Privacy Policy

1. Introduction

Gapli ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our booking platform and related services. We comply with the EU General Data Protection Regulation (GDPR) and applicable national data protection laws.

2. Information We Collect

We collect the following types of personal data:

• Account information: name, email address, phone number, and password (hashed)
• Business information: business name, address, logo, operating hours, and services offered
• Booking data: appointment details, dates, times, and service preferences
• Payment information: transaction records (payment details are processed securely by Stripe and not stored on our servers)
• Usage data: IP address, browser type, device information, and pages visited
• Communication preferences: your consent choices for email and SMS notifications

3. How We Use Your Information

We use the information we collect to:

• Provide and maintain our booking platform
• Process bookings and facilitate communication between businesses and customers
• Send booking confirmations, reminders, and updates
• Process payments and prevent fraud
• Improve and personalise your experience
• Send promotional communications (only with your explicit consent)
• Comply with legal obligations

4. Legal Basis for Processing

Under GDPR, we process your data based on:

• Contract: processing necessary to provide our services to you
• Consent: for marketing communications and optional data collection
• Legitimate interest: to improve our services, prevent fraud, and ensure security
• Legal obligation: to comply with applicable laws and regulations

5. Data Sharing

We may share your information with:

• Service businesses: your booking details are shared with the business you book with
• Payment processors: Stripe processes payment transactions on our behalf
• Email service providers: to send transactional emails and notifications
• Legal authorities: when required by law or to protect our rights

We do not sell your personal data to third parties. All data sharing is subject to appropriate data processing agreements.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. If you request account deletion, we will delete your personal data within 30 days, except where retention is required by law (e.g., financial records). Anonymised data may be retained for analytical purposes.

7. Your Rights

Under GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate or incomplete data
• Erase your data ("right to be forgotten")
• Restrict processing of your data
• Data portability — receive your data in a structured, machine-readable format
• Object to processing based on legitimate interest
• Withdraw consent at any time for consent-based processing

To exercise any of these rights, please contact us at booking@gapli.app.

8. Cookies

We use essential cookies to maintain your session and language preferences. We do not use advertising or tracking cookies. Essential cookies are necessary for the platform to function and cannot be disabled.

9. Data Security

We implement industry-standard security measures including encryption in transit (TLS/SSL), secure password hashing, rate limiting, and regular security reviews. While no method of transmission over the internet is 100% secure, we strive to protect your personal information.

10. International Transfers

Your data is primarily processed within the European Economic Area (EEA). If any data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us: