AppointMentor Online Booking

AppointMentor Online Appointments Booking service allows businesses, professionals, or public sector organisations to enable customers to book and manage appointments online, easily, and conveniently, any time of day or night. We specialise in and have extensive experience with the NHS and healthcare industry. AppointMentor provides integrations, (optional) e-Payments and Feedback.


  • Real time online appointments booking
  • cancellation, re-arrangement
  • e-Payments, advance partial or full deposit
  • Powerful and Flexible booking, matching, filtering
  • Manage diary zones for specific Service providers, associate Services
  • Enhanced reporting, suggestions and business intelligence dashboard
  • SmartApp-Remote Access, Manage diary on the go
  • Customers App, manage appointments, invoice payments, history
  • Special offers, service packages/ bundles, promotions and marketing
  • Portal for business and services / slots listing


  • Helping you with marketing, Find/acquire new customers
  • Automate Customer Relationship Management (CRM)
  • Automatic emails, follow ups, re-bookings
  • Allows you to focus on business, taking care of admin
  • Google / Facebook reviews, improve search visibility
  • Flexible to accommodate your work patterns
  • Customers portal shows your special offers (get new customers)
  • Power of AI, optimise diary, reduce whitespace, increase profitability
  • Our Apps help manage/grow your business on the go
  • Power of IT- Scale business- do more with your resources


£99 to £499 a user a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mubbasher@welltime.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

6 8 7 7 2 6 8 9 2 5 0 2 7 7 8


WELLTIME LIMITED Mubbasher Khanzada
Telephone: 02070961440
Email: mubbasher@welltime.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Dental practice management systems
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Our Online solutions require connectivity to the Internet
System requirements
  • Internet connectivity
  • Running on Windows OS

User support

Email or online ticketing support
Email or online ticketing
Support response times
We aim to respond to queries within 4 hours during business hours. Out of business hours the response time can be longer.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat has easy to use text, with alternatives for additional accessibility, e.g. increasing text size
Web chat accessibility testing
We use the popular open source web chat solution Rocket Chat (we have not tested it with assistive technology users ourselves)
Onsite support
Yes, at extra cost
Support levels
Our direct remote support provides support during the UK business hours. Additional support at site is also provided, depending on the requirements, any costs will be discussed and mutually agreed.
Support available to third parties

Onboarding and offboarding

Getting started
We provide training and necessary documentation.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
When contract ends, the user's data is provided in the portable data format (like XML, JSON files) or database backup files.
End-of-contract process
At the end of the contract, customer data is provided to the customer. The account is closed and data is deleted (in accordance with the regulatory requirements) from our systems.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Native Apps work directly with the mobile phones, our web solutions are all fully responsive, working very well with the mobile and tablet devices.
Service interface
User support accessibility
None or don’t know
Description of service interface
Users can log in to our solution back end portal to manage the common tasks, access reports, change features and parameters, configure and adjust the system as per their requirements.
Accessibility standards
None or don’t know
Description of accessibility
Our services are fully accessible through the browsers, responsive and user friendly.
Accessibility testing
We have not done testing with users of assistive technology.
What users can and can't do using the API
Our API allows third party solution providers to integrate with our services and consume and provide our core services to their customers through their own solutions.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Users can customise the look and feel of the solution. There are service configuration screens that allow the customers to modify, change and customise the solution behaviour.


Independence of resources
Through the use of load balancers and service monitoring tools, ensuring our infrastructure is operational and can easily cope with the demand from the users.


