Privacy Policy

Last updated: April 9, 2026

Your privacy matters to us. This policy explains how brandID bookme collects, uses, stores, shares, and protects your personal information, including data obtained through Google APIs and other third-party integrations.

1. Information We Collect

We collect information you provide directly, information generated through your use of our services, and information from third-party integrations you choose to connect.

Account Information

  • Name, email address, and password when you create an account
  • Profile information including display name, avatar, and cover images
  • Business name, timezone, and scheduling preferences
  • Google account information (name, email address, profile picture) if you register or log in via Google OAuth

Google User Data

  • Google Calendar data — calendar event titles, dates, times, durations, and busy/free status from your connected Google Calendar account. This data is accessed solely to determine your real-time availability and to create or update calendar events when bookings are made, rescheduled, or cancelled.
  • Google account profile — basic profile information (name, email, profile picture) obtained during Google OAuth sign-in, used to create or authenticate your brandID bookme account.
  • Google Meet links — when Google Meet is selected as a meeting location, we create Google Meet conference links via Google Calendar and include them in booking confirmations.

Calendar & Scheduling Data

  • Calendar events from connected Google Calendar and Outlook Calendar accounts (used to determine your availability)
  • Booking details including dates, times, attendee information, and meeting notes
  • Custom intake form responses submitted by people who book with you
  • Event type configurations (duration, pricing, location preferences)

Payment Information

  • Subscription billing details processed securely through Stripe
  • Payment information for paid bookings, processed via Stripe or PayPal
  • Stripe Connect account details for hosts who receive payments directly

Usage Data

  • Device information, browser type, and IP address
  • Pages visited, features used, and interaction patterns
  • Booking page views and conversion analytics

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide our services — create and manage your account, process bookings, and synchronize with your calendars (including Google Calendar)
  • Check availability — read your Google Calendar events to determine available time slots and prevent double-booking
  • Create calendar events — write new events to your Google Calendar when bookings are confirmed, and update or remove them on reschedule or cancellation
  • Generate meeting links — create Google Meet or Zoom meeting links for video call events and include them in booking confirmations
  • Process payments — handle subscription billing and paid booking transactions through Stripe and PayPal
  • Send notifications — deliver booking confirmations, reminders, cancellation notices, and account-related emails via our email delivery service
  • Improve the platform — analyze usage patterns to enhance features, fix issues, and optimize performance
  • Ensure security — detect and prevent fraud, abuse, and unauthorized access to accounts
  • Provide support — respond to your questions, troubleshoot issues, and improve our customer service

3. Data Sharing, Transfer & Disclosure

brandID bookme does not sell, rent, or trade your personal information — including Google user data — to any third party, for any purpose. We share your data only in the limited circumstances described below:

Service Providers We Share Data With

We share the minimum data necessary with the following categories of service providers, solely to operate and deliver our scheduling service:

  • Google (Google Calendar API, Google OAuth) — we send booking details (event title, date/time, attendees) to Google Calendar to create, update, or delete calendar events on your behalf. Google OAuth is used for authentication only. We do not share your Google Calendar data with any other party.
  • Microsoft (Outlook Calendar API) — if you connect Outlook Calendar, we send booking details to create and manage calendar events. This data is not shared further.
  • Zoom (Zoom API) — we send meeting details (title, date/time, duration) to Zoom to create and delete meeting rooms for video call bookings. No other data is sent to Zoom.
  • Stripe — we share payment-related information (billing details, transaction amounts) with Stripe to process subscription payments and paid bookings. Stripe acts as an independent data controller for payment data under its own privacy policy.
  • PayPal — when PayPal is selected as a payment method, we share transaction details (amount, booking reference) with PayPal to process the payment.
  • Email delivery provider (Postal) — we share recipient email addresses and notification content with our transactional email service to send booking confirmations, reminders, and account communications.

