Privacy Policy

Effective: June 2, 2026 · Last reviewed: June 26, 2026 · Version 2.1

This Privacy Policy describes how brandID bookme collects, uses, stores, shares, and protects your personal information, including data obtained through Google APIs. It is published at https://bookme.brandid.app/privacy and is the policy linked from our Google OAuth consent screen. For broader brandID products beyond bookme, see the brandID corporate privacy policy.

1. Who We Are

brandID bookme (“bookme”, “we”, “us”, “our”) is a scheduling product within the brandID platform, operated by WATCHTHEMLIVE INC, a corporation incorporated under the laws of Ontario, Canada, with its registered office at 41 Old Indian Trail, Ramara, Ontario, Canada, L0K 1B0.

This Privacy Policy applies to the bookme application at https://bookme.brandid.app and to all interactions with the bookme service, including the Google Calendar integration, Google Sign-In, Microsoft Outlook Calendar integration, Zoom integration, and payment processing flows. It is the exact policy linked from our Google OAuth consent screen, in conformance with the Google API Services User Data Policy.

2. Information We Collect

We collect information you provide directly, information generated through your use of bookme, and information from third-party integrations you choose to connect.

Account Information

  • Name, email address, and password when you create a bookme account
  • Profile information including display name, avatar, brand name, brand logo, and event cover images
  • Timezone, country, language, and scheduling preferences
  • Google account information (name, email address, profile picture) if you register or sign in via Google OAuth

Google User Data

When you connect your Google Account, we access the following specific data:

  • Free/busy windows from your primary Google Calendar — start and end times only, retrieved via the freebusy.query API. We do not read event titles, descriptions, attendees, attachments, or any other content of events that were created outside of bookme.
  • Calendar events created by bookme — we read, update, and delete only the events we created (via events.insert, events.patch, and events.delete) on your primary calendar. These are the events generated when an invitee books, reschedules, or cancels a meeting through bookme.
  • Google account profile — basic profile data (name, email, profile picture, Google account identifier) received via userinfo.email and userinfo.profile during Google Sign-In or when you connect Google Calendar.
  • Google Meet conferencing links — when Google Meet is selected as the meeting location for an event, we use the Calendar API's conferenceData.createRequest with conferenceSolutionKey.type = "hangoutsMeet" to attach a Meet link to the booking event. We do not request a separate Google Meet API scope; Meet link generation is performed entirely through the Calendar API scope already granted.

Calendar & Scheduling Data

  • Free/busy windows from connected Google Calendar and Outlook Calendar accounts (used to determine your availability)
  • Booking details including dates, times, attendee information, and meeting notes
  • Custom intake form responses submitted by people who book with you
  • Event type configurations (duration, pricing, location preferences)

Payment Information

  • Subscription billing details processed securely through Stripe
  • Payment information for paid bookings, processed via Stripe or PayPal
  • Stripe Connect account details for hosts who receive payments directly

Usage Data

  • Device information, browser type, and IP address
  • Pages visited, features used, and interaction patterns
  • Booking page views and conversion analytics

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide our services — create and manage your account, process bookings, and synchronize with your calendars (including Google Calendar)
  • Check availability — read free/busy windows from your Google Calendar to determine available time slots and prevent double-booking
  • Create calendar events — write new events to your Google Calendar when bookings are confirmed, and update or remove them on reschedule or cancellation
  • Generate meeting links — create Google Meet (via Calendar API) or Zoom meeting links for video call events and include them in booking confirmations
  • Process payments — handle subscription billing and paid booking transactions through Stripe and PayPal
  • Send notifications — deliver booking confirmations, reminders, cancellation notices, and account-related emails via our email delivery service
  • Improve the platform — analyze aggregated, de-identified usage patterns to enhance features, fix issues, and optimize performance
  • Ensure security — detect and prevent fraud, abuse, and unauthorized access to accounts
  • Provide support — respond to your questions, troubleshoot issues, and improve our customer service

4. Google API Services — Limited Use Disclosure

brandID bookme's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.

Google User Data — at a glance

For Google Calendar access, this Privacy Policy explicitly covers:

  • Google account information collected (email and profile) — see §4.1
  • Calendar data accessed (free/busy windows + bookme-created events only) — see §4.1
  • Purpose of access (scheduling, availability checking, event creation, Meet links) — see §4.2
  • With whom Google user data is shared, transferred, or disclosed (Google itself, the invitee, Contabo as hosting provider, legal authorities only) — see §4.6
  • Data retention period (free/busy not persisted; tokens deleted on disconnect; bookme event IDs deleted within 30 days) — see §4.4
  • How users can revoke access anytime (Settings → Integrations in bookme, or myaccount.google.com/permissions) — see §4.5
  • Data is never sold, transferred for advertising, or used to train generalized AI/ML models (raw or derived) — see §4.3 and §14

4.1 Exact OAuth Scopes We Request

For Google Sign-In and Google Calendar features, bookme requests only the following Google OAuth scopes:

ScopePurpose & user-facing featureData accessed
https://www.googleapis.com/auth/userinfo.emailSign in with Google and provision a bookme accountEmail address associated with your Google Account
https://www.googleapis.com/auth/userinfo.profileDisplay your name and profile picture inside bookmeName, profile picture, and Google account identifier
https://www.googleapis.com/auth/calendarRead free/busy windows on your primary calendar to compute available booking slots and prevent double-booking; create/update/delete bookme-managed events; attach Google Meet conferencing to bookme eventsFree/busy start and end times on your primary calendar (via freebusy.query); read/update/delete of events bookme created (via events.insert, events.patch, events.delete). We do not read titles, descriptions, attendees, or attachments of events that were created outside of bookme.
https://www.googleapis.com/auth/calendar.eventsCreate, modify, and cancel calendar events for meetings booked through bookmeOnly events that bookme creates on your behalf — their times, attendees (invitees), titles, and conferencing links

Why we use auth/calendar rather than a narrower scope: The calendar scope is required to call freebusy.query against your primary calendar for accurate availability checking. Without it, bookme could not detect conflicts with your existing calendar events and would risk double-booking you. We use this scope only for free/busy reads on your primary calendar and for managing events that bookme itself created — we never read the content of events created outside of bookme.

We do not request and do not access any other Google scopes — including Gmail content, Google Drive files, Google Photos, Google Contacts, Google Tasks, location history, Google Chat, or any other Google service.

4.2 How We Use Google User Data

We use Google User Data solely to provide and improve the user-facing scheduling features of bookme that are prominent in the bookme user interface. Specifically:

  • Free/busy availability checking — reading start and end times of busy windows on your primary calendar to compute the slots offered to your invitees
  • Booking event creation — creating a calendar event on your primary calendar when an invitee books a meeting, including the invitee's name and email as an attendee
  • Booking event updates — modifying the event when a booking is rescheduled, or deleting the event when a booking is cancelled
  • Google Meet link generation — when Google Meet is selected as the location, requesting a Meet conferencing link via the Calendar API and including it in the booking confirmation
  • Authentication — verifying your identity at sign-in via Google OAuth

4.3 Limited Use Compliance — What We Do Not Do

In accordance with Google's Limited Use requirements:

  • We do not transfer Google User Data to third parties except as necessary to provide or improve user-facing features (e.g., calling the Google Calendar API itself to create a calendar event), to comply with applicable law, or as part of a merger, acquisition, or sale of assets after obtaining your explicit prior consent
  • We do not use Google User Data for serving advertisements, including retargeted, personalized, or interest-based advertising
  • We do not allow humans to read Google User Data, except: (a) with your explicit, contemporaneous consent (e.g., when you ask our support team to investigate a specific calendar event); (b) where necessary for security investigations such as suspected account compromise; (c) to comply with applicable law; or (d) for aggregated, anonymized internal operational analysis where individual Google User Data cannot be re-identified
  • We do not use Google User Data — raw, derived, aggregated, or anonymized — to develop, train, fine-tune, evaluate, benchmark, or otherwise improve any generalized, foundational, or non-personalized AI or ML model, including large language models, whether our own or those of any third party. See §14 for the full AI/ML attestation.
  • We do not sell, rent, or trade Google User Data to any party for any purpose
  • We do not use Google User Data to determine creditworthiness or for lending purposes

