Privacy Policy
The minup.io service (the “Service”) is a cloud-based online appointment booking system that could be embedded in a website. Minup Informatikai Zrt. (hereinafter referred to as the “Service Provider”) is the data controller and service provider, which is also the data processor for the user using the Service.Minup Informatikai Zrt. (hereinafter referred to as the “Service Provider”) is the data controller and service provider, which is also the data processor for the user using the Service.
Company details:
Company name: Minup Informatikai Zrt.
Representative: Ádám Gyula Marjai
Postal address: 2071 Páty, Völgy sétány 8. 2. ajtó
Email: hello@minup.io
Tax number: 32636774-2-13
VAT: HU32636774
Company registration number: 13-10-042751
Lead bank account: Gránit Bank Zrt.
Bankszámlaszám: 12100011-18560482
Contact person for data management: Áron Dudás
Email address: adatkezeles@minup.io
Users of the minup.io online booking system:
- Visitors: visitors who visit our Site and do not intend to use our services either as a User or as an Appointment Booker.
- Users or Customers: a natural person, directly or indirectly identifiable as an individual, creates an instance of the appointment booking system through the registration of their representative and uses the service with the intention of managing their appointments. Users are considered as data controllers for the purposes of data management with respect to the Appointment Bookers.
- Appointment bookers: those who book an appointment for a particular service on the Users’ system and, by booking an appointment on the User’s website, also submit their personal data to our company’s system as a data processor.
The minup.io online appointment booking system collects and processes personal data from its Users for the purposes and to the extent described in the following paragraphs:
I. All our users (Visitor, User, Appointment Booker)
By visiting our website, our visitors place technical data from their own devices on the web servers of https://minup.io/.
A.) Management of cookies
1. The Service Provider’s website and the Appointment Booking System use cookies. Cookies are text files that are stored by your browser on your hard drive. Their content includes the Web pages and advertisements you visit and search for. However, cookies do not contain any personal data such as name, address, e-mail address, etc. The cookie is used by the visitor of the site, for example, to obtain access to information on a page.
2. You do not need to have any special settings on your browser to download cookies to your computer. By default, your browser will accept cookies and store them in a list (e.g. “Temporarily downloaded Internet files”), as there is no risk involved. If you do not want the operator to use cookies, you can deactivate the acceptance of cookies in your web browser. For more information on this, please refer to the help of your browser.
3. If you accept the cookies, they will be stored on your computer unless you delete them earlier. However, please note that not using cookies may result in limited functionality of our website.
4. Please be aware that when using this website, you may also receive 3rd party cookies on your device to help us share content on social networking sites, to provide traffic statistics or to support our marketing activities.
List of 3rd party cookies used in connection with the Service Provider’s website and the Appointment Booking System:
– Google Analytics
– WordPress.com
– CookieYes
– Hotjar
5. If you do not want to accept certain types of cookies, you can set your browser to not allow a unique identifier or to warn you if the website wishes to send you a cookie. Please refer to your internet browser instructions or help screen to learn more about these features and to fine-tune your cookie settings.
6. By using the Service, the User accepts that by restricting the operation of cookies, certain functions of the website may become inoperable.
B.) Our data processors
Hetzner
We use Hetzner servers to operate the Service. The servers are located within the European Union (Helsinki, Finland).
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany
Retention period: see the block on the management of data recorded in the reservation system.
Hotjar (GDPR)
We collect technical data about visits to the website and use of the Service using Hotjar. The data collected by Hotjar (e.g. device type, browser type, language settings, referring website address, IP address of the browser device and other geographic data) is stored anonymously, independently of personal data, and is used as the basis for statistical analysis to optimize the usability and marketing of the system.
Hotjar Ltd
Dragonara Business Centre
5th Floor, Dragonara Road,
Paceville St Julian’s STJ 3141
Malta
Retention period: see the block on the management of data recorded in the reservation system.
Google Analytics
We use Google Analytics to collect information about visits to the website. From every visitor, the following types of data is collected: device type, browser type, language settings, referring website address, IP address of the browser device and other geographic data. From visitors who are signed in to their Google accounts and have consented to Ads Personalization, additional information is collected that may include end user location, search history, YouTube history, and data from sites that partner with Google—and is used to provide aggregated and anonymized insights into your users’ cross device behaviors. All data is stored anonymously, independently of personal data, and is used as the basis for statistical analysis to optimize the usability and marketing of the website.
Retention period: anonymous data collected by Google Analytics will be retained for up to 3 years.