When We May Disclose Data

Beyond the service providers listed above, we may disclose your personal information only in the following situations:

  • Legal requirements — when required by law, regulation, subpoena, court order, or other legal process
  • Safety & fraud prevention — to protect the rights, safety, or property of brandID, our users, or the public; or to investigate potential violations of our Terms of Service
  • Business transfers — in connection with a merger, acquisition, or sale of assets, in which case you will be notified before your data is transferred and becomes subject to a different privacy policy
  • With your consent — when you explicitly authorize us to share specific data with a third party

International Data Transfers

Your data may be processed on servers located outside your country of residence. We ensure that appropriate safeguards are in place for any international transfers, including encryption in transit and at rest, and compliance with applicable data protection laws.

What We Do NOT Do With Your Data

  • We do not sell your personal data or Google user data to third parties
  • We do not share your data with data brokers or information resellers
  • We do not use your data for targeted advertising, personalized ads, retargeted ads, or interest-based advertising
  • We do not transfer your data to third parties for purposes unrelated to providing the brandID bookme service
  • We do not use Google user data to determine creditworthiness or for lending purposes

4. Google API Services User Data

brandID bookme's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Google Scopes We Request

  • Google Calendar (read/write) — to read your calendar events for availability checking and to create, update, or delete events when bookings are made, rescheduled, or cancelled
  • Google OAuth (profile, email) — to authenticate your identity when signing in with Google

How We Use Google User Data

  • Google Calendar data is used exclusively to check your availability and manage booking-related calendar events
  • Google profile information is used exclusively to create and authenticate your brandID bookme account
  • We access Google user data only when you explicitly connect your Google account through our integrations page or sign in with Google

Limited Use Compliance

In accordance with Google's Limited Use requirements:

  • We limit our use of Google user data to providing and improving the user-facing features of brandID bookme that are visible and apparent to you
  • We do not transfer Google user data to third parties unless: (a) it is necessary to provide or improve user-facing features (e.g., creating a calendar event via the Google Calendar API), (b) you provide explicit consent, (c) it is necessary for security purposes (e.g., investigating abuse), or (d) it is required to comply with applicable law
  • We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising
  • We do not allow humans to read Google user data unless: (a) you have given explicit consent, (b) it is necessary for security purposes or to comply with law, or (c) the data has been aggregated and anonymized for internal operations
  • We do not use Google user data for training artificial intelligence (AI) or machine learning (ML) models

Revoking Google Access

You can disconnect your Google account from brandID bookme at any time through the Integrations page in your dashboard. Upon disconnection:

  • We immediately revoke and delete the stored OAuth tokens
  • We stop accessing your Google Calendar data
  • Previously created calendar events remain on your Google Calendar
  • You can also revoke access from your Google Account permissions page

5. Zoom Integration & Data Handling

When you connect your Zoom account to brandID bookme, we access limited Zoom data solely to provide our scheduling service. This section explains what data we access, how we use it, and how you can revoke access.

Zoom Scopes We Request

  • View and manage meetings (meeting:write) — to create Zoom meeting rooms when bookings are confirmed and delete them when bookings are cancelled
  • View user profile (user:read) — to verify your Zoom connection status and display your Zoom account information in the integrations dashboard

How We Use Zoom Data

  • Zoom meeting data is used exclusively to create, manage, and delete meeting rooms for video call bookings
  • Zoom profile information is used exclusively to display your connection status
  • We access Zoom data only when you explicitly connect your Zoom account through our Integrations page
  • We do not access your Zoom recordings, chat messages, webinars, phone data, or any other Zoom features

Zoom Data Storage & Security

  • Zoom OAuth tokens (access token and refresh token) are encrypted at rest using AES-256 encryption
  • Tokens are stored only while the integration is active
  • We do not store Zoom meeting recordings, participant lists, or meeting content
  • Meeting links created via Zoom are stored as part of booking records
  • All communication with Zoom APIs is conducted over HTTPS/TLS 1.2+

Revoking Zoom Access

You can disconnect your Zoom account from brandID bookme at any time through the Integrations page in your dashboard. Upon disconnection:

  • We immediately and permanently delete the stored Zoom OAuth tokens (access token and refresh token)
  • We stop all API access to your Zoom account
  • Previously created Zoom meetings remain on your Zoom account
  • You can also remove the app from your Zoom Marketplace installed apps page

For full details on what happens when you disconnect, see our Zoom Integration Guide.

