Book a Demo

Legal

Privacy Policy

Last updated: 19 May 2026

Template notice. This policy is a working starting point. Before publishing, have it reviewed by a qualified data protection lawyer in your jurisdiction. Replace placeholder details (subprocessor list, DPO contact, retention periods) with values that match your actual operations.

This Privacy Policy explains how Chatbookr ("we", "us") collects, uses, and protects personal data when you visit chatbookr.com or use the Chatbookr service. We are based in Dublin, Ireland, and we follow the EU General Data Protection Regulation (GDPR).

Who is the data controller?

For data collected through this website and through your Chatbookr account as a clinic customer, Chatbookr is the data controller.

For patient conversations handled inside a clinic's Chatbookr workspace, the clinic is the data controller and Chatbookr is the data processor. Patients should contact their clinic directly for questions about their own data.

What we collect

Information you give us

  • Account details: name, email, clinic name, phone number.
  • Billing details: company name, address, VAT ID, payment information (handled by our payment processor — we do not store card numbers).
  • Demo and sales enquiries: anything you choose to send us by email or through the demo flow.

Information from connected services

  • WhatsApp Business: phone number, business profile, message content needed to schedule visits.
  • Google Calendar: calendar availability and event details (created, updated, or read for booking purposes only).

Information we collect automatically

  • Technical data: IP address, browser type, device type, timestamps, referrer.
  • Usage data: pages viewed, features used, errors encountered.
  • Cookies: see the Cookies section below.

How we use your data

  • To provide and operate the Chatbookr service.
  • To answer your questions and provide support.
  • To send service-related notifications (e.g. billing, downtime, breaking changes).
  • To improve the product (in an aggregated, non-identifying form wherever possible).
  • To meet legal obligations (e.g. tax, accounting, GDPR responses).

Legal basis

  • Contract performance — to deliver the service you've signed up for.
  • Legitimate interests — to keep the service secure, troubleshoot issues, and improve the product, where these interests don't override your rights.
  • Legal obligation — to comply with applicable law.
  • Consent — for optional cookies and any marketing emails.

Who we share data with

We use trusted subprocessors to run the service. They are bound by contract to protect your data and only process it on our instructions. Our current subprocessors include:

  • Meta Platforms Ireland Limited — WhatsApp Business API.
  • Google Ireland Limited — Google Calendar APIs.
  • [Hosting provider] — EU-region infrastructure.
  • [Payment processor] — billing.
  • [Email provider] — transactional and support email.

We do not sell personal data. We do not share data with third parties for their own marketing.

Where data is stored

Production data is hosted in the European Union. Where any subprocessor processes data outside the EU, we rely on Standard Contractual Clauses (SCCs) or an equivalent valid transfer mechanism.

How long we keep data

  • Account and billing data: kept for the duration of your subscription and for up to [X] years afterwards for tax and audit reasons.
  • Patient conversation data inside a clinic workspace: retained according to the clinic's configured retention policy and deleted when the clinic instructs us to do so.
  • Website analytics data: retained for [X] months.
  • Support emails: retained for [X] years.

Your rights under GDPR

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion ("right to be forgotten").
  • Restrict or object to certain processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time, where processing is based on consent.
  • Complain to a supervisory authority — in Ireland, that's the Data Protection Commission.

To exercise any of these rights, email privacy@chatbookr.com. We respond within 30 days.

Cookies

We use a small number of strictly-necessary cookies to run the site. We don't currently use advertising cookies. If we add analytics or marketing cookies, we'll ask for your consent first through a cookie banner.

Security

We take security seriously. Read more on the Security page, including encryption, access control, and incident response.

Children

Chatbookr is a B2B product for clinics. The service is not directed at children. Patient minors are handled by the clinic under its own data processing rules.

Changes to this policy

We may update this policy from time to time. We'll post the new version here with an updated "last updated" date. For material changes that affect existing customers, we'll also send a notice by email.

Contact

Privacy questions: privacy@chatbookr.com
General contact: info@chatbookr.com
Postal: Chatbookr, Dublin, Ireland