Webflow (GDPR)
We collect the email addresses of newsletter subscribers here.
Webflow, Inc.
398 11th Street, 2nd Floor
San Francisco, CA 94103
United States
Retention period: data collected by Webflow will be kept until unsubscribed.
CookieYes (GDPR)
Under GDPR legislation, we use cookies to record and store consent to the processing of your data.
CookieYes Limited
3 Warren Yard Warren Park, Wolverton Mill
Milton Keynes, MK12 5NW
United Kingdom
Retention period: according to legal obligations.
Meta Pixel (GDPR)
Meta Pixel is a tool that allows us to track user interactions on our website to help improve our services and deliver personalized content. This tracking technology collects data such as page visits, actions taken, and other browsing information which is shared with Meta to enhance advertising and user experience.
Meta Platforms, Inc.
1 Hacker Way, Menlo Park
California 94025
USA
Retention period: 180 days
II. Users (Customers)
A.) Data processing related to registration, creation and maintenance of the booking system.
Legal basis: the processing is based on the performance of the contract established by the User or his/her natural person representative by registering for the Service, completing the registration form and ticking the checkbox indicating acceptance of this Privacy Policy (Article 6 (1) b GDPR).
Purpose: to perform the agreement concluded between the Customer and the Service Provider, including the creation of a new appointment booking system for the User with default settings, the identification of the User, enabling communication, providing information about features and services, and, in the event the SMS functionality is activated, ensuring the related balance management and provision of the service.
Data processed: name, email address, password, phone number, appointment booking system identifier, as well as the data provided during the setup of the appointment booking system (e.g. opening hours, services, language settings, etc.), and, in the case of using the SMS service, transaction and balance related data.
B.) Customer service related data processing (product support)
Legal basis: expressed consent of the User when filling in the registration form.
Purpose: to proactively support registered Users: offer help in setting up the system, assess customer satisfaction, specific needs; answer customer incoming calls, support Users in using the system, complaints handling and other general contact functions.
Data processed: name, telephone number, non-personal customer service records of requests, questions, technical problems and data provided during registration (see above).
Duration of data processing: see the chapters on data processing related to registration, creation of a reservation system.
C) Our data processors
Auth0
We use Auth0 to provide users with access to the administrator interface. (Data Privacy Compliance).
Auth0 Inc.
10800 NE 8th Street, Suite 700,
Bellevue, WA 98004,
USA
Retention period: see the block on the management of data recorded in the reservation system.
Postmark
Electronic mail sent by the Service is sent via the Postmark service. (EU Data Protection) The data collected by Postmark (e.g. email opens, link opens, device type, type of mailing system, operating system, other geographic data) are used as a basis for statistical analysis to optimize the usability and marketing of the system.
Wildbit
1800 JFK Blvd, Suite 300
#96864
Philadelphia, PA 19103
Retention period: emails are retained for 45 days after delivery for debugging purposes, after which they are automatically deleted.
Mailerlite
Product update emails are sent out using Mailerlite (GDPR Compliance). Data processed: name, email address, language.
MailerLite, Inc., Delaware corporation
548 Market St., PMB 98174
San Francisco, CA 94104-5401
United States
Retention period: until the service is provided or until the data subject’s consent is withdrawn (request for deleting account). Withdrawal of consent is possible by using the link at the bottom of the email or by sending an email to adatkezeles@minup.io
Pipedrive
Customer relationship management is done through Pipedrive. Data processed: name, email, phone number, booking page identifier, lead source, industry, title, system usage, communication with the customer.
Pipedrive OÜ
Email: legal@pipedrive.com
Address: Mustamae tee 3a,
Tallinn, 10615 Estonia
Data Processing Addendum (DPA)
Terms of Service
Privacy Notice
Retention period: until the service is provided or until the data subject’s consent is withdrawn (request for erasure). The withdrawal of consent is possible by sending an email to adatkezeles@minup.io.
Groove
Groove is a customer service platform we use to manage and respond to user inquiries and support requests. This service collects data such as contact details, support conversations, and other relevant information to help us provide effective customer service.
Groove Networks LLC
449 Thames Street,
Newport, RI 02840,
USA
Privacy Policy
Retention period: until the service is provided or until the data subject’s consent is withdrawn (request for erasure). The withdrawal of consent is possible by sending an email to adatkezeles@minup.io.
Microsoft
We use Microsoft Azure to report bugs in the application. The data processed in Microsoft Azure (e.g. bugs encountered while using the software, device type, browser type, referring website address, IP address of the browser device) is stored anonymously and independently of any personal data.