6. Third-Party Service Providers

brandID bookme integrates with the following third-party services to provide our scheduling platform. Each service has its own privacy policy governing their handling of your data:

  • Google (Privacy Policy) — OAuth authentication, Google Calendar read/write access for availability checking and event creation, Google Meet conference link generation
  • Microsoft (Privacy Policy) — Outlook Calendar integration via OAuth for calendar synchronization
  • Zoom (Privacy Policy) — OAuth-based integration for automatic meeting creation and deletion
  • Stripe (Privacy Policy) — Payment processing for subscriptions and paid bookings, plus Stripe Connect for host payouts
  • PayPal (Privacy Policy) — Alternative payment processing for paid event bookings
  • Postal — Transactional email delivery for booking notifications and account communications

We only share the minimum data necessary for each integration to function. We do not grant these service providers access to data beyond what is required for their specific purpose. We do not sell your personal information to any third party.

7. Cookies & Tracking

brandID bookme uses cookies and similar technologies for the following purposes:

  • Essential cookies — maintain your session and authentication state
  • Preference cookies — remember your settings such as timezone and display preferences
  • OAuth state tokens — securely manage third-party authentication flows (Google, Microsoft, Zoom)

We do not use third-party advertising cookies or cross-site tracking technologies. We do not use cookies to collect data for advertising purposes. You can configure your browser to block cookies, but this may affect the functionality of our service.

8. Data Retention & Deletion

We retain your data for as long as your account is active or as needed to provide our services:

  • Account data — retained until you delete your account
  • Booking history — retained for 24 months after the booking date for record-keeping
  • Payment records — retained as required by applicable financial regulations (typically 7 years)
  • OAuth tokens (Google, Microsoft, Zoom) — encrypted with AES-256 and stored only while the integration is active; immediately deleted upon disconnection
  • Google Calendar data — calendar event data is read in real time for availability checking and is not stored permanently; booking-related event data is retained as part of the booking record
  • Usage logs — retained for 90 days for security and debugging purposes

When you delete your account, we remove your personal data within 30 days, except where retention is required by law. When the data retention period expires for a given type of data, we delete or destroy it securely.

Requesting Data Deletion

You may request deletion of your data at any time by:

  • Deleting your account through the Settings page in your dashboard
  • Emailing us at [email protected] with a deletion request
  • Disconnecting specific integrations (Google, Zoom, etc.) to delete only the associated tokens and cached data

9. Your Rights (GDPR & CCPA)

Depending on your location, you may have the following rights under GDPR, CCPA, or other applicable data protection laws:

  • Access — request a copy of the personal data we hold about you
  • Correction — update or correct inaccurate personal data
  • Deletion — request deletion of your personal data (“right to be forgotten”)
  • Export — receive your data in a portable, machine-readable format
  • Restriction — request that we limit the processing of your data
  • Objection — object to processing based on legitimate interests
  • Opt-out of sale — we do not sell personal data, but California residents may make this request under CCPA
  • Revoke consent — withdraw consent for any data processing that is consent-based (e.g., disconnect Google Calendar integration)

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

10. Security Measures

We take the security of your data seriously and implement industry-standard protections:

  • All data transmitted via HTTPS/TLS encryption
  • OAuth tokens (Google, Microsoft, Zoom) encrypted at rest using AES-256 encryption
  • Passwords hashed using bcrypt with salt
  • Data stored in MongoDB with access controls and regular backups
  • Session data cached in Redis with automatic expiration
  • Regular security reviews and dependency updates
  • Principle of least privilege for all third-party API access
  • Security procedures are in place to protect the confidentiality, integrity, and availability of your data

11. Children's Privacy

brandID bookme is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.

If you believe a child has provided us with personal data, please contact us at [email protected].

12. AI / ML Model Training Disclosure

brandID bookme does not use any user data — including but not limited to Google user data, calendar data, booking data, or personal information — to train artificial intelligence (AI) or machine learning (ML) models. This applies to all data collected through our platform and all third-party integrations.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of significant changes by email or through a prominent notice on our platform. Your continued use of brandID bookme after changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your data protection rights, please reach out: