Security & GDPR

Timepickr handles bookings, customer details, and payment information for thousands of European businesses. Here is how we protect that data.

AVG/GDPR compliance

Timepickr is built to comply with the EU General Data Protection Regulation (Algemene Verordening Gegevensbescherming). We act as data processor for our business customers, offer a standard Data Processing Agreement (DPA) on request, and provide tooling for your customers to exercise their GDPR rights (access, deletion, portability).

EU-hosted infrastructure

All Timepickr infrastructure runs in EU-based data centres. Your customer data, bookings, and analytics never leave the European Union.

Encryption

All traffic to and from Timepickr is encrypted with TLS 1.2+. Data at rest is encrypted on disk. Passwords are hashed with modern algorithms (bcrypt/argon2) — never stored in plaintext.

Access control

Role-based access control inside the dashboard. Two-factor authentication available for owner and admin accounts. Audit logging on sensitive operations.

Payments

Card data and payment processing are handled by PCI-DSS-compliant payment providers. Timepickr never stores raw card numbers.

Data portability

You can export your customers, bookings, and reports at any time. No lock-in.

Need a DPA?

Email info@timepickr.net with your company details and we will send our standard Data Processing Agreement.

Last updated: 2026-05-15