Privacy Policy
Glie Lda. · Effective date: May 20, 2026
1. Who We Are
1.1. Appointments is a SaaS scheduling platform operated by Glie Lda., a company incorporated in Portugal. We provide tools for independent professionals and small teams to schedule appointments, collect advance payments, and run online consultations with their clients.
1.2. For any privacy-related question, request, or concern, you may contact us at [email protected].
1.3. References to "we", "us", "our", "Appointments", or "the platform" in this policy refer to Glie Lda. as the data controller for the activities described below.
2. Scope of This Policy
2.1. This Privacy Policy applies to personal data that we process when you visit our website at appointments.glie.ai, create an account, subscribe to a paid plan, use the platform, or interact with us through the support channels we make available.
2.2. Where a professional (our customer) uses Appointments to provide services to their own clients, that professional is the controller for the personal data of those clients and is responsible for informing them about how that data is processed. In those activities, Appointments acts as a processor on the professional's behalf.
2.3. This policy also covers the data we obtain when you voluntarily connect a third-party account (for example, Google) to Appointments. The purposes, legal bases, and sharing categories described in Sections 4, 5, and 7 do not apply to data obtained through the Google APIs; that data is used solely as described in Section 6. Section 6 describes the Google connection in detail.
3. Personal Data We Collect
3.1. Account data: name, email, password (stored hashed), profile photo, locale, time zone, role inside the organization, two-factor authentication settings.
3.2. Organization data: organization name, slug, fiscal country, VAT number, address, primary color, logo, locale, currency, plan, subscription status.
3.3. Appointment data: client name and email, service booked, date and time, modality (in-person or online), notes written by the professional, payment status, recurrence configuration.
3.4. Payment data: handled by our payment provider, Stripe. We store identifiers (such as Stripe customer ID and subscription ID) but never card numbers or banking credentials.
3.5. Usage and security data: log entries, IP addresses, browser and device information, timestamps of sign-ins, error reports, audit history of changes to appointments and other resources.
3.6. Communications: emails we send to you (invoices, reminders, system notifications) and messages you send us through our support channels.
3.7. Cookies and local storage: we set a minimal number of essential cookies that are strictly necessary to operate the platform — namely session and CSRF tokens for authentication and a short-lived cookie that grants access to a specific public video call when applicable. We also use the browser's localStorage to remember your cookie consent choice and your language preference. We do not set analytics, advertising, or tracking cookies on the marketing site without your explicit consent through the cookie banner. You can review and clear these cookies and localStorage entries at any time from your browser settings.
4. How We Use Personal Data
4.1. To provide the platform: create and authenticate accounts, store and present appointments and client records, send confirmation and reminder emails, generate booking links, host online video calls.
4.2. To process payments: collect subscription fees through our payment providers, charge clients on behalf of professionals where they have enabled paid bookings, issue receipts and invoices.
4.3. To operate and improve the service: monitor uptime and performance, detect and prevent abuse and fraud, debug errors, plan capacity, develop new features.
4.4. To communicate with you: respond to support requests, notify you of relevant product changes, send legally required notices.
4.5. To comply with legal obligations: tax records, accounting, responses to lawful requests from authorities, exercise and defense of legal rights.
5. Legal Bases for Processing
5.1. Performance of a contract: account creation, delivery of the subscribed services, payment processing.
5.2. Legitimate interest: security, fraud prevention, product improvement, internal analytics, defense of legal rights.
5.3. Legal obligation: tax, accounting, anti-fraud, and any other obligation imposed on us by applicable law.
5.4. Consent: where we rely on consent (for example, certain optional integrations), you can withdraw it at any time without affecting the lawfulness of processing performed before the withdrawal.
6. Google User Data (Calendar & Meet Integration)
6.1. Appointments offers an optional integration with Google Calendar so that a professional can automatically reflect their Appointments-created sessions on their own Google Calendar and offer Google Meet links for online consultations. This integration is strictly opt-in and is initiated by the professional from Settings → Integrations.
6.2. When you choose to connect your Google account, we request a single OAuth scope: https://www.googleapis.com/auth/calendar.events. We do not request access to your Gmail, your contacts, your Drive, or any other Google product. We also do not request the broader https://www.googleapis.com/auth/calendar scope.
6.3. We use this scope exclusively for two purposes, only on the connecting professional's own primary Google Calendar: (a) to create calendar events that correspond to appointments scheduled inside Appointments, so that those appointments appear on the professional's Google Calendar alongside their other commitments; and (b) to attach a Google Meet conference link to those events through the conferenceData.createRequest field at event creation, so that online consultations can take place inside Google Meet.
