Privacy Policy

3.1 Personal Information

• Full name
• Email address
• Phone number
• Date of birth

3.2 Authentication Data

• Email address
• Password (stored securely using industry-standard encryption)

3.3 Appointment Information

• Appointment date and time
• Appointment details or notes
• Associated service provider or business

3.4 Sensitive Information

We may collect government-issued identification where required for verification or compliance purposes. This data is handled with heightened security and access restrictions.

3.5 Location Data

• Precise location (when permitted)
• Approximate location

3.6 Device & Usage Data

• IP address
• Device type and operating system
• App usage data
• Crash and performance logs

Data we access

• The email address associated with the Google account (used to identify the connection in SEAT's UI).
• The stable Google account identifier (sub), used only to process Google security notifications (Cross-Account Protection / RISC).
• Events on the user's primary calendar: SEAT creates, updates, and deletes events that mirror the appointments managed within the platform. The event written contains the service name, the client and professional names, and the schedule.
• FreeBusy API on the primary calendar: SEAT obtains only busy time intervals (start, end). It does not receive or access titles, descriptions, locations, attendees, or attachments of the user's events.

Data we do NOT access

• Other calendars belonging to the user (we operate exclusively on the primary calendar).
• Titles, descriptions, locations, attendees, or attachments of events.
• Contacts, files, mail, location, or any other Google resources.

How we use the data

• Created/modified events are used to keep the SEAT agenda in sync with the business owner's Google Calendar.
• FreeBusy intervals are used to avoid booking appointments at times when the professional is already busy according to their personal calendar.

Storage and security

• OAuth tokens (refresh_token and access_token) are stored encrypted at rest using the framework's data protection mechanisms (ASP.NET Core Data Protection).
• All communication with Google occurs over HTTPS/TLS.
• SEAT does not store the user's calendar events in its database.
• From FreeBusy, SEAT persists only the (start, end) pairs needed for availability calculation, associated with the professional's internal identifier. These intervals are refreshed on every synchronization cycle.

Limited Use

SEAT's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, SEAT does not use the data obtained through Google APIs for:

• Personalized or non-personalized advertising.
• Sale, rental, or transfer to third parties.
• Training artificial intelligence or machine learning models.
• Human reading, except with the user's explicit consent for technical support, by legal requirement, or when the data has been aggregated and anonymized for internal security purposes.

How to disconnect and revoke access

The user can disconnect Google Calendar from SEAT at any time through:

• The “Disconnect Google Calendar” option in the account settings within SEAT, or
• Google's official permissions page: https://myaccount.google.com/permissions.

When disconnecting from SEAT, the platform immediately calls the https://oauth2.googleapis.com/revoke endpoint to invalidate the token with Google, deletes the local tokens, and stops any future synchronization.

Additionally, SEAT implements Google Cross-Account Protection (RISC): if Google notifies us that the user's account has been disabled, that their sessions have been revoked, or that their tokens have been invalidated, SEAT automatically revokes the connection without requiring action from the user.

Retention

• OAuth tokens: retained until the user disconnects the integration or Google invalidates them.
• FreeBusy intervals: continuously updated with every synchronization; older intervals are not retained beyond the period relevant for availability calculation.
• Events created by SEAT in Google Calendar: remain in the user's calendar until the corresponding appointment is deleted in SEAT (in which case SEAT also deletes the event in Google Calendar) or until the user deletes them manually.