Privacy Policy

Last updated: March 8, 2026

1. Introduction

This Privacy Policy describes how Conferma ("we", "our") collects, uses, and protects the personal data of users in compliance with the General Data Protection Regulation (GDPR) and Italian privacy laws.

2. Data Controller

Conferma
Email: support@conferma.app

3. Data Collected

3.1 Account Data

  • Email address
  • Business name
  • WhatsApp Business phone number
  • Billing information (via Stripe)

3.2 Client Data (entered by you)

  • Client names
  • Client phone numbers
  • Appointment dates and times
  • Appointment notes

3.3 Usage Data

  • Access and activity logs
  • Messages sent and received (for statistics)
  • WhatsApp connection status
  • Aggregated service usage data

4. Purposes of Data Processing

We use your data to:

  • Service delivery: Appointment management and sending reminders
  • Billing: Payment processing and sending receipts
  • Customer support: Technical assistance and problem resolution
  • Service improvement: Aggregated analysis for optimizations
  • Communications: Updates on features and service changes
  • Security: Fraud prevention and account protection

5. Legal Basis for Processing

We process your data based on:

  • Contract performance: Necessary to provide you the service
  • Consent: For marketing communications (revocable at any time)
  • Legitimate interest: Service improvement and fraud prevention
  • Legal obligation: Tax data retention requirements

6. Data Sharing with Third Parties

We share data only with:

6.1 Service Providers

  • Supabase: Database hosting (EU/US with Privacy Shield)
  • Stripe: Payment processing (PCI-DSS compliant)
  • Vercel/hosting: Cloud infrastructure

6.2 WhatsApp

Messages are sent via WhatsApp. Please refer to the WhatsApp Privacy Policy for details on their data processing.

6.3 Legal Authorities

We may disclose data if required by law or to protect our rights.

7. Data Retention

  • Active account data: For the duration of the subscription
  • Data after cancellation: 30 days (then completely deleted)
  • Billing data: 10 years (Italian tax obligation)
  • System logs: 90 days (security and debugging)

8. Your Rights (GDPR)

You have the right to:

  • Access: Obtain a copy of your data
  • Rectification: Correct inaccurate data
  • Erasure: Request data deletion ("right to be forgotten")
  • Portability: Receive your data in a structured format
  • Objection: Object to specific processing activities
  • Restriction: Restrict processing in certain circumstances
  • Withdraw consent: Withdraw your consent at any time

To exercise these rights, contact us at: support@conferma.app

9. Security

We protect your data with:

  • TLS/SSL encryption for data transmissions
  • Database encryption at rest
  • Secure authentication with Supabase Auth
  • Restricted data access (principle of least privilege)
  • Continuous monitoring for anomalous activity
  • Regular backups

10. International Transfers

Some providers (Supabase, Stripe) may process data outside the EU. We ensure adequate protections through:

  • EU Standard Contractual Clauses
  • Privacy Shield certifications (where applicable)
  • European Commission adequacy decisions

11. Cookies and Tracking

11.1 Essential Cookies

We use essential cookies for:

  • Authentication and session management
  • Security (CSRF protection)
  • User preferences (theme, language)

11.2 Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC, to understand how users interact with our site. Google Analytics collects:

  • Pages visited and visit duration
  • Device information (browser type, operating system, screen resolution)
  • Anonymized IP address
  • Referral source (how you reached the site)

Google acts as a data processor under GDPR Art. 28. Data may be transferred to the United States under Standard Contractual Clauses (SCCs) approved by the European Commission.

We do not use marketing cookies. Google Analytics is used exclusively for aggregated statistical analysis purposes.

12. Minors

The service is intended only for users aged 18 and over. We do not knowingly collect data from minors.

13. Changes to this Privacy Policy

We may update this policy. Substantial changes will be notified via email with 30 days' advance notice. The last update date is always shown at the top of this page.

14. Supervisory Authority

You have the right to file a complaint with the competent supervisory authority:

Garante per la protezione dei dati personali (Italy)
Piazza Venezia, 11 - 00187 Rome
Tel: +39 06.696771
Website: www.garanteprivacy.it

15. Contact

For questions about privacy or to exercise your rights:

โ† Back to sign up
Conferma โ€” Promemoria Appuntamenti WhatsApp