Meetergo and Data Protection – What Belongs in the Privacy Policy

If a website operator uses Meetergo, then – when the booking page is loaded and the booking form is submitted – web server log data, device data, browser information and user content (name, e-mail address, requested time slot, optional free-text fields) are processed for the purpose of contract initiation and appointment coordination, on the basis of Art. 6 (1) (b) GDPR and, for the embed itself, a third-party content consent. This page explains the data processing typically associated with Meetergo and which mandatory information website operators should reflect in their privacy policy. The information is based on the publicly available statements of the provider and does not replace a case-by-case assessment.

A. Purpose and Functionality of Meetergo

Meetergo is an online appointment scheduling tool developed in Germany, positioned in the market as a European, GDPR-focused alternative to Calendly. Website visitors can book a slot directly into the website operator's calendar via a personalised booking page or an embedded widget, without prior e-mail back-and-forth.

According to the provider, Meetergo offers integrations with calendar systems (Google, Outlook/Microsoft 365, Exchange, iCloud, CalDAV), routing logic (e.g. round-robin for teams), video conferencing (Google Meet, Microsoft Teams, Zoom), automated reminders by e-mail, SMS and WhatsApp, optional payment processing (Stripe, PayPal) and CRM connectors (HubSpot, Salesforce, Pipedrive). This page focuses on the integration function relevant for website operators: embedding the booking widget or an <iframe> containing the Meetergo booking page into the website via a JavaScript snippet or a direct link. Other deployments (such as sending booking links from an e-mail signature or using the Meetergo API without a website embed) are not covered separately here.

The integration is typically set up via a JavaScript snippet supplied by the provider or via an iFrame, which establishes – on each page load – a direct connection from the visitor's device to Meetergo's servers (app.meetergo.com) and the integrated CDN.

B. Mandatory Information in the Privacy Policy

In addition to general information about the website operator, data subjects' rights and the competent supervisory authority, the GDPR requires specific disclosures whenever tools such as Meetergo are used. In particular, the privacy policy must state: the purposes of processing (Art. 13 (1) (c) GDPR), the legal bases (Art. 13 (1) (c) GDPR) and – where processing relies on a balancing of interests – the specific legitimate interests pursued (Art. 13 (1) (d) GDPR). It must also identify the recipients or categories of recipients (Art. 13 (1) (e) GDPR), provide details on any third-country transfers and the safeguards in place (Art. 13 (1) (f) GDPR), and indicate the storage period or the criteria for determining it (Art. 13 (2) (a) GDPR).

If data are not collected directly from the data subject, the categories of personal data processed must be disclosed in addition (Art. 14 (1) (d) GDPR). These mandatory disclosures are addressed below specifically for Meetergo.

In practice, it has become common to insert a separate text block for every single tool – including Meetergo – into the privacy policy. This is not required. The "one text block per tool" approach has rather become a poor habit: it produces lengthy, lawyer-pre-formulated passages that repeat each other, make the policy hard to maintain and tend to undermine the transparency principle of Art. 12 (1) GDPR rather than implement it. A more appropriate approach is a topic-oriented one, describing processing operations in aggregate (server operation, third-party content, appointment booking, sales …) and listing the actual service providers used – including Meetergo – only in an annex. This is exactly the methodology of the matterius generator.

C. Provider of Meetergo

According to publicly available information, the contractual partner for German website operators is:

• Company: meetergo GmbH
• Address: Hauptstraße 44, 40789 Monheim am Rhein, Germany
• Country of establishment: Germany (EU)
• Commercial register: HRB 104381, Düsseldorf Local Court
• Managing directors: Dominik Rapacki, Richard Gödel

According to the provider, the primary data processing takes place inside the EU; Amazon Web Services in the Frankfurt region (eu-central-1) is used as the hosting provider, complemented by Bunny.net as a CDN for static assets. Because meetergo is a German limited liability company based in the EU, the main processing does not constitute a third-country transfer. Certain subprocessors (e.g. Twilio, Stripe, PostHog, Microsoft Azure OpenAI for AI features) may, however, transfer data to the United States, safeguarded via the EU-US Data Privacy Framework and Standard Contractual Clauses (to be assessed by the website operator on a case-by-case basis depending on the activated features).

Provider's privacy notice: meetergo.com/de/datenschutz. Subprocessor list: help.meetergo.com/de/legal/list-of-subprocessors.

D. Data Processing with Meetergo – Step by Step

E. Data Collected by Meetergo

According to the provider's publicly available statements, Meetergo processes – when the widget is embedded and a booking is made – in particular: IP address (according to the provider, retained in server logs for around 14 days), date and time of the request, user-agent string, browser and device information, session and CSRF tokens (technically required), the contents entered by the visitor in the booking form (name, e-mail address, optional phone number, free-text fields, selected slot) and the conversion event "appointment booked". Additional cookies and tracking mechanisms are, according to the provider, only deployed after dedicated consent via the consent banner.

These data points fall into the following standardised data categories:

• Web server log data: data the web server receives with each request – in particular IP address, date, time, URL of the requested resource, referrer, status code, transferred volume.
• Device data: information about the visitor's device, e.g. device type, operating system, screen resolution, touch support.
• Browser information: browser name, browser version, optionally installed extensions.
• User content: content entered by the visitor into the booking form, e.g. name, e-mail address, phone number, messages, answers to free-text fields configured by the website operator, requested slot.
• Conversion events: interactions defined as relevant by the website operator, e.g. successful booking, view of the confirmation page, cancellation or rescheduling of an appointment.
• Click paths: the steps within the booking flow (selection of appointment type, date/time, form view, confirmation), each with date and time.

F. Purposes of Use when Deploying Meetergo

Website operators typically use the data collected in connection with Meetergo to enable visitors to self-book consultation, sales or service appointments, to transfer the agreed slot technically into the operator's calendar, to send confirmations and reminders, and to actually conduct the booked meeting. In addition, the data is processed to prevent abuse (e.g. bot bookings, spam submissions) and to provide the booking function technically.

These purposes fall into the following standardised purpose categories:

• Service provision: providing the functionality of the booking flow, e.g. displaying available slots, processing the booking input, displaying the confirmation page, error detection and handling.
• Contract performance: preparing and initiating the contractual relationship or service that the appointment relates to; where applicable, bookings, rendering of booked services, payment processing for paid appointments.
• Security and abuse prevention: detecting and blocking bot bookings, spam and other misuse of the booking form; authentication via session tokens.
• Communication: sending booking and reminder e-mails as well as messages regarding rescheduling or cancellation.
• Compliance with retention obligations: insofar as the booking forms part of a contractual relationship subject to statutory retention rules (e.g. §§ 147 AO, 257 HGB).

G. Legal Bases for Meetergo

Meetergo essentially falls into the tool category third-party content / appointment booking: the booking dialogue is embedded as an external widget or iFrame in the website, causing the visitor's device to connect directly to a third party's servers (meetergo GmbH).

The following legal bases typically come into consideration:

• Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG (third-party content consent): if the widget is embedded such that data is transmitted to Meetergo or cookies/local storage are set on page load, consent via the consent banner is regularly required. A clean technical solution is a "click-to-load" embed, where the widget is only loaded after active consent.
• Art. 6 (1) (b) GDPR (contract initiation/performance): once the visitor actively books a slot, processing of the entered booking data (name, e-mail, requested time) is regularly necessary to initiate or perform a contractual relationship.
• Art. 6 (1) (f) GDPR (legitimate interests): for technically necessary processing such as abuse prevention, security of the booking function and efficiency of appointment coordination, legitimate interests in security, abuse prevention and efficiency may apply.
• Art. 6 (1) (c) GDPR: where booking documents are retained to comply with statutory obligations (e.g. §§ 147 AO, 257 HGB), a legal obligation may apply.

Which legal basis is actually applicable depends on the embedding method, widget configuration and use case, and must be assessed by the website operator on a case-by-case basis.

H. Specifics and Notes on Meetergo

• Processor relationship: according to publicly available information, Meetergo acts as a processor within the meaning of Art. 28 GDPR with respect to booking data of website visitors (guests). For data of the website operator (account holder) themselves, the provider acts as an independent controller.
• DPA / data processing agreement: a data processing agreement under Art. 28 GDPR can, according to the provider, be obtained inside the Meetergo administration area. Concluding a DPA is mandatory in any professional deployment.
• Subprocessors: the provider maintains a public list at help.meetergo.com/de/legal/list-of-subprocessors. Listed in particular are AWS (hosting, Frankfurt), Bunny.net (CDN, EU), OVHcloud (France), Twilio Ireland (SMS/WhatsApp), Stripe Payments Europe (payments), Microsoft (Azure OpenAI for AI features), PostHog (product analytics), Crisp IM, Brevo, AhaSend and Friendly Captcha (spam protection). Which subprocessors are actually active depends on the features booked and configured by the website operator.
• Third-country transfer: the main processing takes place in Germany; depending on the activated features, individual subprocessors (in particular Twilio, Stripe, Microsoft, PostHog, AWS US) may transfer data to the United States. According to the provider, such transfers are safeguarded via the EU-US Data Privacy Framework and Standard Contractual Clauses (Decision 2021/914).
• Cookies: according to the provider, by default only technically necessary session and CSRF cookies are set in the booking dialogue; further analytics or marketing cookies are only set – if at all activated – after consent via the consent banner.
• Configuration: website operators should review which optional features (e.g. SMS/WhatsApp messaging, payment integration, AI booking assistant) are actually required, as these may activate additional subprocessors and possibly third-country transfers.
• Embed variant: a privacy-friendly integration can be achieved via a click-to-load solution where the widget is only loaded after active visitor consent. Alternatively, instead of an inline embed, a simple link to the external booking page can be used.

I. FAQ on Meetergo and Data Protection

J. Conclusion on Meetergo and Call-to-Action

Meetergo is an appointment booking tool hosted in Germany that, when used on a website, is typically embedded as third-party content. The embed generates web server log data, device data and browser information; a booking adds user content (in particular name, e-mail address and requested time). Depending on the integration, the legal bases that come into consideration include third-party content consent, contract initiation and legitimate interests in security and efficiency. The provider is based in Monheim am Rhein; the main processing takes place in Germany, although individual subprocessors may transfer data to the United States.

For the website operator, it rarely makes sense to insert a dedicated, lengthy text block – not even one for Meetergo – into the privacy policy. Such tool-specific blocks make privacy policies long, hard to maintain and barely readable, and tend to work against the transparency principle of Art. 12 (1) GDPR.

A more appropriate approach is a structured, topic-oriented one: processing operations are explained in aggregate by topic (server operation, third-party content, appointment booking, sales, tracking …), and only an annex "Recipients" lists the actual service providers used – Meetergo among them. This is precisely the methodology of the matterius generator.

K. Curator

Authorship

This knowledge article is provided by matterius GmbH. matterius is not a law firm and does not provide legal advice.

matterius is editorially accompanied by Dr. Thomas Helbing, a German-based lawyer specialised as Fachanwalt für IT-Recht (certified specialist for IT law) in Munich.

Dr. Helbing has been continuously recognised by Handelsblatt since 2020 through to today (2026) as one of "Germany's best lawyers" in the fields of IT law and data protection law.

According to Kanzleimonitor.de (editions 2024–2026), he ranks among the leading lawyers for data protection and IT law and is listed in the Top 100 lawyers in Germany. Kanzleimonitor is regarded as a particularly meaningful market study, as it is based exclusively on personal recommendations from in-house counsel.

Dr. Helbing has many years of advisory experience in data protection and IT law and advises clients of all sizes — from startups to high-growth SaaS companies and unicorns through to international corporations.

His professional background covers the full spectrum of practice in IT and technology law. He began his career at an international major law firm, subsequently gained in-house experience at a DAX corporation, and is himself an entrepreneur and founder of several digital projects. He also has hands-on programming experience, allowing him to understand technical systems, software architectures, and digital business models not only from a legal but also from a technical perspective.

For many years his clients have included technology companies and SaaS providers, leading German research institutions, and a systemically important German major bank. His advisory focus lies in particular in the areas of GDPR compliance, the data economy, SaaS, AI regulation, and IT contract law.

More about Dr. Helbing: www.thomashelbing.com