Microsoft Ireland Operations Limited
Attn: Data Protection Officer
One Microsoft Place, South County Business Park
Leopardstown, Dublin 18
Ireland
Telephone: +353 1 706 3117
Retention period: data stored in Microsoft Azure will be retained for up to 90 days.
Számlázz.hu
Our invoices are issued, invoice details are stored and payment status is tracked in Számlázz.hu (Privacy Policy). Data collected: billing name, billing address, payment method and details, email, phone number, tax number.
KBOSS.hu Ltd.
1031 Budapest, Záhony utca 7.
Hungary
Retention period: invoices issued must be retained for 8 years from the date of issue of the invoice, pursuant to Section 169 (2) of the Public Procurement Act. Please be informed that if you withdraw your consent to the issuing of an invoice, the Data Controller is entitled to keep your personal data obtained during the issuing of the invoice for 8 years pursuant to Section 6 (5) a) of the Information Act.
Stripe
Credit card payments are processed using the Stripe online payment system (Data Protection). Data collected: credit card data provided during credit card payments (e.g. credit card number, expiry date)
Stripe Inc.
354 Oyster Point Blvd.
San Francisco, CA 94080
USA
Retention period: until the service is provided or until the data subject’s consent is withdrawn (request for deletion). Consent can be withdrawn by sending an email to adatkezeles@minup.io.
OpenAI (Optional)
Write content for booking page using AI. Data processed: Please see section (E) on using Artificial Intelligence.
OpenAI, LLC
3180 18th Street
San Francisco, CA 94110
United States
Retention period: 30 days
Meta Pixel
Meta Pixel is a tool that allows us to track user interactions on our website to help improve our services and deliver personalized content. This tracking technology collects data such as page visits, actions taken, and other browsing information which is shared with Meta to enhance advertising and user experience.
Meta Platforms, Inc.
1 Hacker Way, Menlo Park
California 94025
USA
Retention period: 180 days
D) Access your Google Calendar data (Optional feature)
One-way and two-way calendar synchronisation are optional features in Minup. In case the User wants to use these features, Minup will ask for permission to access certain data in Google Calendar.
One-way synchronization:
One-way sync enables you to automatically synchronise events to your Google Calendar every time a new event is created, modified or deleted in your Minup Calendar, so you can see everything in one place.
We ask for permission to process your existing Google Calendar name so you can see if you already have a calendar you’ve created, so you can reuse it to sync your events instead of creating a new one. This is useful if you switch from two-way sync to one-way sync, or vice versa.
We also ask permission to create a new calendar that we manage. This calendar will be called Minup Calendar and we will create all the events that we sync from Minup to your Google Calendar. So we will only need access to this calendar and will not be able to read, edit or delete any of your other events.
For one-way sync, we only store the ID and time zone of the calendar we created in your Google Calendar.
Two-way synchronisation:
Two-way sync includes everything from one-way sync, plus we’ll ask for permission to use your primary Google Calendar to keep your schedule up to date and prevent double-bookings with personal events and appointments.
We ask for permission to view all of your event information so that Google can notify us if anything changes on your Google Calendar, and we can update your contact information on your Minup Calendar.
For events from your primary Google calendar, we will only store the event ID, the date and time of the event, and a link pointing to the event in your calendar. We will not store the title, description, participants or location of your personal events in our database.
E) Using Artificial Intelligence (AI)
To help you create your booking page, Minup offers AI-supported features within the product.
If you choose to use these features, customer content (including user-generated prompts) will be processed by OpenAI in order to generate content. These models are provided by OpenAI. We will not use your data to train the models.
In order to provide AI, Minup uses the following types of personal data:
User-generated prompts submitted by Users, which the models will use to generate content. This is customer content, and we process it as a data processor on your instructions in order to provide the Services. Please be aware that any personal data you submit as a prompt will be processed by OpenAI.
Usage metadata about how Users engage with AI, which Minup processes as a data controller in order to prevent or address service errors, security or technical issues, and to analyze and monitor usage of AI. Usage metadata includes user generated prompts. OpenAI will store all prompts and responses for 30 days.
