Servers in Germany
Terminz stores all data on servers in Germany. No transfer to the US or other third countries. Full control over where your customer data lives.
Everything your business needs
10 features built for service businesses — from booking to payments.
Booking & Scheduling
Business Operations
GDPR Compliant
GDPR-compliant appointment booking
Every online booking is the processing of personal data. That means your booking system must comply with the GDPR — or you are liable as the operator. Terminz is built from the ground up for German data protection law.
Why GDPR matters for appointment booking
When a customer books an appointment online, they transmit personal data: name, contact details, sometimes treatment type or health information. As the operator, you are the controller under Art. 4(7) GDPR. You are liable for the lawful, transparent and secure processing of this data.
This leads to clear requirements for the software you use: data should be stored within the EU (ideally Germany), the provider must offer a Data Processing Agreement (DPA) under Art. 28 GDPR, transmission must be encrypted, and your customers must be able to exercise their rights (access, deletion, data portability).
GDPR checklist for your booking software
- Servers in Germany or EU — no transfer to third countries without an adequacy decision
- Data Processing Agreement (DPA) under Art. 28 GDPR is available and signable
- Full HTTPS/TLS encryption in transit
- On-demand data export — for customer access requests
- Role-based access control — only authorized staff see customer data
- Deletion routines for former customers — so data is not kept indefinitely
DPA under Art. 28 GDPR
A Data Processing Agreement is available by default. You can sign it at sign-up — meeting the legal requirement of Art. 28 GDPR before you first process customer data.
SSL encryption
All data is transmitted via HTTPS/TLS. Neither your customer nor third parties can intercept or tamper with booking data in transit.
Data export & deletion
Your customers are entitled to access and deletion under Art. 15 and 17 GDPR. Terminz offers full data export and secure deletion as part of the platform.
Sub-Processors
Terminz uses the following vetted third-party providers to operate the service. All providers are covered by a Data Processing Agreement under Art. 28 GDPR.
| Provider | Purpose | Location | Safeguard |
|---|---|---|---|
| Amazon Web Services (AWS) | Hosting, database, file storage (S3) | Germany (eu-central-1) | Art. 28 GDPR DPA |
| Sentry (Functional Software, Inc.) | Error tracking and application monitoring | USA | Standard Contractual Clauses (SCCs) |
| Resend | Transactional emails (booking confirmations, notifications) | USA | Standard Contractual Clauses (SCCs) |
Sentry and Resend are only loaded when the user has consented to analytics cookies. If consent is withdrawn, no data is sent to these services.
Want more depth?
Our detailed guide explains step by step how to set up your booking page in a GDPR-compliant way — including privacy notice, consent and common pitfalls.
Read the guideFrequently asked GDPR questions
What is the GDPR and why does it apply to me?
The GDPR regulates the handling of personal data in the EU. As soon as you store customer data for appointments — even just name and phone number — you are legally responsible. This applies regardless of business size.
Is booking data considered sensitive?
Yes. Name, contact details and appointment history are personal data. If you also record health data (e.g., for beauty or wellness treatments), this counts as a special category under Art. 9 GDPR and is subject to stricter rules.
Do I need a Data Processing Agreement (DPA)?
Yes. As soon as you use booking software that processes your customer data, you must sign a DPA with the provider under Art. 28 GDPR. Terminz provides a DPA by default. Without a DPA, use is not legally permitted.
Can my provider use US servers?
Since the CJEU 'Schrems II' ruling, transferring personal data to the US carries significant legal risk. Terminz runs exclusively on German servers — you avoid the risk completely.
What rights do my customers have?
Your customers have, among others, the right to access (Art. 15), rectification (Art. 16), deletion (Art. 17) and data portability (Art. 20). Terminz enables full data export and secure deletion as part of the platform.
Do I have to delete old customer data?
Yes. Under the storage limitation principle (Art. 5(1)(e) GDPR), data may only be stored as long as needed. For hairdressing services that's usually a few years — tax retention obligations may require longer. Terminz offers deletion routines that help.
Start GDPR-compliant with Terminz
You don't need to be a data protection expert. Terminz handles the technical requirements — you focus on your salon.