Privacy Policy · Book with Schedulo

This Privacy Policy describes how Schedulo ("we", "our", "us") collects, uses, and protects your personal information when you use the scheduling platform available at bookwithschedulo.com (the "Service").

By using Schedulo, you agree to the practices described in this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information you provide directly

Account information: name, email address, password (hashed), profile photo, time zone, and bio.
Booking details: event types you create, your availability schedule, and meeting details for bookings made through your scheduling links.
Payment information: if you subscribe to a paid plan, we collect billing details through our payment processor (Razorpay). We do not store full payment card numbers on our servers.
Communications: messages you send to support or feedback you submit.

1.2 Information from connected third-party services

If you connect a third-party service (such as Google Calendar), we receive limited data from that service to provide the integration. See Section 4 for details.

1.3 Information collected automatically

Usage data: pages visited, features used, and timestamps.
Device data: IP address, browser type, operating system, and approximate location (derived from IP).
Cookies: we use essential cookies to keep you signed in. We do not use advertising cookies.

2. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the Service.
Process bookings and send confirmation, reminder, and cancellation emails.
Authenticate you and protect against fraud or unauthorized access.
Communicate with you about service updates, security alerts, and support requests.
Comply with legal obligations.

We do not sell your personal information to third parties. We do not use your data for advertising.

3. How We Share Information

We share your information only in these limited circumstances:

With your guests: when someone books a meeting with you, they see your name, profile photo, and event details. When you book a meeting, the host sees your name, email, and any details you provide.
Service providers: we use third-party vendors to operate the Service:
- Supabase — database hosting
- Render — application hosting
- Vercel — frontend hosting
- Resend — transactional email delivery
- Razorpay — payment processing (for paid plans)
- Google — calendar integration (only if you connect it)
These providers process data only on our instructions and under their own confidentiality obligations.
Legal compliance: we may disclose information when required by law, subpoena, or to protect rights, safety, or property.
Business transfers: if Schedulo is acquired or merged, your information may transfer to the new entity. We will notify you of any such change.

4. Google Calendar Data

Schedulo's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

If you choose to connect your Google Calendar to Schedulo, we request the following OAuth scopes from Google:

Scope	How we use it
`calendar.events`	Create, update, and delete events on your primary Google Calendar when bookings are made, rescheduled, or cancelled through Schedulo. Events automatically include a Google Meet link.
`calendar.readonly`	Read your busy/free times to prevent double-bookings, and display your existing Google Calendar events alongside your Schedulo bookings in the unified calendar view.
`userinfo.email` / `profile`	Identify which Google account is connected so you can manage the integration.

4.1 Storage and security

Your Google access and refresh tokens are encrypted at rest using AES-256-GCM before being stored in our database.
We do not store the contents of your calendar events on our servers. When you view your calendar in Schedulo, we fetch the events from Google in real time and discard them after the response.
The only Google data we persist is your email address and display name (to label the connection in the UI), and event IDs of bookings created through Schedulo (so we can update or delete them later).

4.2 Limited use compliance

We use Google Calendar data only to provide and improve the user-facing features described above. Specifically, we do not:

Use the data to serve ads, including retargeting or personalized advertising.
Sell, transfer, or disclose the data to third parties for purposes unrelated to providing the Service.
Allow humans to read the data, except (a) with your explicit consent, (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized.
Use the data to train generalized AI/ML models.

4.3 Disconnecting

You can disconnect Google Calendar at any time from the Integrations page in Schedulo. When you disconnect:

Schedulo immediately revokes its access tokens with Google.
The encrypted tokens are deleted from our database.
You can also revoke access directly at myaccount.google.com/permissions.

5. Microsoft Calendar Data

If you connect Microsoft Calendar (Outlook), Schedulo requests these Microsoft Graph API scopes via OAuth:

Scope	How we use it
`Calendars.ReadWrite`	Create, update, and delete events on your primary Outlook calendar when bookings are made through Schedulo.
`OnlineMeetings.ReadWrite`	Auto-generate Microsoft Teams meeting links for created events.
`User.Read`	Identify which Microsoft account is connected to label the integration in our UI.
`offline_access`	Refresh access tokens without requiring re-authentication every hour.

The same security and Limited Use compliance described in Section 4 (Google Calendar Data) applies to Microsoft data: encrypted-at-rest tokens, no event content storage, no advertising use, no data resale, no AI training. You can disconnect at any time from Schedulo's Integrations page.

6. Zoom Data

Schedulo's use and transfer of information received from Zoom APIs adheres to the Zoom Data Use & Compliance Policy.

If you connect Zoom, Schedulo requests these scopes via OAuth:

Scope	How we use it
`meeting:write`	Create unique Zoom meetings in your account when guests book through your Schedulo scheduling links. Each booking gets its own meeting with a fresh join URL.
`meeting:read`	List your scheduled Zoom meetings to display alongside Schedulo bookings in our unified Calendar view.
`meeting:delete`	Delete Zoom meetings when bookings are cancelled, keeping Zoom in sync.
`user:read`	Identify which Zoom account is connected to label the integration in our UI.

