e.g., name, email, phone), appointment history, preferences, notes and data related to services provided, billing data and, when configured by Customer, possible health data or other special categories (Art. 9 GDPR).
3.2. By Appointmint (own): account data (admin/Customer Users), business data (e.g., business name), billing data (metadata), support and communications, usage metrics, and technical logs (e.g., IP, user agent, date/time, session identifiers, security events).
3.3. Website/cookies data: cookies and similar technologies per Cookie Policy (may include Google Analytics, Meta Pixel and LinkedIn, when accepted).
3.4. Messaging integration data (WhatsApp): when Customer activates WhatsApp integration, we may process data described in "WhatsApp Data" section (Cl. 6).
Customer Data: generally, for the duration of the contract. After termination, we provide a 30-day export period and then proceed to deletion and/or anonymization per Terms, unless legally required to retain.
WhatsApp messages: if Customer chooses to keep conversation history in Services, messages, media and metadata may be retained during contract term and until post-termination export period.
Security logs: technical periods (typically 12–24 months) or legal, for audit and fraud prevention.
When Customer activates WhatsApp integration (WhatsApp Business API), Appointmint may process data necessary to send/receive messages and operate the integration, such as:
Purposes: provide messaging service (send/receive, organize conversations, Customer support), security and abuse prevention, and legal compliance.
We do not sell message content or phone numbers.
We share data only as necessary to operate Services, with Sub-processors (examples: cloud infrastructure, CDN/security, email/SMS, billing and payments) and support providers. Main Sub-processors are listed in Terms (Annex B). We do not sell data. International transfers only with adequate GDPR safeguards (e.g., SCC).
Data subjects have rights of access, rectification, erasure, restriction, portability and objection (as applicable), and right to lodge complaint with CNPD.
Practical rule: for data processed by Customer (including WhatsApp messages sent by Customer to their contacts), requests should be addressed to Customer (controller). For Appointmint's own data, contact: [email protected].
We apply technical and organizational measures proportionate to risk (e.g., encryption in transit/HTTPS, role-based access control, principle of least privilege, audit logs and backups).
WhatsApp and encryption: WhatsApp uses end-to-end encryption between users on WhatsApp; after message is delivered to integration/API and our systems for Customer processing, we protect it with appropriate security measures.
We store data preferentially in European Economic Area (EEA). When there are transfers outside EEA (e.g., by third-party providers), we apply adequate safeguards (e.g., Standard Contractual Clauses) and supplementary measures when necessary.
To request deletion of data related to Appointmint, send an email to [email protected] with subject "Data Deletion Request" and include:
• your WhatsApp phone number (if applicable);
• the name of the company/organization that contacted you (if you know);
• the email/identifier associated with the account (if applicable).
If the request concerns messages sent by a company using Appointmint, we may forward the request to that company (controller) when appropriate.
AMBITIOUS WORLD, Lda.
NIPC: 519085027
Registered office: Rua Sabino Pedro Henriques, 10, Santa Iria de Azóia, Loures, Portugal
Email: [email protected]
Updates will be communicated on dashboard/website, entering into force on indicated date.