6.4. We never read, modify, or delete events on your Google Calendar that were not created by Appointments. We only manage events whose Google event identifier we have stored in our own database when we created them. When you cancel a corresponding appointment inside Appointments, we delete the event we previously created.
6.5. The OAuth access and refresh tokens we receive from Google are encrypted at rest using AES-256-GCM with a key controlled by Glie. They are decrypted in memory only when needed to call the Google Calendar API.
6.6. You can revoke the Google connection at any time from Settings → Integrations. On disconnection we revoke the refresh token with Google and delete it from our database. You may also revoke our access at any time from your Google Account at https://myaccount.google.com/permissions.
6.7. Limited Use commitment: Appointments' use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: we use Google user data only to provide and improve user-facing features of Appointments that are prominent in the user interface; we do not use Google user data for serving advertisements; we do not use Google user data to train artificial intelligence or machine learning models; we do not allow humans to read this data, except (a) with the user's explicit consent for specific user-initiated support requests, (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) for internal operations where the data has been aggregated and anonymized; and we do not transfer or sell Google user data to third parties.
6.8. "Sign in with Google" login (separate from the Calendar integration above): when you choose to sign in to Appointments using your Google account, we request only the standard non-sensitive OpenID Connect scopes "openid", "email", and "profile". These give us your Google account email, name, profile photo URL, and a stable account identifier, which we use solely to create or update your Appointments account. We do not request any sensitive Google scope for login. The Calendar/Meet integration described in 6.1–6.7 is independent and only happens when you explicitly enable it from Settings → Integrations.
7. Sharing and Disclosure
7.1. We do not sell personal data. We share it only with the categories of recipients described below, and only to the extent necessary for the purposes stated in this policy.
7.2. Subprocessors and service providers: Stripe (payment processing), Google Cloud Platform (cloud hosting), SMTP relay providers (email delivery), structured logging used for operational diagnostics, customer support tooling, analytics, and similar infrastructure required to operate the platform.
7.3. Authorities and legal requests: where required to comply with a binding legal obligation, court order, or lawful request from a competent authority, and within the limits permitted by applicable law.
7.4. Corporate transactions: in the context of a merger, acquisition, financing, restructuring, or sale of assets, provided that the recipient agrees to honor commitments substantially equivalent to those in this policy.
7.5. With your instruction: when you ask us to share specific information with a third party (for example, when you authorize an integration).
8. International Transfers
8.1. We are based in the European Union. Some of our service providers may process data outside the European Economic Area. Where personal data is transferred to a country that has not been recognized by the European Commission as offering an adequate level of protection, we rely on Standard Contractual Clauses or other safeguards required by applicable law.
9. Retention
9.1. We retain personal data for as long as needed to provide the platform, comply with our legal and accounting obligations, exercise or defend legal rights, prevent fraud, and resolve disputes.
9.2. Account data is retained while your account is active. Upon account closure, we delete or anonymize personal data within a reasonable time, except where retention is required by law (for example, invoices for the period required by tax legislation).
9.3. Google OAuth tokens are deleted when you disconnect the integration or close your account.
9.4. Backups may persist for a limited additional period under standard rotation policies before being overwritten.
10. Your Rights
10.1. Subject to the conditions and limits set by the data protection law applicable to your case, you have the right to: access your personal data, request correction, request deletion, request restriction or objection to certain processing, request portability, and withdraw consent where consent is the legal basis.
10.2. To exercise any of these rights, contact us at [email protected]. We may ask for information that lets us verify your identity before acting on the request.
10.3. You also have the right to lodge a complaint with the competent supervisory authority in your country.
11. Security
11.1. We apply technical and organizational measures intended to protect personal data against unauthorized access, alteration, disclosure, or destruction.
11.2. These measures include encryption in transit (HTTPS/TLS) for all communications between your browser and our servers, encryption at rest of sensitive credentials (Google OAuth tokens, payment provider keys) using AES-256-GCM, role-based access controls, audit logging of billing events and key platform actions, two-factor authentication for accounts that enable it, and regular review of our security posture.
11.3. No method of transmission or storage is fully impervious. We encourage you to use strong passwords, enable two-factor authentication, and notify us immediately of any suspected unauthorized access.
12. Children
12.1. Appointments is not directed to children. We do not knowingly collect personal data from minors below the age required by the applicable law in their jurisdiction.
13. Changes to This Policy
13.1. We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the platform itself. The current version is always available at appointments.glie.ai/privacy and the effective date is shown at the top.
13.2. Where a change is material, we will use reasonable efforts to notify you in advance, for example by email or by a notice inside the platform.
14. Contact
14.1. Glie Lda. · [email protected] · https://appointments.glie.ai