Privacy Policy

Last updated: March 6, 2026

At Empfio, we take your privacy seriously. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding your data.

This policy applies to all users of our website, dashboard, and AI appointment booking services.

1. Who We Are

Empfio is an AI-powered appointment booking platform for service businesses. We provide multi-channel lead capture and automatic appointment scheduling via WhatsApp, Telegram, web chat, SMS, and voice calls.

Data Controller:

[Company Name] [Street Address] [Postal Code, City] Germany Email: [contact@empfio.de]

2. What Data We Collect

We collect the following categories of personal data:

Account Data

When you create an account, we collect your full name, email address, and password (stored as a secure hash). If you sign in via Google, Facebook, or Microsoft, we receive your name, email, and profile identifier from the respective provider.

Business Data

Information about your business including business name, industry, services offered, business hours, and availability settings.

Customer Data (Leads)

When your customers contact your business through our channels, we collect their name, email, phone number, service requests, and conversation messages to facilitate appointment booking.

Booking Data

Appointment details including date, time, service type, customer information, and booking status.

Usage Data

Technical data such as IP address, browser type, device information, pages visited, and interaction patterns to improve our service.

Payment Data

Billing information is processed by our payment provider Stripe. We do not store your full credit card number. We only retain a reference to your Stripe customer record.

3. Why We Collect Your Data

We process your personal data for the following purposes:

  • Providing our AI appointment booking service
  • Managing your account and business settings
  • Processing conversations and booking appointments on your behalf
  • Sending email notifications about new leads and bookings
  • Processing payments and managing your subscription
  • Improving our service through analytics and performance monitoring
  • Complying with legal obligations

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your data based on:

Contract performance

Processing necessary to provide our services to you (Art. 6(1)(b) GDPR).

Legitimate interest

Analytics, security, and service improvement (Art. 6(1)(f) GDPR).

Consent

Where you have given explicit consent, for example for marketing communications (Art. 6(1)(a) GDPR).

Legal obligation

Where processing is required by law, for example tax and accounting records (Art. 6(1)(c) GDPR).

5. Third-Party Services

We share data with the following trusted service providers, each bound by data processing agreements:

  • Stripe — payment processing (PCI DSS compliant)
  • Twilio — SMS, voice calls, and WhatsApp messaging
  • Resend — transactional email delivery
  • OpenAI — AI conversation processing
  • Google, Facebook, Microsoft — social login authentication
  • Deepgram — voice-to-text transcription
  • ElevenLabs — text-to-voice synthesis

We do not sell your personal data to third parties. Data is only shared with service providers as necessary to deliver our platform.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. When you delete your account, we remove your personal data within 30 days, except where retention is required by law (e.g., invoicing records retained for 10 years under German tax law).

Conversation data and lead information are retained for the duration of your subscription. You can delete individual leads and conversations from your dashboard at any time.

7. Your Rights

Under the GDPR, you have the following rights:

Access

Request a copy of the personal data we hold about you.

Rectification

Request correction of inaccurate or incomplete data.

Erasure

Request deletion of your personal data ("right to be forgotten").

Restriction

Request that we limit processing of your data.

Portability

Receive your data in a structured, machine-readable format.

Objection

Object to processing based on legitimate interest.

To exercise any of these rights, contact us at [contact@empfio.de]. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS) and at rest, secure password hashing, access controls, and regular security reviews.

9. International Data Transfers

Our servers are hosted in the European Union. Some of our third-party service providers (such as OpenAI and Stripe) may process data outside the EU. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

10. Cookies

We use cookies and similar technologies on our platform. You can manage your preferences through our cookie consent banner.

Essential Cookies

These cookies are necessary for the platform to function and cannot be disabled. They include authentication tokens, session management, and security cookies.

Analytics Cookies

We use Google Analytics to understand how visitors interact with our platform. These cookies collect anonymous usage data such as pages visited, time spent, and interaction patterns. Analytics cookies are only activated with your consent.

Marketing Cookies

We may use marketing cookies to measure the effectiveness of our advertising campaigns. These cookies are only activated with your explicit consent.

You can change your cookie preferences at any time by clearing your browser's local storage or using your browser's cookie settings.

11. Children's Privacy

Our services are designed for businesses and are not directed at individuals under the age of 16. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our platform. The date at the top of this page indicates when this policy was last revised.