Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Skedify is a Belgian appointment scheduling SaaS used by banks, insurers, retailers, and public services to embed a booking widget on their website. The platform supports in-branch, video, and phone appointments, manages employee calendars, and integrates with Microsoft 365 and Google Calendar. Hosted in Belgium, Skedify is positioned as a privacy-friendly alternative to US scheduling tools. It sets functional cookies for booking state and optional analytics cookies for product improvement.
Skedify is a SaaS appointment scheduling platform developed by the Belgian company Skedify NV (skedify.co). It targets sectors with omnichannel customer interactions: retail banks, insurers, telcos, government agencies, and healthcare networks. The product is delivered as an embeddable booking widget that merchants drop on their website, plus a backend used by employees to manage availability, locations, services and appointment types.
Bookings can be conducted in-branch, by video conference, or by phone. Skedify synchronises with Microsoft 365 and Google Calendar so that appointments appear directly in the agent calendar, and it supports SAML single sign-on for enterprise deployments.
The Skedify widget sets a small number of first-party functional cookies: a session identifier used by the booking flow, a CSRF protection token, a locale preference cookie, and a cookie that remembers an in-progress booking so the visitor can resume it. These cookies are strictly necessary for the widget to function.
Skedify also offers optional analytics cookies that aggregate widget usage statistics (success rate, drop-off step, average completion time). These are off by default and require consent. Personal data processed includes the visitor''s name, e-mail, phone number, the chosen appointment topic and time slot, and sometimes free-form notes added by the customer.
Functional cookies needed to make a booking are exempt from prior consent under Article 5(3) of the ePrivacy Directive. The analytics cookies are not exempt and must be gated by the consent banner. The legal basis is contract performance (Article 6(1)(b) GDPR) for the appointment itself, and consent (Article 6(1)(a)) for the analytics layer.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Skedify hosts customer data on EU infrastructure located in Belgium. There is no systematic transfer outside the EEA. Subprocessors such as cloud providers and e-mail delivery services operate in EU regions. This makes Skedify a strong fit for organisations that need to limit third-country exposure, including public sector entities subject to additional Schrems II constraints.
Sign a data processing agreement with Skedify as a processor. A DPIA is recommended whenever the appointment topic can imply sensitive information (financial advice, healthcare visits, social services). Configure the widget to collect only the minimum required fields, avoid free-text notes for diagnostic content, and enable role-based access for staff calendars.
Add Skedify to your privacy policy as a processor, document the data flow in your record of processing, classify functional cookies as strictly necessary and analytics cookies as subject to consent, set a clear retention policy for booking records (typically twelve months after the appointment), and use the Skedify API rather than embedding sensitive context in free-text fields.
Websites using Skedify must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is typically not mandatory but is recommended when Skedify is used by financial, healthcare, or public sector organisations because appointments may reveal sensitive context (financial advice, medical visits). The DPIA should document data minimisation (no diagnosis fields), employee access controls, the integration with Microsoft 365 or Google Calendar, and the retention period of booking records.
Sample consent text
We use Skedify, a Belgian scheduling platform, to manage appointments on our website. Functional cookies needed to operate the booking widget are set automatically; analytics cookies that help Skedify improve the product are only set if you accept analytics in our consent banner.
Third-party domains contacted
skedify.cowidget.skedify.coapi.skedify.cocdn.skedify.coCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| skedify_session | http | session | Maintains the booking session inside the widget. |
| XSRF-TOKEN | http | session | CSRF protection for the booking forms. |
| skedify_locale | http | 12 months | Stores the visitor language preference for the widget. |
| skedify_pending_booking | http | 24 hours | Remembers an in-progress booking so the visitor can resume it. |
| _skedify_analytics | http | 13 months | Optional product analytics: aggregated widget usage and drop-off statistics, set only after consent. |
Skedify uses cookies for user preferences — inform visitors with a consent banner.
The Skedify widget sets four functional first-party cookies: a session identifier, a CSRF protection token, a locale preference, and a pending-booking cookie. A fifth optional analytics cookie is set only after the visitor opts in to analytics in the consent banner.
The four functional cookies are exempt from consent because they are strictly necessary to operate the booking widget. The optional analytics cookie does require informed prior consent and must be blocked until the visitor opts in.
Article 6(1)(b) GDPR (performance of a contract) covers the appointment itself, including the storage of visitor contact details and the synchronisation with the staff calendar. Article 6(1)(a) (consent) covers the optional analytics cookies used to improve the Skedify product.
No. Skedify hosts customer data in EU data centres located in Belgium and operates its subprocessors (cloud, e-mail) in EU regions. There is no systematic transfer outside the EEA, which makes Skedify well-suited to public sector and regulated industries.
A DPIA is generally not mandatory but is recommended for organisations whose appointment topics may reveal sensitive context, such as financial advice, medical visits, or social services. The DPIA should document the fields collected, the staff access controls, and the retention periods.
Sign a data processing agreement, configure the widget to collect only the minimum required fields, classify the functional cookies as strictly necessary and the analytics cookie as consent-based, set a clear retention policy for booking records, and reference Skedify in your privacy policy with the EU hosting location.
Alternative scheduling solutions include Cal.com (open source, EU-hostable), Microsoft Bookings (Microsoft 365 tenant), Calenso (Swiss), TimeTrade Salesforce Scheduler, Doodle, and Onceform. Most US-based tools such as Calendly require additional safeguards for EU customers, while Cal.com and Calenso are commonly chosen for EU data residency.
List each Skedify cookie with name, type, duration, and purpose. Mark the session, CSRF, locale, and pending-booking cookies as strictly necessary, and the analytics cookie as subject to consent. Mention Skedify as a processor located in Belgium, link to its privacy notice, and refresh the entry whenever Skedify updates its cookie list.