RicordamiApp GDPR Compliance

Data Processor and Data Controller Roles

When you use RicordamiApp to send reminders to your clients:

  • • We are your data processor and you are our data controller for your clients' personal data (phone numbers, appointment details)
  • • Our Data Processing Agreement governs the roles and responsibilities during the processing of your clients' personal data

When you create an account and use our website:

  • • We are the data controller for your personal account information
  • • Our Privacy Policy applies to how we handle your personal data as controller

Summary of Processing as Data Processor

1. Purpose Limitation

We use your clients' data exclusively to provide WhatsApp appointment reminder services. We do not use any of your clients' personal data for marketing, profiling, or similar purposes. Data processed includes: phone numbers, appointment details, and reminder delivery status.

2. Right to Be Forgotten

We have "right to be forgotten" procedures in place. We automatically and completely delete a customer's data 90 days after account cancellation. The only reason for retaining data for 90 days is to allow customers a reasonable time to reactivate their account. Upon request, we can delete data sooner.

3. Data Deletion

When customer data is deleted, we immediately remove all customer data from our active systems, including calendar events, phone numbers, reminder history, and client responses. Data may remain in encrypted backups for up to 30 days as part of our data recovery procedures, after which it is permanently deleted. The only data we retain long-term after deletion is that required to meet legal requirements such as invoices and payment records.

4. Trial Account Cleanup

When someone creates a trial account but never converts to a paid subscription, the account is deleted from active systems 180 days after the trial expires. Data may remain in encrypted backups for up to 30 additional days before permanent deletion.

5. Security Measures

We take all reasonable measures to ensure the reliability of personnel who have access to personal data. We have technical and organizational measures in place to keep personal data confidential and secure, protecting it from accidental loss or destruction, alteration, unlawful disclosure, or access.

6. Hosting Infrastructure

RicordamiApp is hosted in Germany on secure cloud infrastructure. We regularly perform security audits to ensure we follow recommended data protection guidelines.

7. EU Data Storage

Our hosting region is Germany, an EU Member State. We store production data exclusively within the European Union.

Summary of Data Collection and Processing as Data Controller

Data collected from RicordamiApp users (the "reminder service")

Analytics

We use Kissmetrics and Microsoft Clarity to understand how our site is used. These services collect only UI interactions (clicks, buttons, page views) but never receive client phone numbers, appointment details, or other personal data.

Email Communications

Our email system is managed by Fastmail.com and we send transactional emails via Mailgun.com (both hosted in the EU). When you contact us, your communications are securely stored on EU-based infrastructure.

Error Logging

We use Sentry.io for technical error logging and monitoring. No personal information is ever sent to Sentry.

Account Creation and Management

  • • When you create a RicordamiApp account, we store your email address and account information
  • • We store your IP address, browser information, and connection details to detect service abuse
  • • This information is stored in our database hosted in Germany and is not shared with other services

WhatsApp Integration

  • • We process your WhatsApp number to send you account notifications and demo messages
  • • We use the WhatsApp Business API exclusively to deliver appointment reminders to the phone numbers you specify

Google Calendar Integration

  • • We access your Google Calendar data under your explicit authorization
  • • We use basic pattern recognition to identify phone numbers in calendar event descriptions and titles
  • • We store only calendar events that contain valid phone numbers and match your keyword filter criteria
  • • Calendar data is processed only to identify appointments that need reminders

Data collected from your clients (reminder recipients)

Reminder Delivery and History

  • • We process the phone numbers you provide to send WhatsApp reminders
  • • We store complete reminder history: delivery status, message templates, timestamps, read receipt status
  • • We store client responses to reminders (confirmations, cancellations, replies)
  • • We maintain delivery attempt logs, including failed delivery records
  • • For active accounts, reminder history is retained indefinitely

Client Opt-out Management

  • • We maintain opt-out lists for phone numbers that have requested to stop receiving reminders
  • • Opt-out requests are managed per account to respect individual client preferences

Financial transaction information collected

When you become a paying customer

  • • Payment processing is handled by Stripe, our payment partner
  • • We can see your name, billing address, email address, and VAT number (if provided)
  • • We cannot see your credit card details
  • • Transaction data is shared with our accountants and relevant tax authorities as required by law
  • Stripe Privacy Policy

Contact Information

For any questions about RicordamiApp and GDPR compliance, contact us at: [email protected]

This policy was last updated: 2025-08-01