Service usage metrics
Metrics types
We monitor and log service usage through our own and additional analytics tools (like Google Analytics).
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Conforming to ISO 27001
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Data is exported from the database from different fields (depending on the solution and requirements). Information can be provided in different formats.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We provide high level of uptime for our services. We have different SLAs based on the requirements, for example, our strictest SLA is: we guarantee a response within 6 business hours, our Engineers will start remedial actions within 18 business hours.
Approach to resilience
We have operational resilience thorough implementation of policies of Governance, cyber security, information monitoring and procedures. We have Heart beat, Recovery procedure automatically informs our team proactively. The system starts an automated recovery procedure, if the issue persists,the customer is alerted automatically about outage with the recommended procedure to be enabled. We have load balancing on the servers, There are also redundancy of servers. We take snapshots of the servers. Databases are daily backed up on off site back ups. We have SLAs in place with the data centre for infrastructure resilience they provide. We have the disaster recovery and business continuity plan in place. If there is any incident, our solutions can be recovered and restored within 24 hours.
Outage reporting
Our systems have intelligent / automated monitoring mechanisms in place that monitoring. Heart beat, Recovery procedure automatically informs our team proactively. If the issue persists, then the customer is alerted automatically about outage with the recommended procedure to be enabled. Outages are reported through email alerts as well as phone calls.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Users are authenticated through username and password. For more sensitive operations access is further validated through 2FA. We have segregation of roles and responsibilities. Different functions are provided through the different departments, with specific management interfaces access. There is access level and hierarchy based on roles of the team members.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • CSA CCM version 3.0
  • Other
Other security governance standards
We follow the ISACA standards for governance, COBIT-2019. For security we conform to NIST Framework and Cloud Security Alliance (CSA) guidance.
Information security policies and processes
We have information security policies for governing the information security. 1. Information security policy 2. Privacy policy (including cookies policies) 3. Terms of use policy We are registered with ICO.GDPR compliant, we have GDPR white paper, that is proactively shared with the customers. We have a qualified DPO (certified in ISACA certifcates, CISA, CISM, CRISC), we follow the COBIT-2019 framework. We have external audit process. We follow data security rules, including but not limited to encryption of mobile devices, communication channels. All data is encrypted, data is handled on a need to know basis, we have segregation of duties and roles& responsibilities. There is a comprehensive credentials (user name / password) protection policy. Data centre, servers and systems are protected through the firewalls, antivirus and password policies. Customers can make data erasure request at any time. We have data security incident management policy in place. We implement comprehensive data governance policies, our Data Protection Officer (DPO) implements and monitors these policies.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
We use version control and staging servers to manage any change, fully assess and evaluate the effects and impact of the changes during development/staging environment before deploying them in Production environment. We have a fully Quality Assurance (QA) process in place, with rigorous Regression testing. We have processes in place to endure default settings are configured in line with the security policies of the company. Changes are assessed for the potential security impact. Our internal Change management policy and procedures are followed with conform to the industry wide standards such as ITIL and CSA Cloud Controls Matrix v3.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Our team monitors for known vulnerabilities through a combination of the open source and propritary vulnerability scanning / reporting tools and communities, and remains up-to-date through professional subject matter periodicals and forums. We test and deploy patches through our change management process. We keep our antivirus signatures up to date. As part of the software development process, our team evaluates potential threats and possible issues. We conduct audit of our solutions, both physical and logical controls.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We have proactive monitoring processes in place, including the frequent antivirus signatures updates. When an issue happens, our CTO gets notified immediately to contain the issue. If there are any technical glitches they are solved quickly. However, if there is a data incident, then our DPO is informed and our GDPR process is invoked. Root cause analysis is performed and a solution is deployed. We have policies and procedures that are followed in case of a data incident. We inform the customers as per our GDPR procedure and work with them to remedy the situation.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We have a system for incident reporting. Through our website, users can access a portal and report any issue. We have developed a culture in the organization and a team of security awareness, we are a very user approachable team and company. If and when an incident happens, IT team reports it to the CTO. If there is a Data issue, the CTO informs the DPO. The CTO fixes the issue, but in any case, the DPO reviews the details of the incident to independently assess. Any serious incidents are escalated to the board.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

We heavily rely on electronic storage of data and electronic methods of communication resulting in virtually paperless record keeping and communication.

We endeavour to reduce our carbon footprint and use of chemicals utilising flexible working methods.
Covid-19 recovery

Covid-19 recovery

We have supported our personnel financially thought the pandemic period and no single employee was laid off due to Covid-19 impacts.
Tackling economic inequality

Tackling economic inequality

We have encouraged female section of society to apply for jobs available at our company reducing the gender gap. We maintain the equal pay scale for both genders.

We also give preferential treatment to the people coming from deprived areas and sections as well as people from marginalised segment of society.
Equal opportunity

Equal opportunity

We are an equal opportunity employer.


We give high importance to the wellbeing of the personnel of Welltime. We have provided gym and other sports facilities in house.


£99 to £499 a user a month
Discount for educational organisations
Free trial available
Description of free trial
Free 1 month trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mubbasher@welltime.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.