Privacy Policy

Effective 2026-05-05

Vyy ("Vyy", "we", "us") provides booking and scheduling tools for solo service providers. This policy explains what personal data we process, why, and the rights you have over it. Vyy operates within the European Union / EEA. This service complies with the GDPR (Regulation (EU) 2016/679) and the ePrivacy Directive. Vyy is the data controller for personal data processed through this service.

Data we collect

• Account data: email address, display name, and a chosen handle used to identify your booking page.
• Booking data: attendee details supplied through cal.com-mediated booking flows (typically name, email, and any free-text notes the attendee chooses to provide), plus the time, duration, and status of each booking.
• Technical data: IP address, user agent, and session cookies needed to keep you signed in and to protect the service from abuse.

Why we process it

We process account and booking data on the basis of Art. 6(1)(b) GDPR — the processing is necessary to perform the contract you enter into when you create an account and use the booking service. We process technical data on the basis of Art. 6(1)(f) GDPR — our legitimate interest in keeping the service available, secure, and free of fraud and abuse.

Subprocessors

Vyy relies on a small set of subprocessors to deliver the service. Each is bound by a data processing agreement and processes data only on our instructions:

• Cal.com — booking infrastructure (scheduling, availability, calendar sync).
• Railway — application hosting and database storage.
• Resend — transactional email delivery (booking confirmations, reminders, cancellations).

Cookies

We use a single first-party session cookie (a signed JWT) to keep you signed in. We do not use advertising cookies, cross-site tracking, or third-party analytics that profile individuals.

Your rights under the GDPR

You have the right to:

• access the personal data we hold about you;
• request rectification of inaccurate or incomplete data;
• request erasure of your data ("right to be forgotten");
• request restriction of, or object to, processing based on legitimate interest;
• receive your data in a portable, machine-readable format;
• lodge a complaint with the data protection supervisory authority in your EU/EEA member state.

Retention

Account and booking data is retained for as long as your account is active. When you delete your account, related personal data is removed within 30 days, except where retention is required by law (for example, accounting records). Server logs containing technical data are retained for up to 90 days.

Contact

For privacy questions, data access requests, or to exercise any of the rights above, contact us at support@vyy.app.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email or through an in-app notice. The "Effective" date at the top of this page reflects the most recent revision.