1. Data Controller
This Privacy Policy explains how Meetario collects, uses, stores, and protects your personal data when you use our website at https://meetario.com, our applications, and related services (collectively, the "Service").
The data controller responsible for your personal data is Meetario, a sole proprietorship registered in Ukraine.
Contact details:
Data Protection Officer (DPO)
Our Data Protection Officer can be reached at privacy@meetario.com. The DPO is responsible for overseeing our data protection strategy and ensuring compliance with applicable data protection laws.
For payment-related data processing, Paddle.com Market Limited / Paddle.com Inc. acts as an independent data controller. For details, see Paddle's Privacy Policy at https://www.paddle.com/legal/privacy.
2. Personal Data We Collect
2.1 Data You Provide Directly
- Account data: full name, email address, password (stored in hashed form), profile picture, job title, organization, time zone
- Scheduling data: event titles, descriptions, times, dates, locations, attendee information
- Booking data: invitee names, email addresses, phone numbers, custom form responses, booking notes
- Payment information: billing name, billing address, and payment method details (processed by Paddle; we do not store card numbers)
- Communications: messages you send to us via email or support channels
- Booking page content: text, images, and settings you configure on your scheduling pages
2.2 Data from Third-Party Services
When you connect third-party accounts, we may receive:
- Your name, email address, and profile picture from OAuth providers (Google, Microsoft)
- Calendar event data (titles, times, dates, locations, attendees) from Google Calendar and Microsoft Outlook
- Video meeting URLs and metadata from Zoom and Jitsi
- Messaging identifiers from Telegram, WhatsApp, Viber, and Slack for notification delivery
- CRM contact and deal data from HubSpot, Salesforce, and Pipedrive when you enable those integrations
We only access data within the scope of permissions you explicitly grant. You may revoke access at any time through your account settings.
2.3 Data Collected Automatically
- Device and browser information: IP address, browser type and version, operating system, device type
- Usage data: pages visited, features used, timestamps, referring URL
- Cookies and similar technologies: see Section 8 below
2.4 Payment Data
Payment transactions are processed by Paddle as the Merchant of Record. We do not collect or store your payment card details. Paddle collects your billing information (name, email, billing address, payment method) as an independent data controller. See Paddle's Privacy Policy for details.
3. Legal Bases for Processing (GDPR Article 6)
We process your personal data on the following legal bases:
| Legal Basis |
Purpose |
Examples |
| Contract performance (Art. 6(1)(b)) |
To provide the Service you requested |
Account creation, scheduling, calendar sync, booking confirmations, payment processing, notifications via email/Telegram/WhatsApp/Viber/Slack |
| Legitimate interests (Art. 6(1)(f)) |
To improve and secure the Service |
Analytics, fraud prevention, security monitoring, troubleshooting, CRM integration syncs |
| Consent (Art. 6(1)(a)) |
Where you have given explicit consent |
Marketing emails, optional analytics cookies, connecting third-party integrations |
| Legal obligation (Art. 6(1)(c)) |
Compliance with laws |
Tax records, responding to lawful requests from authorities |
4. How We Use Your Personal Data
- To create and manage your account and authenticate your identity
- To provide, operate, and maintain the scheduling Service
- To process bookings, appointments, and send related notifications (email, SMS, Telegram, WhatsApp, Viber, Slack)
- To sync with connected calendars (Google Calendar, Microsoft Outlook) and conferencing tools (Zoom, Jitsi)
- To process payments through Paddle (Stripe, PayPal)
- To sync booking data with connected CRM platforms (HubSpot, Salesforce, Pipedrive)
- To respond to your support requests and communications
- To send you service-related notices (e.g., security alerts, maintenance updates)
- To send marketing communications (only with your consent; you may opt out at any time)
- To analyze usage trends and improve the Service
- To detect, prevent, and address fraud, abuse, and security issues
- To comply with applicable legal obligations
5. Who We Share Your Data With
We do not sell your personal data. We may share your data with the following categories of recipients:
5.1 Payment Processor
Paddle.com processes all payment transactions as an independent data controller. We share your email address and transaction-related data with Paddle for billing purposes. Paddle uses Stripe and PayPal as underlying payment processors.
5.2 Infrastructure and Service Providers
We use third-party providers for hosting, email delivery, analytics, and customer support. These providers process data on our behalf under data processing agreements (DPAs) that ensure adequate protection of your data. Providers are located in the EU/EEA or in countries with an adequate level of data protection, or we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs).
5.3 Connected Third-Party Services
When you connect integrations, data is shared with those providers under their respective privacy policies and within the scope of permissions you grant. These services include:
- Calendar providers: Google Calendar, Microsoft Outlook
- Video conferencing: Zoom, Jitsi Meet
- Messaging platforms: Telegram, WhatsApp, Viber, Slack
- CRM platforms: HubSpot, Salesforce, Pipedrive
- Payment services: Stripe, PayPal (via Paddle)
5.4 Other Users
When you share a scheduling page or booking link, certain profile information (name, photo, availability) is visible to anyone with the link. Attendee information is shared between meeting participants.
5.5 Legal and Safety
We may disclose your data if required by law, regulation, court order, or governmental request, or if we believe disclosure is necessary to protect rights, safety, or property.
