Privacy Policy

At SuperSaaS we recognize that privacy is important. This Privacy Policy explains how SuperSaaS handles personal information for its own business purposes. When a customer uses SuperSaaS to collect booking or appointment information from end users, that customer normally controls that data and SuperSaaS processes it on the customer’s behalf, as further explained in our information on the GDPR and our Data Processing Agreement.

Last Updated: March 2026

When this Policy applies

This Privacy Policy explains how SuperSaaS handles personal information when we act for our own purposes, for example when we create and administer customer accounts, process payments, respond to support requests, secure the service, analyze usage of our website and service, or display advertisements on the free version of the service.

This Privacy Policy does not generally apply to information that our customers collect, upload or otherwise process through their calendars, booking forms, intake forms and appointment records for their own purposes. For that customer-controlled data, the customer decides why and how the data is used, and SuperSaaS acts as a data processor or service provider on the customer’s behalf.

If you are booking an appointment with one of our customers, or otherwise interacting with a calendar operated by a customer, the customer’s privacy notice will usually be the notice that applies to the information entered into that calendar. Questions or requests about that information should normally be directed to the customer first. We will assist our customers with such requests where required under our agreements and applicable law.

Information we collect for our own purposes

In order to provide and operate our services, we may collect the following types of information:

  • Account information – When you sign up for a SuperSaaS account, we ask for personal information such as your name, email address and account password. We use this information to create and administer your account, communicate with you about the service and provide support.
  • Billing information – If you subscribe to a paid plan, we use payment providers that process and store payment details on their secure servers. We receive the billing information that is needed to manage subscriptions, invoices, payments and account administration.
  • Cookies and similar technologies – When you visit SuperSaaS, we may place one or more cookies or similar technologies on your device. We use them to remember preferences, keep you signed in, understand how our site is used and improve the quality of our service. Most browsers allow you to refuse or delete cookies, but some essential SuperSaaS features and services may not function properly if you do so.
  • Log information – When you use SuperSaaS services, our servers automatically record technical information such as your web request, Internet Protocol address, browser type, browser language, referring pages, the date and time of your request and cookies or similar identifiers that may uniquely identify your browser or session.
  • Communications – When you send email or other communications to SuperSaaS, we may retain those communications in order to process your inquiries, respond to your requests and improve our services.

We use this information to:

  • provide, maintain and administer the service and customer accounts
  • process subscriptions and payments
  • respond to support requests and communicate with users
  • protect the security, integrity and availability of the service and prevent fraud, abuse or misuse
  • audit, analyze and improve our services and develop new features
  • display advertising on the free version of the service

SuperSaaS processes personal information on servers in the Netherlands and elsewhere within the European Union or European Economic Area. When we process customer-controlled appointment, booking or form data, we do so on behalf of the relevant customer and in accordance with our Data Processing Agreement and the customer’s instructions. We may also process limited information as an independent controller where necessary to manage billing, maintain security, prevent abuse or comply with legal obligations.

Right to be forgotten

If you are a SuperSaaS account holder and want to completely remove your account and all associated data from our servers, you can erase all your data with a single click. This also erases data stored in your account, including appointments created via your account. If you are on a paid plan this link will also cancel your subscription. However, you are welcome to keep your account as a free account in case you want to use it again in the future.

If you are an end user who booked through a SuperSaaS customer, you should usually contact that customer directly if you want your appointment data corrected or deleted, because that customer controls that data. When our customer instructs us to delete or return that data, we will do so in accordance with our agreement with the customer and applicable law.

Your choices regarding personal information

You can decline to submit certain personal information to us, in which case SuperSaaS may not be able to provide those services to you.

If we intend to use personal information that we control for a purpose that is materially different from the purpose for which it was collected, we will do so only where permitted by law and, where required, ask for your consent or offer an appropriate choice.

Customers remain responsible for responding to requests from their own end users regarding customer-controlled data processed through the service.

Third-party advertisements on the free version

Our free service shows advertisements to you and your end users. On some pages of the free service, Google AdSense uses cookies to serve these ads. Google’s use of these cookies enables it and its partners to serve ads based on visits to our site and/or other sites on the Internet. We do not use customer-controlled appointment or booking content to target these advertisements. You may opt out of the use of these cookies for interest-based advertising by visiting Ads Settings. For more information see “How Google uses your data”.