III. Appointment bookers
A.) Processing of data recorded in the Users’ reservation systems
Legal basis: during an appointment booking made without registration on the website of a natural person Appointment Booking User, by providing their personal data and ticking the checkbox indicating acceptance of the privacy notice, the data subject gives their consent to the processing of their personal data (Article 6(1)(a) GDPR). In relation to such data, the Service Provider qualifies as a data processor, while the User qualifies as the data controller. In the case of using the SMS reminder function for new bookings, the legal basis is the explicit consent of the data subject (Article 6(1)(a) GDPR). In the case of appointments already existing in the system and recorded previously, the legal basis for sending SMS reminders is the legitimate interest of the User (Data Controller) (Article 6(1)(f) GDPR), about which the data subjects are informed in advance, while ensuring their right to object (unsubscribe option).
Purpose: the purpose of the data processing is to support the User in managing appointments, receiving clients, and handling practical tasks related to the provision of services, such as preparing for the provision of the service, identifying clients appearing at scheduled appointments, providing information regarding possible modifications or cancellations of appointments, providing information and follow up, as well as processing technical information automatically transmitted by the browser (e.g. device type, operating system, language settings, display size and type). The purpose of the data processing is to manage appointments related to the User’s services, receive clients, and carry out practical and organizational tasks connected to service provision. If the SMS function is activated, the purpose is extended to include the sending of automatic SMS reminders regarding upcoming appointments.
Data processed: full name, email address, telephone number, booking system identifier, selected service provider, service chosen for the booking, time chosen, arrival time, any other data specified by the User in the form to be filled in when making the booking, IP address of the User collecting the booking, processing of technical information automatically received from the browser (e.g.: type of device, operating system, language setting, display size, type).
Duration of data processing: the data will be kept in the booking system database for a maximum of 1 year after the last booked date related to the User’s customer.
B.) Booking an appointment as a registered guest (with a Minup Guest Account)
Guests have the option to register a personal Minup Guest Account, which allows them to book appointments with various service providers more easily and quickly.
Legal basis: the data subject’s consent (Article 6(1)(a) of the GDPR).
Purpose: to simplify the booking experience for returning guests, to track previous bookings, to access booking history, and to manage communications related to appointments (e.g. reminders, modification options, cancellations, billing information). The use of the Guest Account enables guests to book appointments with multiple service providers using the same data, more efficiently.
Scope of processed data: name, email address, phone number, billing information (if provided by the user).
Duration of data processing: until the Guest Account is deleted or for a maximum of 2 years from the last login, unless a longer retention period is required by law (e.g. in the case of billing data).
C.) Personal data of children
Minup does not intend to request personal data from any person under the age of 16. If Minup does obtain such data, Minup Informatikai Zrt. will immediately delete the data of the child or minor from the database.
D.) Our data processors
Postmark
Electronic mail sent by the Service is sent via the Postmark service. (Privacy Notice)
Wildbit
1800 JFK Blvd, Suite 300
#96864
Philadelphia, PA 19103
Retention period: emails are retained for 45 days after delivery for debugging purposes, after which they are automatically deleted.
Google
If the Customer – where the Appointment Booker booked the appointment – uses the Google Calendar Sync feature, the data entered during the booking will be synchronized with the Google Calendar selected by the Customer. The synchronized data is the email address, name, telephone number and other answers to the questions asked in the forms.
Google Ireland Limited (Registration Number: 368047 / VAT Number: IE6388047V)
Gordon House, Barrow Street
Dublin 4
Ireland
https://policies.google.com/terms
Auth0
We use Auth0 to provide users with access to the administrator interface. (Data Privacy Compliance).
Auth0 Inc.
10800 NE 8th Street, Suite 700,
Bellevue, WA 98004,
USA
Retention period: see the block on the management of data recorded in the reservation system.
SeeMe
SMS Gateway Service Provider: For the delivery of SMS reminders, the Service Provider uses an external SMS gateway service provider.
LINK Mobility Hungary Kft.
1062 Budapest, Andrássy út 68. Building C, 1st floor 1.
Privacy Policy
Retention Period: Transaction related data is stored for 30 days from the date of delivery for troubleshooting purposes.
The Service Provider reserves the right to change and expand the list of data processors as necessary, given that Users may request information from the Service Provider at any time about the identity and contact details of their data processors. The Service Provider undertakes to ensure that the data processors it engages fully comply with the applicable data protection rules in force at any given time.
IV. Liability Provisions
The Service Provider (Minup) shall be responsible solely for the proper operation of the technical infrastructure and SMS sending service, as well as for the secure storage of data.
The User (the service provider using the Minup software) bears full and exclusive responsibility for ensuring that the phone numbers uploaded to or managed within the system have been collected lawfully, and that the User possesses the valid consent of the data subjects (clients) or another appropriate legal basis for sending SMS messages.
