Back to Questions Guides

This guide applies to:

  • Basic Edition
  • Plus Edition
  • Pro Edition
  • Business Edition

Introduction

Everything you need to know about how Simply Schedule Appointments handles GDPR and privacy.

Please take a look below for some of the most asked questions regarding GDPR compliance and how we handle data.


Is this GDPR Compliant?

According to this blog post, Web Privacy and WordPress GDPR Compliance, the easiest way to make a plugin like ours compliant is to add a required checkbox. This is to verify your customers’ consent to you collecting and storing their personal data.

Our Custom Fields feature is part of SSA Plus (a paid upgrade) and would let you easily create a checkbox with any text which you could use for GDPR compliance.

But! Depending on the customer information you’re collecting, you may not need a required checkbox since you may fall under the lawfulness of processing.

Prevent External Fonts from Loading

As long as you keep the SSA Style font setting set to Roboto or use a system font, this will prevent the Google Fonts loading from external sources. 

Prevent ip2c.org from Loading

The booking form uses a call to ip2c.org to auto-detect the users phone number country code using their IP address. Set a default phone number country in the SSA General settings, so that the plugin no longer makes that external call.

Avoid Sending User’s Booking Information to External Services

If you’re using the Google Calendar integration, please take some time to review the Calendar Customizations feature to review the booking details you’re including in your events.

Consent to Send Emails

Basic Edition/Free Users

We’re not lawyers, but have spent a lot of time learning and dealing with GDPR since it was introduced.

We believe you can accept bookings and be GDPR compliant without a checkbox. Since SSA is not specifically for marketing or adding to your newsletter, clicking the “Book This Appointment” button shows clear intent to receive transactional emails about the appointment only.

For example, if you sell a product with e-commerce, you’re allowed to send order confirmations and shipment/tracking information without any checkboxes. To add customers to the newsletter, of course, requires additional (opt-in checkbox) consent.

  • There seems to be a pretty good consensus around this under The New Definition of Valid Consent. TermsFeed is a reputable legal company.
  • Mailerlite provides several live examples from big companies under How to ask for consent to one thing.
  • Thrive Themes goes over GDPR myths under The Checkbox Myth section.

We don’t want to force our users to upgrade just to be GDPR compliant. We strongly believe that when visitors book an appointment, they give clear consent to receive booking-related emails (again, not for marketing/newsletter purposes, of course).

As a suggestion, you could utilize the instructions field of the Appointment Type’s Basics tab to include information that by booking an appointment, the user agrees to receive emails about the appointment.

Instructions field displaying that by booking an appointment, the user consents to receiving emails regarding the appointment.
Filling out the instructions field

Premium Users

With our Custom Fields feature, you can create a checkbox and set it to required so that users must check it before submitting their booking.

You could also create a separate page for Terms and Conditions, and link to the page via the instructions field for the checkbox. This way, people booking have to consent by checking the box and acknowledging the agreement.

Creating the checkbox field for users to consent to the terms.
Creating a checkbox field with instructions and a link to the terms page

Does SSA Collect Cookies?

We do not collect cookies.

If you’re using the Tracking feature, it’ll track events but only for the tools that you use on your site. The data that Tracking collects is anonymous and not user-specific.


Do You Collect User Data?

We do not collect or save any customer data. And, we do not receive any data from your plugin.

Simply Schedule Appointments is a self-hosted plugin. Meaning it lives and operates entirely from your site.

All of the appointment information saves in your personal databases and servers. This information is for your own personal scheduling purposes.

The customer data you request from your booking form is out of our control; we don’t regulate these fields beyond the required Name and Email.

It’s up to you to comply with your country or state’s policies on collecting customer information.


Can You Auto-Check MailChimp and SMS Consent Boxes?

No, we don’t have any settings to enable auto-checking the consent boxes. Regulations around the world, such as GDPR and CCPA, prohibit checking subscription checkboxes by default.


Is this plugin HIPAA compliant?

No, but Simply Schedule Appointments is HIPAA-Capable. You can read more about this topic in our HIPAA-Capable guide.


Still stuck?

File a support ticket with our five-star support team to get more help.

File a ticket

  • Please provide any information that will be helpful in helping you get your issue fixed. What have you tried already? What results did you expect? What did you get instead?
  • This field is for validation purposes and should be left unchanged.