5.6 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will notify you of any such transfer and any choices you may have.
6. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including Ukraine and the United States. This occurs when we use infrastructure providers or when data flows to connected third-party services (such as Google, Microsoft, Zoom, Stripe, or Telegram) that operate globally.
Where such transfers occur, we ensure that appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions by the European Commission where applicable
- The EU-U.S. Data Privacy Framework for transfers to certified U.S. organizations
- Other mechanisms recognized under GDPR Article 46
You may request a copy of the safeguards we use by contacting us at privacy@meetario.com.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy:
- Account data: retained for the duration of your account and deleted within 30 days of account deletion, unless retention is required by law
- Scheduling and booking data: retained for the duration of your account; past event data is kept for your records and reporting
- Calendar sync data: cached temporarily and refreshed on each sync cycle; deleted upon disconnection of the integration
- Messaging integration data: chat identifiers and notification logs are retained while the integration is active and deleted within 30 days of disconnection
- Usage and analytics data: retained in anonymized/aggregated form for up to 26 months
- Payment records: retained for the period required by applicable tax and accounting laws (typically 5-7 years), held by Paddle
- Marketing consent records: retained for as long as you are subscribed to marketing communications, plus 3 years for compliance purposes
- Server logs: retained for up to 90 days for security and debugging purposes
8. Cookies and Tracking Technologies
We use cookies and similar technologies to operate and improve the Service. A cookie is a small text file stored on your device by your web browser.
8.1 Types of Cookies We Use
| Category |
Purpose |
Examples |
Duration |
Required? |
| Strictly Necessary |
Authentication, security, core functionality |
Session cookie (PHPSESSID), CSRF token |
Session / 2 hours |
Yes (no consent needed) |
| Functional |
Remember your preferences |
Language, timezone, cookie consent preference |
Up to 1 year |
Consent-based |
| Analytics |
Understand usage patterns to improve the Service |
Page views, feature usage, aggregate traffic data |
Up to 26 months |
Consent-based |
8.2 Managing Your Cookie Preferences
When you first visit our website, a cookie consent banner allows you to accept all cookies, accept only necessary cookies, or customize your preferences. You can change your cookie preferences at any time by clearing your browser cookies and revisiting the site, or through your browser settings.
Most web browsers allow you to control cookies through their settings. Please note that disabling certain cookies may affect the functionality of the Service.
8.3 No Advertising or Cross-Site Tracking
We do not use advertising cookies. We do not participate in cross-site tracking. We do not sell data to advertisers.
9. Your Rights
Under the GDPR and applicable data protection laws, you have the following rights regarding your personal data:
- Right of access (Art. 15): obtain confirmation of whether we process your data and request a copy of your personal data in a commonly used format
- Right to rectification (Art. 16): correct inaccurate or incomplete personal data. You can update most information directly in your account settings.
- Right to erasure / right to be forgotten (Art. 17): request deletion of your personal data. You can delete your account through account settings, or contact us to request erasure.
- Right to restriction of processing (Art. 18): request that we limit how we use your data in certain circumstances
- Right to data portability (Art. 20): receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV) and transmit it to another controller
- Right to object (Art. 21): object to processing based on legitimate interests, including profiling and direct marketing
- Right to withdraw consent (Art. 7(3)): withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal
- Right not to be subject to automated decision-making (Art. 22): we do not use automated decision-making that produces legal or similarly significant effects
9.1 How to Exercise Your Rights
To exercise any of these rights, contact us at privacy@meetario.com. We will respond within 30 days (extendable by two further months for complex requests, with notification). We may ask you to verify your identity before processing your request.
You can also perform many of these actions directly through your Meetario account:
- Access and rectification: view and edit your profile data in Account Settings
- Data export: request a full export of your personal data by contacting privacy@meetario.com
- Account deletion: you may request the deletion of your account and all associated data by contacting us at privacy@meetario.com
- Integration disconnection: disconnect any third-party integration from your Integrations page
9.2 Right to Lodge a Complaint
If you are not satisfied with how we handle your request or believe we are processing your data unlawfully, you have the right to lodge a complaint with a data protection supervisory authority. You may file a complaint with:
- The supervisory authority in the EU/EEA Member State of your habitual residence or place of work
- The UK Information Commissioner's Office (ICO) if you are in the United Kingdom
- The Office of the Australian Information Commissioner (OAIC) if you are in Australia
- The Ukrainian Parliament Commissioner for Human Rights if you are in Ukraine
10. Children's Privacy
The Service is not directed to anyone under the age of 16 (or such higher age as required by applicable law in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@meetario.com and we will take steps to delete such data promptly.
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit using TLS/SSL
- Secure password hashing (bcrypt)
- Role-based access controls
- Regular security reviews and vulnerability assessments
- Secure session management with Redis-backed storage
While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
12. Automated Decision-Making
We do not use your personal data for automated decision-making, including profiling, that produces legal effects or similarly significant effects on you. Our round-robin scheduling feature distributes bookings across team members based on configurable rules, but this does not affect your legal rights or produce significant effects on invitees.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and/or by posting a prominent notice on the Service at least 14 days before the changes take effect.
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the effective date of a revised policy constitutes your acknowledgment of the changes.
Previous versions of this Privacy Policy are available upon request.