The User warrants that the content sent via SMS does not infringe the rights of third parties or violate any applicable laws.
If a data subject (client) or any authority asserts a claim against or imposes sanctions on the Service Provider due to unlawful data processing or SMS sending, the User shall fully indemnify and hold harmless the Service Provider from any liability and reimburse all related damages, fines, and costs incurred by the Service Provider.
V. Transmission of data
The Service Provider does not transfer the Users’ personal data to third parties. The personal data of Appointment Bookers are transferred exclusively to those Users with whom the appointment has been booked.
VI. Data security
1.The Service Provider shall take all necessary security, organizational and technical measures to ensure the highest level of security of personal data and to prevent their unauthorized alteration, destruction and use.
2. The Service Provider shall take all necessary measures to ensure data integrity, i.e. the accuracy and completeness of the personal data it handles and/or processes.
3. The Service Provider shall take appropriate measures to protect the data, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage and loss of access due to changes in the technology used.
4. The Service Provider shall do its utmost to preserve the authenticity and confidentiality of the data processed and to ensure that they are always accessible to the data subjects and the persons entitled to access them.
5. In order to fulfill the above obligations, the Service Provider reserves the right to inform its customers and partners if it detects a security vulnerability in its system, and at the same time to restrict access to the Service Provider’s system, services or certain of its functions until the vulnerability is resolved.
VII. Rights of the data subject
1. Under applicable Hungarian and EU data protection rules, data subjects have the right to.
– receive confirmation/feedback as to whether their personal data are being processed and, if such processing is ongoing, have the right to request access to their personal data. This includes access to the following information: the purposes of the processing, the categories of personal data processed, and the recipients or categories of recipients to whom or which your personal data have been or will be disclosed (Article 15 GDPR);
– the controller to provide users with a copy of their personal data;
– request the rectification of inaccurate personal data or the completion of incomplete personal data (Article 16 GDPR);
– request the erasure of their personal data (Article 17 GDPR);
– restrict the processing of their personal data at their request. In this case, the processing of these data can only be limited to certain purposes (Article 18 GDPR);
2. The Customer and the Service Provider shall use their best endeavors to comply with requests concerning data management. The Customer and the Service Provider may, however, refuse to delete data that is absolutely necessary for the fulfillment of legal obligations incumbent on the Customer and the Service Provider or for the enforcement of the Customer’s and the Service Provider’s legitimate interests. The Customer and the Service Provider shall endeavor to comply with any request for rectification of the data provided or for information on data protection activities as soon as possible and, if possible, within one week of receipt of the relevant request.
3. In addition to the rights set out in the previous point, under Article 21 of the GDPR, Users also have the right to object to the processing of their personal data in the cases set out in the GDPR (for example, where the processing is for direct marketing purposes or where the legal basis for the processing is the legitimate interest of third parties). In case of objection by Users, the Customer or the Service Provider may no longer process their personal data unless they can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Users or for the establishment, exercise or defense of legal claims.
VIII. Right to lodge a complaint and to apply to the courts
By accepting the Privacy Policy, the data subject declares that despite the English language, they have understood and accepted them and cannot claim a lack of understanding.
Please be informed that if you become aware of a breach of your rights during the processing of your data, you have the following options:
– directly to the Customer or the Service Provider;
– may lodge a complaint with the competent supervisory authority or the National Authority for Data Protection and Freedom of Information (hereinafter referred to as “the NAIH”). The contact details of the NAIH are: headquarters: H-1055 Budapest, Falk Miksa utca 9-11; postal address: 1363 Budapest, PO Box 9; telephone: + 36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu
– may take legal action against unlawful processing of your personal data and breaches of data security. You may be entitled to compensation and damages as provided by law. For information on the jurisdiction and contact details of the court, please visit the following website: www.birosag.hu
IX. Declaration
1. The Service Provider, as Data Controller and Data Processor, acknowledges the contents of this Privacy Policy as binding.
2. The Service Provider undertakes to ensure that its processing of data related to the Service and its operation complies at all times with the provisions set out in this document and in the applicable legislation, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
3. The Service Provider declares that it acts as a data processor of the Customers with respect to the Users who book an Appointment, in which capacity it is not responsible for the instructions of the Customers. The Service Provider confirms that the processing of personal data in respect of the Appointment Users is carried out in the interest of the Customers and in the manner specified by them.
4. The Service Provider shall make this information available on its website https://minup.io (hereinafter referred to as the “Website”). Amendments to this Privacy Notice shall enter into force upon publication on this Website.
Updated: May 16, 2026