6.1 Storage and security

Zoom OAuth access and refresh tokens are encrypted at rest using AES-256-GCM before being stored in our database.
Zoom rotates refresh tokens on every refresh, and we save the new token immediately each time.
The only Zoom data we persist on our servers is your email/name (to label the connection in the UI) and the Zoom meeting IDs of meetings WE created via Schedulo (so we can update or delete them later).
We do not store meeting recordings, chat content, transcripts, attendee lists, or any meeting metadata beyond the IDs of meetings we created.

6.2 Limited use compliance

We use Zoom data only to provide the meeting-creation features described above. We do not:

Use Zoom data for advertising, retargeting, or personalized advertising.
Sell, transfer, or disclose Zoom data to third parties for unrelated purposes.
Allow human access to Zoom data, except (a) with your explicit consent, (b) for security or abuse investigation, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized.
Use Zoom data to train generalized AI/ML models.
Access meeting recordings, chat content, or transcripts.

6.3 Disconnecting

You can disconnect Zoom at any time from the Integrations page in Schedulo. When you disconnect:

Schedulo immediately revokes its access tokens at Zoom's revocation endpoint.
The encrypted tokens are deleted from our database.
You can also manage authorized apps directly at marketplace.zoom.us/user/installed.

7. Data Retention

We retain your account information for as long as your account is active. When you delete your account:

Personal information is deleted within 30 days.
Bookings, event types, and integration tokens are deleted immediately.
Anonymized usage data may be retained for analytics purposes.
Backups are purged within 90 days.

8. Your Rights

You have rights under multiple regulations including:

India's Digital Personal Data Protection Act, 2023 (DPDP Act): right of access, correction, erasure, grievance redressal, and consent withdrawal.
EU/UK GDPR: right to access, rectify, erase, restrict, port, and object to processing.
California CCPA/CPRA: right to know, delete, correct, opt out of sale/sharing, and limit sensitive-data use.

You can exercise the most common rights directly inside the app:

Download your data — Profile → Privacy & Your Data → "Download my data". Returns a JSON file with all personal data we hold.
Delete your account — Profile → Privacy & Your Data → "Delete my account permanently". Immediate and irreversible.
Withdraw consent — Disconnect any integration from the Integrations page; this revokes the corresponding OAuth tokens and stops data flow.

For other requests (correction, restriction, objection, complaints), email support@bookwithschedulo.com. We respond within 30 days. India users may also escalate complaints to the Data Protection Board of India once it is operational.

9. Children's Privacy

Schedulo is not directed to children. The minimum age depends on your jurisdiction:

India: Under DPDP Act 2023, anyone under 18 is treated as a child and requires verifiable parental consent. Schedulo currently does not have a parental-consent flow, so we cannot accept users under 18 from India.
EU: Per GDPR, the digital age of consent is 16 (or as low as 13 in some member states); we set the floor at 16 for EU users.
Elsewhere: 13 minimum.

If you believe a child has provided us information without proper consent, contact us and we will delete it within 7 days.

10. International Data Transfers

Schedulo is operated from India. Personal data is hosted on Supabase (database, region: ap-south-1, Mumbai), Render (API, region: oregon-us), and Vercel (frontend, edge globally). If you access the Service from outside India, your data may be transferred between these regions. We rely on standard contractual safeguards with each provider. By using the Service, you consent to these transfers.

11. Security & Encryption

We implement multiple layers of safeguards:

Encryption in transit: All traffic between your browser and Schedulo uses TLS 1.2+. HSTS is enabled with preload.
Encryption at rest (entire database): All Schedulo data — profiles, bookings, event types, audit logs, everything — is stored in Supabase Postgres which encrypts the whole database at rest using AES-256. This is our primary defense if a backup or storage volume were ever exposed.
Application-layer encryption (sensitive fields): OAuth access and refresh tokens for Google/Microsoft/Zoom are additionally encrypted at the application layer using AES-256-GCM with a separate encryption key (stored in environment variables, not in the database) before being written to the table. So even an attacker with full database read access cannot decrypt OAuth tokens without also compromising our deployment environment.
Password storage: bcrypt with cost factor 12.
Account lockout: 5 failed login attempts triggers a 15-minute lockout, per account.
Admin access: Admin actions require step-up authentication with a 15-minute session-bound token, separate from the regular session.
Audit logging: Logins, password changes, integrations connected/disconnected, plan changes, profile changes, account deletions, and all admin actions are logged with IP and user-agent.
Headers and CSP: Strict Content-Security-Policy, X-Frame-Options, Permissions-Policy, and other Helmet-managed headers are enforced on every page.
Rate limiting: Login, signup, password-reset, admin-elevation, and public booking endpoints all have aggressive per-IP rate limits.

No method of transmission or storage is 100% secure. We commit to disclosing material security incidents that affect your data within 72 hours of confirmation, as required by the DPDP Act.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated via email or an in-app notice. Continued use of the Service after changes constitutes acceptance.

13. Contact

Questions, concerns, or requests? Email us at support@bookwithschedulo.com.