Privacy Policy

Schedule With ("we", "us") operates the scheduling tool at schedulewith.org. We let meeting hosts share booking pages and let bookers pick a time from the host's calendar availability.

When a host signs in and connects a Google account we receive:

• The Google account's email address (for sign-in and contact).
• A list of the calendars on that account (id, name, owner email) so the host can mark which one(s) feed availability and which receives bookings.
• Free / busy time blocks on calendars the host marks as "availability source". We use these only to compute what slots to show. Event titles, descriptions, attendees, and locations of pre-existing events are never read or stored.
• An OAuth refresh token, encrypted at rest with AES-256-GCM, so we can write new bookings without prompting the host every time.

The host also provides an account display name, optional photo, optional GoHighLevel API key (encrypted at rest), default timezone, and a default Zoom personal-meeting URL. These are user-provided, not pulled from Google.

When someone books a meeting on a host's page we collect:

• Booker name, email, browser-detected timezone.
• Selected event type and time slot.
• Answers to any custom questions the host has configured.
• Any guest emails the booker added.

The app uses two Google API scopes: calendar.readonly and calendar.events.

• calendar.readonly: list calendars on the connected account, query free / busy time on the calendars the host marks as availability source, and confirm which calendar a booking landed on.
• calendar.events: create a calendar event when a booking is confirmed, patch the event when a booker reschedules, delete the event when a booker cancels, and attach a Google Meet link if the host has chosen Google Meet as the meeting location.

Google data is used only to provide the scheduling functionality. We do not use Google user data to train AI/ML models, advertise, or for any purpose other than the user-facing features listed above. We do not share Google user data with third parties except as required to operate the service (see below).

We rely on the following sub-processors to operate the service:

• Supabase: managed Postgres + auth (eu-west-1). Stores everything except inbound / outbound email content.
• Vercel: hosts the Next.js application.
• MXRoute: SMTP relay for booking confirmation / reminder / cancellation emails.
• Google: OAuth + Calendar API for hosts who connect a Google account.
• GoHighLevel (optional, host-controlled): booker contact upsert, only if the host enables it on their booking profile.

Host data is retained for as long as the host has an account with us. Booker data is retained alongside the booking record.

You can delete your own data at any time:

• A host can disconnect a Google account on /calendars; the access + refresh tokens are deleted immediately, and the integration stops.
• A host can request full account deletion (including all booking profiles, event types, bookings, and uploaded images) by emailing the address on the data deletion page. We delete within 30 days.
• A booker can request deletion of their bookings by emailing the host of the booking page or the support address on the data deletion page.

Refresh tokens, access tokens, and third-party API credentials are encrypted at rest using AES-256-GCM with a key held outside the database. Traffic is HTTPS only. Database access is row-level-security enforced; only the row owner (and our service role for system operations) can read their own data.

We set authentication cookies (Supabase session) and an httpOnly state cookie during the Google OAuth handshake. We do not use third-party tracking cookies, advertising cookies, or analytics scripts on the public booking pages.

We will update this page when material changes happen. The "Last updated" date at the top reflects the most recent change.

Questions, concerns, or deletion requests: hello@schedulewith.org.