← Back to home

PRIVACY POLICY (Self-Service)

Last updated: February 2026

1. Who we are

Appointmint is a brand and software operated by AMBITIOUS WORLD, Lda. (NIPC 519085027), with registered office at Rua Sabino Pedro Henriques, 10, Santa Iria de Azóia, Loures, Portugal ("Appointmint", "we"). Privacy contact: [email protected]. Support: [email protected].

2. Roles (Customer vs Appointmint)

Controller: The Customer is the controller of personal data they enter into the Services.Appointmint acts as Processor to provide Services to Customer and as Controller only for usage/website data necessary for its own operation.

3. Data processed

3.1. By Customer (via Services): identification and contact of clients/patients (e.g., name, email, phone), appointment history, preferences, notes and data related to services provided, billing data and, when configured by Customer, possible health data or other special categories (Art. 9 GDPR).
3.2. By Appointmint (own): account data (admin/Customer Users), business data (e.g., business name), billing data (metadata), support and communications, usage metrics, and technical logs (e.g., IP, user agent, date/time, session identifiers, security events).
3.3. Website/cookies data: cookies and similar technologies per Cookie Policy (may include Google Analytics, Meta Pixel and LinkedIn, when accepted).
3.4. Messaging integration data (WhatsApp): when Customer activates WhatsApp integration, we may process data described in "WhatsApp Data" section (Cl. 6).

4. Purposes and legal bases (GDPR)

  • Performance of contract (provision of Services).
  • Compliance with legal obligations (billing, security).
  • Legitimate interests (security, fraud prevention, product improvement and support), without overriding data subjects' rights.
  • Consent when applicable (e.g., non-essential cookies; Customer's marketing when required by law).

5. Retention and deletion

Customer Data: generally, for the duration of the contract. After termination, we provide a 30-day export period and then proceed to deletion and/or anonymization per Terms, unless legally required to retain.
WhatsApp messages: if Customer chooses to keep conversation history in Services, messages, media and metadata may be retained during contract term and until post-termination export period.
Security logs: technical periods (typically 12–24 months) or legal, for audit and fraud prevention.

6. WhatsApp Data (Meta-friendly section)

When Customer activates WhatsApp integration (WhatsApp Business API), Appointmint may process data necessary to send/receive messages and operate the integration, such as:

  • Phone numbers (of Customer and their end contacts) and, when available, profile name/identifier.
  • Message content (text) and media sent/received (e.g., images, documents, audio), as well as attachments and captions.
  • Metadata: timestamps, delivery/read status, message/conversation IDs, and template information (name/ID) when applicable.
  • Meta platform technical data: IDs related to integration (e.g., WhatsApp Business Account ID, Phone Number ID) and webhook payloads for logging and troubleshooting.
  • Credentials/tokens: when necessary to maintain integration active, we may store credentials/tokens in protected form (e.g., encryption and restricted access).

Purposes: provide messaging service (send/receive, organize conversations, Customer support), security and abuse prevention, and legal compliance.
We do not sell message content or phone numbers.

7. Sharing and sub-processors

We share data only as necessary to operate Services, with Sub-processors (examples: cloud infrastructure, CDN/security, email/SMS, billing and payments) and support providers. Main Sub-processors are listed in Terms (Annex B). We do not sell data. International transfers only with adequate GDPR safeguards (e.g., SCC).

8. Rights and controls

Data subjects have rights of access, rectification, erasure, restriction, portability and objection (as applicable), and right to lodge complaint with CNPD.
Practical rule: for data processed by Customer (including WhatsApp messages sent by Customer to their contacts), requests should be addressed to Customer (controller). For Appointmint's own data, contact: [email protected].

9. Security

We apply technical and organizational measures proportionate to risk (e.g., encryption in transit/HTTPS, role-based access control, principle of least privilege, audit logs and backups).
WhatsApp and encryption: WhatsApp uses end-to-end encryption between users on WhatsApp; after message is delivered to integration/API and our systems for Customer processing, we protect it with appropriate security measures.

10. International transfers

We store data preferentially in European Economic Area (EEA). When there are transfers outside EEA (e.g., by third-party providers), we apply adequate safeguards (e.g., Standard Contractual Clauses) and supplementary measures when necessary.

11. Data deletion instructions

To request deletion of data related to Appointmint, send an email to [email protected] with subject "Data Deletion Request" and include:
• your WhatsApp phone number (if applicable);
• the name of the company/organization that contacted you (if you know);
• the email/identifier associated with the account (if applicable).
If the request concerns messages sent by a company using Appointmint, we may forward the request to that company (controller) when appropriate.

12. Contacts

AMBITIOUS WORLD, Lda.
NIPC: 519085027
Registered office: Rua Sabino Pedro Henriques, 10, Santa Iria de Azóia, Loures, Portugal
Email: [email protected]

13. Changes

Updates will be communicated on dashboard/website, entering into force on indicated date.

© 2026 Appointmint - AMBITIOUS WORLD, Lda.