4.4 Storage, Retention, and Deletion of Google User Data

  • Free/busy data is read in real time during slot calculation and is held only in transient memory — it is not persisted to long-term storage
  • Event identifiers for bookme-created events are stored alongside the corresponding bookme booking record for the lifetime of that booking, so that we can update or delete the event if the booking is rescheduled or cancelled
  • OAuth access and refresh tokens are encrypted at rest using AES-256 and are stored only while your Google integration is connected
  • On disconnect or revocation we immediately stop all access, delete the stored OAuth tokens, and delete bookme-managed Google User Data within 30 days, except where retention is required by law. See §4.5 — How to Revoke Access for the step-by-step.
  • Account deletion removes all of your personal data within 30 days. See §10 — Data Retention & Deletion.

4.5 How to Revoke Access at Any Time

You stay in control of your Google data. You can revoke brandID bookme's access to your Google Account whenever you want, through either of the two paths below — both work, both are immediate.

Option A — Inside brandID bookme
  1. Sign in to bookme.brandid.app
  2. Open Integrations from the sidebar
  3. Click Disconnect on the Google Calendar card
Option B — From your Google Account
  1. Visit myaccount.google.com/permissions
  2. Find brandID bookme in the list
  3. Click Remove access

What happens immediately when you revoke: we stop all access to your Google Calendar, delete the stored OAuth access and refresh tokens from our systems, and delete any bookme-managed Google User Data within 30 days (except where retention is required by law). Previously created calendar events stay on your Google Calendar — you can remove them yourself if you wish. To delete your entire bookme account, see Section 10.

4.6 Sharing, Transfer, and Disclosure of Google User Data

We do not transfer or disclose Google user data to any third party for purposes other than the ones provided in this Privacy Policy and required to deliver the user-facing scheduling features you authorized. Specifically, the only categories of recipient that ever receive Google user data are:

  • Google itself — when we call the Google Calendar API to create, update, or delete a calendar event on your behalf, or when we authenticate you via Google OAuth.
  • The invitee on a booking — when an invitee books a meeting with you, the bookme-created calendar event lists them as an attendee. Google then sends them the standard calendar invitation. No other Google user data of yours is shared with the invitee.
  • Our cloud hosting provider — Contabo GmbH (Germany) — provides the dedicated virtual server that hosts the bookme application. The encrypted-at-rest Google OAuth tokens and bookme-managed event identifiers physically reside on this server. Contabo does not access, process, or use your Google user data — they only provide the underlying compute and storage, bound by their own Data Processing Agreement and the EU GDPR. We do not use third-party object storage, third-party managed database, or third-party email-sending services for Google user data — our MongoDB database, Redis queue, and Postal email server all run on the same Contabo server under our sole administrative control.
  • Legal authorities — when required to comply with a valid legal process (subpoena, court order, regulatory request) under Canadian, EU, or other applicable law. We will challenge over-broad requests and notify affected users where legally permitted.

We do not provide Google user data to advertisers, ad networks, data brokers, information resellers, analytics partners, model trainers, AI/ML training pipelines, or any other party outside the four categories above. We do not sell, rent, or trade Google user data for any purpose. We do not use Google user data to determine creditworthiness or for lending purposes. Where any change in this list of recipients would occur (for example, if we add a managed database service in the future), this Privacy Policy will be updated and existing users will be notified at least 30 days before the change takes effect, as described in §15.

A current, named list of every sub-processor that may incidentally encounter Google user data is available on request — email [email protected] with the subject line “Sub-processor list request”. We notify users at least 30 days before adding or replacing any sub-processor that handles personal data.

