Privacy Policy

Applio (“Applio”, “we”, “us”) provides a booking and business-management platform consisting of mobile and web applications used by service businesses (“Businesses”) and their customers (“Clients”), together with this website (collectively, the “Service”). This Privacy Policy explains what personal data we collect, why we collect it, how it is used and protected, and the rights you have. By using the Service you acknowledge this Policy.

For the account data of Businesses and visitors to this website, Applio acts as a data controller.

For personal data that a Business enters or manages inside the Service about its own Clients (for example names, phone numbers, appointments and visit history), Applio acts as a data processor on behalf of that Business, which remains the data controller. If you are a Client of a Business that uses Applio, please direct privacy requests to that Business first — we will assist them in fulfilling your request.

• Account data — name, email address, phone number, password (stored only in securely hashed form), business name, branding and settings.
• Booking data — appointments, selected services, prices, time slots, booking status, reviews and ratings, and notes attached to bookings.
• Client records — contact details and visit history that Businesses keep about their Clients within the Service.
• Payment data — the Applio application does not process online payments. Bookings made through the app do not involve an online payment, and any payment for a Business’s services is arranged and settled directly between the Client and the Business, outside of Applio. Where a Business chooses a paid Applio subscription, that billing is handled by a third-party payment provider acting as merchant of record; Applio never receives or stores full payment card numbers.
• Technical and usage data — device type, operating system, app version, language preference, log and crash data, and approximate location derived from your IP address.
• Communications — messages you send to our support channels.

• To provide, operate and maintain the Service;
• To send transactional notifications such as booking confirmations, reminders, schedule changes and service announcements;
• To provide customer support;
• To protect the Service against fraud, abuse and security incidents;
• To analyse aggregate usage and improve features;
• To comply with legal obligations (e.g. accounting and tax);
• With your consent, to send marketing communications — which you can withdraw at any time.

Where the EU General Data Protection Regulation (GDPR) or equivalent laws apply, we process personal data on the following legal bases: performance of a contract (providing the Service you signed up for), our legitimate interests (securing and improving the Service), your consent (marketing, optional features), and compliance with legal obligations.

We do not sell, rent or trade personal data to third parties. Ever.

Your information is stored and processed on the secure cloud infrastructure of Google Firebase and Supabase, which provide our hosting, database, authentication and notification services. These providers process data only on our instructions, under their own strict security and privacy commitments, and are bound by data-protection agreements.

We share personal data only:

• with the vetted service providers that help us run the Service — namely Google Firebase and Supabase (hosting, database, authentication and notifications) and, where applicable, a third-party subscription payment provider and error-monitoring tools. These providers process data solely on our instructions and are bound by data-protection agreements;
• within a Business account — staff members of a Business can see the bookings and Client records of that Business according to their role;
• when required by law, court order or to protect the rights, safety and property of Applio, our users or the public;
• in connection with a merger, acquisition or sale of assets, in which case we will notify you before personal data becomes subject to a different privacy policy.

Our infrastructure providers may process data in the European Union and in other countries. Where personal data is transferred outside the EU/EEA, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and adequacy decisions.

We keep personal data for as long as your account is active. After an account is cancelled, account data remains available for 90 days (so you can return or export it), after which it is deleted or irreversibly anonymised — unless a longer retention period is required by law (for example invoicing and tax records). Businesses can delete individual Client records at any time from within the Service.

We use industry-standard safeguards to protect personal data: encryption in transit, hashed credentials, role-based access controls, the principle of least privilege and reputable, certified infrastructure providers. No method of transmission or storage is 100% secure; if a breach affecting your personal data occurs, we will notify you and the competent authority as required by applicable law.

Depending on applicable law, you have the right to: access the personal data we hold about you; have inaccurate data corrected; request deletion; restrict or object to processing; receive your data in a portable format; and withdraw consent at any time without affecting prior processing.

To exercise any of these rights, contact us at hello@theapplio.org. You also have the right to lodge a complaint with your local data-protection supervisory authority.

The Service is not directed at children. Accounts may only be created by persons aged 16 or older. Bookings for minors may be made by a parent or legal guardian.

Transactional notifications (booking confirmations, reminders and important service announcements) are an integral part of the Service. Marketing notifications are optional and can be disabled at any time in the app settings or via the unsubscribe link in emails.

This website uses only essential browser storage — for example to remember your language preference. We do not use third-party advertising or cross-site tracking cookies on this website.

We may update this Policy from time to time. The current version will always be available at this address, with its effective date shown below. If we make material changes, we will notify you through the Service or by email before they take effect.

Questions about privacy? Contact us at hello@theapplio.org.