← Back to Schedy

Privacy Policy

Version: 1.1.0 · Last updated: May 8, 2026.

1. Data controller

The data controller for personal data collected through the website, early-access forms and communications related to Schedy is:

  • Controller: Alejandro Hinojosa
  • Contact email: info@schedyapp.com
  • Tax details and registered address for legal notices: to be filled in before commercial contracting, recurring billing or definitive exploitation of the service.

Schedy is in early-access and validation phase. The complete identifying details will be filled in before commercial exploitation, formal contracting or recurring billing of the service begins.

2. Who this policy refers to

We may process personal data of the following categories of people, depending on how they interact with Schedy:

  • People who request early access from the landing page.
  • Registered users who create an account to manage their business on Schedy.
  • Team members invited by a business.
  • End customers who book through the public booking page of a business that uses Schedy.
  • People who contact Schedy by email or support.

3. Data we may process

We may process the following categories of data, depending on how you interact with Schedy:

  • Identifying data: first name, last name, business name.
  • Contact data: professional email, phone number if provided.
  • Professional or business data: sector, type of activity, approximate size, booking needs.
  • Data submitted in forms, emails or communications.
  • Account data: username, configuration, preferences, language, timezone.
  • Service usage data: services created, resources, schedules, bookings, statuses, business configuration.
  • End-customer data entered by the user business or captured on the public booking page: name, email, phone, booking information, or other data necessary to manage a booking.
  • Technical data: IP address (typically stored as a hash), technical identifiers, logs, device, browser, errors or security events.

4. Purposes of processing

We process personal data to:

  • Manage early-access requests.
  • Contact people interested in Schedy.
  • Activate, configure or accompany product trials.
  • Provide booking-management functionalities.
  • Create and maintain user accounts.
  • Manage public booking pages.
  • Send operational communications related to the service.
  • Resolve questions, technical support or incidents.
  • Improve the platform's security, stability and performance.
  • Analyse product use and evolution where there is consent or another legal basis.
  • Comply with legal obligations.
  • Send commercial communications about Schedy where there is a legal basis to do so.

5. Legal basis

The legal bases for processing may be:

  • Consent of the data subject, when submitting a form, signing up to an early-access list, accepting the analytics banner, or accepting communications.
  • Pre-contractual measures or performance of a contractual relationship, when requesting access, using Schedy, or contracting the service in the future.
  • Legitimate interest, to maintain the security of the service, prevent abuse, improve the platform, manage communications related to prior requests, or analyse basic product use.
  • Compliance with legal obligations, where it is necessary to retain or communicate information by regulatory requirement.

You may withdraw your consent at any time by writing to info@schedyapp.com or, in the case of analytics, by rejecting it from the banner. Withdrawal does not affect the lawfulness of prior processing.

6. End-customer data of user businesses

When a business uses Schedy to manage bookings of its own customers, the business acts as data controller in respect of those customers.

In that case, Schedy acts as data processor and processes the data following the user business's instructions, in accordance with the Data Processing Agreement available as a separate document.

The user business is responsible for informing its end customers about the processing of their data and for having a sufficient legal basis to use Schedy.

7. Data retention

We will retain data for as long as is necessary to fulfil the purposes above.

As an indication:

  • Early-access request data will be retained while interest in the product remains and, at most, for 24 months from the last interaction, unless you ask for it to be deleted earlier.
  • Account and service-usage data will be retained while the account is active.
  • Data related to support or incidents will be retained while necessary to resolve and document them.
  • Technical and security data may be retained for the time necessary to protect the service, investigate incidents, or comply with legal obligations.
  • Some data may be kept blocked for the periods required by law.

8. Recipients and providers

We may use the technological providers required to operate Schedy, such as hosting, database, email, monitoring, support, automation, or, in the future, payment services.

In particular, we use Mixpanel (project hosted in the European Union region, api-eu.mixpanel.com) as a product-analytics tool. The integration follows these rules:

  • Events fired from the browser (client analytics) are only sent when the person has accepted analytics from the banner. If they reject, Mixpanel is not initialised in the browser and no client events are sent.
  • Schedy also records server-side events related to actions of a registered user's account or to aggregated interactions on the public booking page (for example, sign-up, configuration, bookings created, booking-wizard steps). These events are processed under legitimate interest or performance of the service, as applicable, and are configured to exclude email, phone, full name, notes or IP address — only technical identifiers and aggregated counters.
  • In both cases, Mixpanel is configured not to collect IP address (ip:false / geolocate:false) and not to perform automatic page tracking.

Such providers will only process data when necessary to provide their services to Schedy and under appropriate contractual conditions.

We do not sell personal data to third parties. We do not use advertising or remarketing cookies or pixels, social-network trackers (Meta, LinkedIn, TikTok, etc.), or cross-site behavioural tracking.

9. International transfers

Some technological providers may process data from outside the European Economic Area. When this occurs, we will endeavour to ensure that processing is supported by safeguards recognised by applicable regulations, such as adequacy decisions, standard contractual clauses, or other valid mechanisms.

The Mixpanel project used by Schedy is hosted in its European region to minimise this scenario.

10. Data subject rights

You may exercise your rights of access, rectification, erasure, objection, restriction of processing and portability by writing to:

info@schedyapp.com

The request must reasonably allow us to identify you. In some cases, we may ask for additional information to verify your identity.

You may also lodge a complaint with the Spanish Data Protection Agency (AEPD) if you consider that the processing of your data does not comply with applicable regulations.

11. Security

We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss, alteration, disclosure or destruction.

However, no internet-connected system can guarantee absolute security. During the testing phase, Schedy may modify measures, infrastructure or procedures to improve the security and stability of the service.

12. Minors

Schedy is not directed at minors under 18. If we detect that we have collected data of a minor without sufficient legal basis, we may delete it.

13. Changes to this policy

We may update this Privacy Policy to adapt it to legal, technical or functional changes.

When changes are material, we will endeavour to communicate them by reasonable means.

14. Contact

For inquiries related to this policy: info@schedyapp.com