Customer sites and embedded use

SuperSaaS can be embedded into another site or presented under a customer’s own branding. In those cases the customer may place their own cookies, collect additional data, or combine data from the booking flow with other systems. SuperSaaS does not control those practices, and the customer is responsible for providing any notices and obtaining any consents required for their own site and their own use of end-user data.

Customers’ responsibilities under privacy laws

Customers are responsible for determining what personal information they collect through their schedules and forms, for deciding the legal basis for that processing, and for providing any notices and obtaining any consents required by applicable privacy laws. If you use SuperSaaS to collect information from end users, you should ensure that your own privacy notice and your use of the service comply with applicable laws, including the GDPR where relevant, as explained on our page about the GDPR.

Information sharing

SuperSaaS only shares personal information with other companies or individuals outside SuperSaaS in the following limited circumstances:

  • We have your consent. We require opt-in consent for the sharing of sensitive personal information where required by law.
  • We may provide information to affiliated companies, subprocessors and other trusted service providers for the purpose of processing personal information on our behalf or helping us provide, secure and improve the service. We require that these parties agree to process such information under appropriate confidentiality and data protection obligations.
  • For customer-controlled data, we may disclose or make information available to our subprocessors as needed to provide the service, on the customer’s instructions, or where disclosure is required by law.
  • We may disclose information where we have a good faith belief that access, use, preservation or disclosure is reasonably necessary to satisfy applicable law, regulation, legal process or enforceable governmental request, enforce our Terms of Service, investigate potential violations, detect or prevent fraud, security or technical issues, or protect against harm to the rights, property or safety of SuperSaaS, its users or the public.

If SuperSaaS becomes involved in a merger, acquisition, or sale of some or all of its assets, we will provide notice before personal information that we control becomes subject to a different privacy policy.

We may share aggregated or anonymized information that does not identify you individually.

Information security

We take appropriate security measures to protect against unauthorized access and unauthorized alteration, disclosure or destruction of data. We restrict access to personal information to SuperSaaS employees, contractors and agents who need to know that information in order to operate, develop, secure or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination, if they fail to meet these obligations.

Data integrity

SuperSaaS processes personal information only for the purposes for which it was collected and in accordance with this Policy, any applicable service-specific privacy notice or our agreements with customers. We review our data collection, storage and processing practices to help ensure that we only collect, store and process the personal information needed to provide or improve our services. We take reasonable steps to ensure that the personal information we process is accurate, complete and current, but we depend on our users and customers to update or correct their information whenever necessary.

Accessing and updating personal information

If you are a SuperSaaS account holder, we make good faith efforts to provide you with access to personal information that we control about you and either to correct this data if it is inaccurate or to delete such data at your request if it is not otherwise required to be retained by law or for legitimate business purposes. We may ask you to verify your identity before processing such requests, and we may decline requests that are unreasonably repetitive, require disproportionate technical effort, jeopardize the privacy of others, would be extremely impractical, or are not otherwise required by law.

If you are an end user whose information was submitted to a SuperSaaS customer, that customer is usually the party responsible for handling requests to access, correct, delete or restrict that information. If we receive such a request directly, we may direct you to the relevant customer or forward the request to them, unless applicable law requires us to handle it differently.

Changes to this Policy

Please note that this Privacy Policy may change from time to time. We will not materially reduce your rights under this Policy without appropriate notice, and we expect most such changes will be minor. Regardless, we will post any Policy changes on this page and, if the changes are significant, we will provide a more prominent notice where appropriate. Each version of this Policy will be identified at the top of the page by its effective date.

Contact Information

For questions regarding this Policy, or the information we store about you, you can contact us via our feedback form, via email to or regular mail to our office.

2018-04-24: Updated to include information about the GDPR

2022-05-24: Updated to explicitly highlight the right to be forgotten

2026-03-23: Clarified when this Policy applies and distinguished SuperSaaS account data from customer-controlled appointment data