Back to Proflowy

Privacy Policy

Last updated: December 11, 2025

1. Introduction

Welcome to Proflowy ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our booking management platform.

This policy applies to all users of Proflowy, including service providers who offer booking services and clients who book appointments.

2. Data Controller

Proflowy is operated by Vitalii Bahmet, PE (Private Entrepreneur), who is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Account Information

  • Name and display name
  • Email address
  • Phone number
  • Physical address (optional)
  • Profile photo and logo
  • Professional title and bio
  • Timezone preferences
  • Social media links (optional)

3.2 Booking Information

  • Appointment dates and times
  • Service details and descriptions
  • Client contact information (name, email, phone)
  • Booking notes and special requests
  • Booking status and history

3.3 Usage Information

  • Notification preferences
  • Calendar integration settings
  • Availability schedules
  • Service configurations

3.4 Technical Information

  • IP address
  • Browser type and version
  • Device information
  • Authentication tokens

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our booking services, manage your account, and fulfill appointments.
  • Consent: Where you have given explicit consent, such as for marketing communications or optional features.
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services, preventing fraud, and ensuring security.
  • Legal Obligation: Processing required to comply with applicable laws and regulations.

5. How We Use Your Data

We use your personal data for the following purposes:

  • Creating and managing your account
  • Processing and managing bookings
  • Sending appointment confirmations and reminders
  • Facilitating communication between service providers and clients
  • Processing payments through our payment provider
  • Providing customer support
  • Improving and personalizing our services
  • Ensuring platform security and preventing fraud
  • Complying with legal obligations

6. Data Sharing

We may share your personal data with the following parties:

6.1 Service Providers and Clients

When you book an appointment, your contact information is shared with the service provider to manage the booking. Similarly, service providers' business information is visible to clients on public booking pages.

6.2 Third-Party Service Providers

  • Supabase: Our database and authentication provider, hosting data in secure EU and US data centers.
  • Paddle: Our payment processor for subscription billing.
  • Email Service Providers: For sending transactional emails and notifications.

6.3 Legal Requirements

We may disclose your data if required by law, court order, or governmental authority, or to protect our rights, property, or safety.

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Specifically:

  • Account data: Retained while your account is active and for up to 30 days after deletion request.
  • Booking records: Retained for 7 years for tax and legal compliance purposes.
  • Communication logs: Retained for up to 2 years.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to Data Portability: Request your data in a machine-readable format.
  • Right to Restrict Processing: Request limitation of how we use your data.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please use the data export feature in your account settings or contact us at [email protected].

9. Cookies and Tracking

We use cookies and similar technologies to:

  • Essential Cookies: Required for the platform to function, including authentication and security.
  • Preference Cookies: Remember your settings and preferences.
  • Analytics Cookies: Help us understand how users interact with our platform (with your consent).

You can manage your cookie preferences through the cookie consent banner or your browser settings.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, to protect your personal data in accordance with GDPR requirements.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit and at rest, secure authentication mechanisms, regular security assessments, and access controls limiting data access to authorized personnel only.

12. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us:

Email: [email protected]

You also have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.