Privacy Policy
Last updated: March 2026
Proximity.io ("Proximity", "we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our scheduling platform and related services (the "Service").
This policy applies to all users of our website (proximity.io), web application (app.proximity.io), developer documentation (developer.proximity.io), and API.
1. Data Controller
Proximity.io is the data controller responsible for your personal data. If you have questions about how your data is processed, you can contact us at support@proximity.io.
2. Information We Collect
We collect the following categories of personal data:
2.1 Information You Provide Directly
- Account information: name, email address, organization name, and timezone when you create an account
- Profile information: avatar, bio, and scheduling URL that you choose to add
- Booking information: meeting details, guest names, email addresses, notes, and any custom form responses submitted through booking pages
- Payment information: billing details processed securely by our payment processor Stripe (we do not store credit card numbers on our servers)
- Communications: information you provide when you contact our support team, submit feedback, or respond to surveys
2.2 Information Collected Automatically
- Usage data: pages visited, features used, actions taken, timestamps, and click patterns
- Device and browser data: IP address, browser type and version, operating system, device type, screen resolution, and language preference
- Cookies and similar technologies: as described in our Cookie Policy
2.3 Information from Third-Party Services
- Calendar data: event titles, times, durations, and availability from connected calendar services (Google Calendar, Microsoft Outlook, Apple Calendar) used solely for availability checking and booking creation
- Video conferencing: meeting links generated through Zoom integration
3. Legal Bases for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases under Article 6 of the GDPR:
- Contract performance (Article 6(1)(b)): processing necessary to provide the Service you have signed up for, including account management, scheduling, booking, and billing
- Legitimate interests (Article 6(1)(f)): processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, ensuring security, and sending service-related communications, provided these interests are not overridden by your data protection rights
- Consent (Article 6(1)(a)): processing based on your explicit consent, such as analytics cookies and marketing communications. You may withdraw consent at any time
- Legal obligation (Article 6(1)(c)): processing required to comply with applicable laws, such as tax regulations and legal requests
4. How We Use Your Information
We use your personal data for the following purposes:
- Providing the Service: creating and managing your account, processing bookings, synchronizing calendars, generating meeting links, and delivering notifications
- Billing and payments: processing subscription payments, managing invoices, and handling refunds through Stripe
- Communications: sending transactional emails (booking confirmations, reminders, cancellations), account-related notifications, and service updates through Brevo
- Service improvement: analyzing usage patterns to improve features, fix issues, and optimize performance
- Security and fraud prevention: detecting, preventing, and responding to unauthorized access, abuse, or security incidents
- Legal compliance: fulfilling our legal obligations and responding to lawful requests from authorities
5. Sub-processors and Third-Party Services
We share personal data with the following categories of third-party service providers (sub-processors) who process data on our behalf:
| Sub-processor | Purpose | Data processed | Location |
|---|---|---|---|
| Microsoft Azure | Cloud hosting and infrastructure | All Service data | Europe (West) |
| Azure Cosmos DB | Database storage | Account, booking, and scheduling data | Europe (West) |
| Stripe | Payment processing | Billing details, payment card info (PCI-compliant) | USA / EU |
| Brevo (Sendinblue) | Transactional email delivery | Email address, name, booking details | EU |
| Google (Calendar API) | Calendar integration | Calendar events, availability | Global |
| Microsoft (Graph API) | Outlook calendar integration | Calendar events, availability | Global |
| Zoom | Video meeting creation | Meeting title, time, participants | USA |
| Twilio | SMS notifications (optional) | Phone number, message content | USA |
| Google Tag Manager | Analytics (with consent) | Usage data, IP address (anonymized) | USA |
We do not sell your personal data to any third party. We only share data with sub-processors to the extent necessary to provide and improve the Service.
6. Information Sharing
Beyond the sub-processors listed above, we may share your information in the following circumstances:
- With your consent: when you explicitly authorize sharing
- Booking participants: meeting details (time, title, your name and contact information) are shared with the other participants of a booking
- Legal requirements: when required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, safety, or property, or that of our users or the public
- Business transfers: in connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of the transaction, subject to the acquiring entity honoring this Privacy Policy
7. Cookies and Tracking Technologies
We use cookies and similar tracking technologies on our website and Service. Analytics cookies (including Google Tag Manager) are only loaded after you provide explicit consent through our cookie consent banner.
For detailed information about the types of cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit using TLS 1.2 or higher
- Encryption of data at rest in our database systems
- Secure authentication using magic links (passwordless)
- Role-based access controls for internal systems
- Regular security assessments and monitoring
- PCI DSS compliance through Stripe for payment processing
While we strive to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.
9. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:
- Account data: retained for the duration of your account plus 30 days after deletion
- Booking data: retained for the duration of your account plus 90 days for reference and dispute resolution
- Payment records: retained for 7 years to comply with tax and accounting obligations
- Analytics data: aggregated and anonymized after 26 months
- Support communications: retained for 2 years after resolution
When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes as described above.
10. International Data Transfers
Our primary infrastructure is hosted on Microsoft Azure in Western Europe. However, some of our sub-processors (Stripe, Zoom, Twilio, Google) may process data in the United States or other jurisdictions outside the EEA.
Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Binding Corporate Rules where applicable
11. Your Rights Under GDPR (EEA, UK, Switzerland)
If you are located in the EEA, UK, or Switzerland, you have the following rights under the GDPR:
- Right of access: request a copy of the personal data we hold about you
- Right to rectification: request correction of inaccurate or incomplete personal data
- Right to erasure: request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements
- Right to restriction: request restriction of processing under certain circumstances
- Right to data portability: receive your personal data in a structured, commonly used, machine-readable format
- Right to object: object to processing based on legitimate interests, including profiling
- Right to withdraw consent: withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing prior to withdrawal
To exercise any of these rights, contact us at support@proximity.io. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.
12. Your Rights Under CCPA (California)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:
- Right to know: request information about the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the third parties with whom we share it
- Right to delete: request deletion of your personal information, subject to certain exceptions
- Right to opt out: opt out of the sale or sharing of personal information. We do not sell your personal information
- Right to non-discrimination: you will not receive discriminatory treatment for exercising your CCPA rights
To exercise your CCPA rights, contact us at support@proximity.io. We will verify your identity before processing your request.
13. Automated Decision-Making
Proximity does not use automated decision-making or profiling that produces legal effects or similarly significant effects on you. Our abuse prevention system (booking rate limits, email blocklists) uses rules-based logic to prevent spam and protect the Service, but does not make decisions about individuals based on automated processing of personal data.
14. Children's Privacy
The Service is not intended for users under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete such data promptly. If you believe a child under 16 has provided us with personal data, please contact us at support@proximity.io.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we may also send an email notification to the address associated with your account.
We encourage you to review this policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.
16. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: support@proximity.io
- Website: proximity.io/contact