Does your website use third-party services? Get GDPR compliant in minutes.

Timify

PreferencesWebsite

What does Timify do?

Timify is a Munich based SaaS platform for online appointment booking, calendar management, and resource scheduling, used by small businesses and large retailers across Europe. When embedded on a website, the Timify widget sets cookies, loads scripts from Timify domains, and processes booking information, which makes prior consent and a data processing agreement necessary under GDPR and ePrivacy.

What Timify is

Timify is a SaaS platform developed in Munich for online appointment booking, calendar management, queue management, and resource planning. It is used by independent professionals, retail chains, and enterprises to let customers book services online, manage availability across multiple locations, and synchronize calendars with internal systems. The platform is offered as an embedded widget, a standalone booking page, and a backend application.

Cookies and data set by Timify

The embedded Timify widget stores cookies for session continuity, CSRF protection, user interface preferences, and analytics about widget usage. The platform processes the booking information entered by the user, such as name, email, phone number, the service selected, the time slot, and any custom field configured by the merchant. Some integrations may add cookies for marketing or analytics depending on the configuration chosen by the merchant.

GDPR and ePrivacy implications

The booking processing itself relies on the performance of a contract under Article 6(1)(b) GDPR. The cookies set by the widget, however, are subject to Article 5(3) of the ePrivacy Directive and to the German TTDSG, which require informed consent for any storage that is not strictly necessary. Strictly necessary cookies for the actual booking session can be set without consent, but analytics or convenience cookies must be conditioned on the user opting in.

Get GDPR compliant in 10 minutes

Free plan available · No credit card required

Try FlowConsent free

Consent requirements

Best practice is to load the Timify widget only after the user expresses a clear intent to book, for example by clicking a button, and to display a notice explaining that the widget will set cookies and process the booking information. Strictly necessary cookies can be loaded without prior consent, while any analytics or marketing cookies should be governed by the consent management platform.

International data transfers

Timify hosts data in the European Union and offers EU data residency by default. Some sub processors may operate outside the EU for specific functions, such as transactional email delivery. Controllers should check the current list of sub processors, sign the data processing agreement, and confirm that Standard Contractual Clauses are used where transfers occur outside the EU or EEA.

Practical compliance steps

Sign the data processing agreement with Timify, document the categories of personal data collected through the booking flow, set realistic retention periods aligned with the legal hold period for billing, list the cookies in the cookie policy, configure the consent banner to gate non essential cookies, and inform customers about the use of Timify in the privacy policy.

GDPR consent category

Preferences

Websites using Timify must obtain user consent under GDPR regulations.

Legal basisPerformance of a contract (Article 6(1)(b) GDPR) for booking management and consent (Article 6(1)(a) GDPR) plus ePrivacy Article 5(3) for the embedded widget cookies

Risk levelmedium

Applicable regulationsGDPR, ePrivacy Directive, BDSG, TTDSG

DPIA considerations

A full Data Protection Impact Assessment is usually not required for standard booking use, but a basic assessment is recommended when Timify is deployed at scale, when special categories of data could be collected (for example in healthcare bookings), or when personal data is enriched with marketing tools. The assessment should look at the data fields collected, the retention periods, the integrations with CRM or marketing tools, and the sub processors used by Timify.

Sample consent text

We use the Timify booking widget on this page to manage your appointment. Timify sets cookies and processes the booking information you provide. By accepting, you allow the widget to load and to store the necessary identifiers. You can withdraw your consent at any time from the cookie settings.

Technical details

Tracking methodClient side JavaScript widget with first party cookies and authenticated API calls for booking flows

Server locationEuropean Union (Germany, AWS Frankfurt) with EU data residency

Third-party domains contacted

timify.combook.timify.comapi.timify.comcdn.timify.com

Cookies placed

Name	Type	Duration	Purpose
TIMIFY_SESSION	first_party	Session	Stores the booking session identifier used to keep the user logged in during the booking flow.
XSRF-TOKEN	first_party	Session	Stores the CSRF token used to protect the booking form against cross site request forgery attacks.
timify_locale	first_party	1 year	Stores the language preference selected by the user in the booking widget.
timify_consent	first_party	6 months	Stores the user consent state for non essential analytics cookies inside the widget.

Timify uses cookies for user preferences — inform visitors with a consent banner.

Get started free Scan your site

Frequently asked questions

Which cookies does the Timify widget set?

The Timify widget sets first party cookies for session continuity, CSRF protection, locale preferences, and limited usage analytics. Some configurations may load additional cookies for marketing or integrations, depending on how the merchant has set up the widget.

Is consent required for Timify?

Consent is required for any non essential cookie set by the widget, in particular analytics or convenience cookies. The booking processing itself relies on contract performance and does not need consent, but the cookies that go beyond what is strictly necessary do need an opt in under ePrivacy and TTDSG.

What is the legal basis for processing bookings?

The legal basis is Article 6(1)(b) GDPR, performance of a contract, for booking management, payment, and reminders. For optional marketing communications based on the booking data, the legal basis is Article 6(1)(a), consent.

Where is Timify data hosted?

Timify hosts customer data on infrastructure located in the European Union, typically in Germany. Some sub processors may operate outside the EU for specific functions such as transactional email, in which case Standard Contractual Clauses are used.

Is a DPIA required for Timify?

A full DPIA is usually not required for standard appointment booking. A basic risk assessment is recommended when Timify is used at scale, when special categories of data such as health information are collected, or when the booking data feeds marketing systems.

How to deploy Timify in a compliant way?

Sign the DPA with Timify, list the cookies in the cookie policy, configure the consent banner to gate non essential cookies, load the widget only after a clear user action, set realistic retention periods, and document the integration in the records of processing activities.

What are the alternatives to Timify?

Alternatives include Calendly, SimplyBook.me, Doodle Bookable Calendars, Microsoft Bookings, and Acuity Scheduling. They differ in EU hosting, integrations, and pricing, so the choice depends on data residency requirements and on the booking workflow.

How to update the cookie policy for Timify?

Add a clear section explaining that the website embeds the Timify booking widget, describe the cookies set by the widget, the categories of personal data processed during the booking, the retention periods, the sub processors, and the link to Timify privacy information.

Get compliant — Try FlowConsent free

Free plan · 10-min setup