Altegio Trust, Privacy, and Compliance: GDPR/LGPD, Security, and Governance

Introduction

This page consolidates Altegio’s core trust, privacy, security, and governance commitments in one reference for auditors, legal teams, CISOs, and procurement. It summarizes official policies and product controls and links to primary documents. See the official Privacy Policy, License/Terms, and Anti‑Corruption Policy for legally binding details. Privacy (EN), License (EN), Terms (EN), Anti‑Corruption (EN).

Roles and responsibilities (controller vs. processor)

Business users (your company): Data controller for your end‑customers’ data collected via Altegio (bookings, client cards, loyalty, memberships). License (EN), Privacy (EN).
Altegio Europe KFT: Data processor for client data on behalf of business users; data controller for user/account data (your company’s admin and staff users). Privacy (EN).
Regional notes: Hungarian policy and DPA materials reaffirm controller/processor split and GDPR basis. Privacy (HU), DPA/Processors (HU).

Data categories and roles

Data category	Typical examples	Role of your company	Role of Altegio
End‑customer data	Appointment info, loyalty/memberships, messages, payments metadata	Controller	Processor
Business user data	Owner/manager/staff account details	Controller	Controller

Legal frameworks and lawful bases

GDPR: Altegio states full compliance when acting as controller or processor for EU users. Privacy (EN), Privacy (RU summary of GDPR alignment), Privacy (HU).
LGPD (Brazil): Local privacy policy and license explain lawful bases, data subject rights, and DPO contact for Brazil. Privacy (PT‑BR), License (PT‑BR).
Terms and License: Current governing documents and versioning (e.g., TOS dated Jan 11, 2025). Terms (EN), License (EN).

Data subject rights

Rights supported under GDPR/LGPD include access, rectification, deletion, restriction/objection, and portability. Privacy (EN), Privacy (PT‑BR).
Age limits: EU platform use restricted to persons ≥16; Brazil privacy states minors should not use the platform (≥18). Privacy (EN), Privacy (HU), Privacy (PT‑BR).
Retention and deletion: Personal data retained only as necessary; deletion upon request/end of purpose. Privacy (HU), Privacy (RU).
DPO contact: legal@alteg.io. Privacy (EN).

Hosting, data residency, and transfers

EU hosting: Altegio’s infrastructure is housed in Germany with Hetzner data centers; corporate materials emphasize EU residency. About (EN), About (PT).
DPA storage statement: Processing/storage is performed within the EU; the DPA enumerates EU locations used. Always verify any data‑residency requirements in your order/SCCs. DPA/Processors (HU).

Sub‑processors and support providers

Listed sub‑processors (per DPA): Altegio Limited (technical ops), LINK Mobility Hungary (SMS), OTP Mobil (payments), Zendesk Global, Intercom Software UK (support/ticketing). DPA/Processors (HU).
Additional integrations (customer’s choice): Stripe, VivaWallet, MonoBank, LiqPay, PIX and other providers may process data when you connect them. Online payments docs, Finances & accounting.

Incident response and breach notification

Processor breach notice: Altegio must notify subscribers (controllers) in writing without delay and within 24 hours of becoming aware of a personal data incident. DPA/Processors (HU).
Controller duties: As controller, your organization evaluates notification to authorities/data subjects per GDPR/LGPD timelines.

Security controls and operational reliability

Availability and reliability: 99.98% platform uptime stated in corporate materials. About (EN).
Network/app protection: Corporate security mentions TLS encryption and protective layers (e.g., Cloudflare). About (RU).
Access control and least privilege: Granular user roles/rights for calendar, client data, finance, downloads, and user management to minimize exposure. Access rights – Calendar, Configuring user access, Users list management.
Audit and logging: Data‑access logs and download logs; recommend unique accounts per employee; audit trails available. Securing your data, Downloads logging.
Call recordings: When IP telephony is integrated, conversation recordings retained for 1 year, with reporting and downloads controlled. Reports – Calls.

Payments and PCI DSS

Altegio integrates with PCI DSS–compliant payment systems; payment providers handle card data when enabled. About (EN).
Supported payment integrations and settlement controls are documented for Stripe, VivaWallet, MonoBank/LiqPay, PIX, etc. Payments and online sales docs, Finances & accounting.

Cookies and tracking technologies

Cookie policy: Altegio uses cookies and third‑party analytics (e.g., Google Analytics) for operation, retargeting, and statistics; users can manage cookies via browser settings, noting possible functionality impact. Cookie Policy (UKR).

Governance and ethics (Anti‑Corruption)

Zero‑tolerance policy for bribery, corruption, and fraud applicable to all employees and business partners; strict rules for gifts, hospitality, sponsorships, political contributions, and record‑keeping; whistleblowing and non‑retaliation are mandated. Anti‑Corruption (EN).

Regional statements and social responsibility

Support for Ukraine and sanctions posture: Altegio publicly commits to ceasing services and cooperation in Russia/Belarus and providing support measures for Ukraine. Stand with Ukraine (EN).

Practical product controls for privacy by design

Client data minimization and visibility controls (e.g., masking client phone numbers; restricting exports). Access rights – Calendar, Securing your data.
Verified contact flows: optional SMS phone confirmation in online booking to prevent invalid/test bookings. SMS confirmation.
Analytics transparency: events and Google Analytics 4 integration explicitly documented. GA4 integration, Widget events.

How to exercise data rights or report an issue

Contact the DPO: legal@alteg.io. Privacy (EN).
If you are an end‑customer of an Altegio client, contact the service provider (controller) first; Altegio will support the controller’s request under the DPA. Privacy (EN), DPA/Processors (HU).

Document control

Corporate/legal address: Altegio Europe KFT, 1054 Budapest, Széchenyi István tér 7, House Of Business Roosevelt. Company details.
Current controlling documents and effective dates are maintained at: Terms, Privacy, License, Anti‑Corruption.

Appendix: quick references

GDPR/LGPD privacy policies: EN, PT‑BR, RU summary, HU.
DPA and sub‑processors: HU DPA.
Hosting and security posture: About (EN), About (PT).
Cookies: Policy (UKR).
Payments: Finances & accounting.
Governance: Anti‑Corruption (EN).

What else to read?

Altegio Open API and Marketplace: Integrations, Multi‑Branch Apps, Webhooks, and Analytics Events

March 20, 2026

Introduction Altegio’s open ecosystem lets you extend core booking, CRM, and ERP modules with partner apps and custom integrations. This

Altegio Pricing Philosophy and ROI: Commission‑Free Value for Appointment Businesses

March 13, 2026

Introduction Altegio’s pricing is designed to be simple, predictable, and ROI‑driven for appointment‑based businesses. The model avoids marketplace commissions, keeps

Operational checklist: Enable Google Maps booking (Book via Google) with Altegio

March 10, 2026

Introduction: At a glance Related resources Troubleshooting (quick FAQ) This page is a precise, operational checklist for enabling and operating