4.7 In-Product Disclosure

Inside bookme, the Integrations page describes each Google permission you are about to grant before you authorize the connection (a per-scope summary sheet appears when you click Connect on Google Calendar), and the Settings page lets you disconnect at any time. These in-product notifications are kept consistent with the disclosures in this Policy.

4.8 Annual Security Assessment

Where the scopes we request require an independent security assessment under the Google API Services User Data Policy, brandID bookme undergoes that assessment annually (CASA Tier 2 or equivalent) and remediates any findings on the schedule required by Google.

5. Google Meet Conferencing

When a host sets a bookme event's location to Google Meet, the Meet link is generated as part of the Google Calendar event that bookme creates for the booking. Specifically, bookme adds a conferenceData.createRequest with conferenceSolutionKey.type = "hangoutsMeet" to the event payload, and Google returns the Meet URL alongside the created event.

  • No separate Google Meet API scope is requested. Meet link generation is performed entirely through the Calendar scope.
  • No Meet meeting content — bookme does not access Meet meeting recordings, participant lists, in-meeting chat, or any other data inside Meet meetings. Meet meetings themselves are governed by your Google account's Meet settings, not by bookme.
  • The Meet URL is stored as part of the bookme booking record and is included in the booking confirmation and reminder emails sent to the host and the invitee.

6. Data Sharing, Transfer & Disclosure

brandID bookme does not sell, rent, or trade your personal information — including Google user data — to any third party, for any purpose. We share your data only in the limited circumstances described below:

Service Providers We Share Data With

We share the minimum data necessary with the following service providers, solely to operate and deliver our scheduling service. The table makes clear which providers receive Google user data and which do not:

  • Google LLC (Google Calendar API, Google OAuth, Google Meet via Calendar API) — we send booking details (event title, date/time, attendees) to Google Calendar to create, update, or delete calendar events on your behalf. Google OAuth is used for authentication. Google Meet links are generated as part of the Calendar event payload. We do not share Google calendar data with any third party other than Google itself for the purpose of operating the integration. (Receives Google user data — by definition; it is the source of that data.)
  • Microsoft Corporation (Outlook Calendar API) — if you connect Outlook Calendar, we send booking details to create and manage calendar events. Microsoft does not receive any Google user data; the Outlook and Google integrations are kept entirely separate.
  • Zoom Video Communications, Inc. (Zoom API) — we send meeting details (title, date/time, duration) to Zoom to create and delete meeting rooms for video call bookings. Zoom does not receive any Google user data.
  • Stripe, Inc. — we share payment-related information (billing details, transaction amounts) with Stripe to process subscription payments and paid bookings. Stripe acts as an independent data controller for payment data under its own privacy policy. Stripe does not receive any Google user data.
  • PayPal Holdings, Inc. — when PayPal is selected as a payment method, we share transaction details (amount, booking reference) with PayPal to process the payment. PayPal does not receive any Google user data.
  • Contabo GmbH (German cloud hosting provider) — provides the dedicated virtual server that hosts the entire bookme application. All bookme data, including the encrypted-at-rest Google OAuth tokens and bookme-managed Google Calendar event identifiers, physically resides on this server. Contabo does not access, read, process, or use your data — they provide compute and storage only, bound by their Data Processing Agreement and EU GDPR. (Receives Google user data only at the encrypted-at-rest storage layer.)

Infrastructure We Self-Host (No Third-Party Recipient)

The following components of bookme are self-hosted on the same Contabo server and are under our sole administrative control. No separate third-party vendor receives data from these components:

  • Application database (MongoDB) — self-hosted; not MongoDB Atlas or any other managed database service.
  • Cache & job queue (Redis / BullMQ) — self-hosted; not Redis Cloud or any other managed Redis service.
  • Transactional email (Postal at mail.ainfluenser.com) — self-hosted on infrastructure we operate; not SendGrid, Mailgun, Postmark, AWS SES, or any other commercial email-delivery vendor. Notification emails (booking confirmations, reminders, cancellations) are dispatched from our own Postal server. These emails contain booking details and, where applicable, meeting links generated via the Google Calendar API; they do not contain free/busy data or any other Google user data beyond what is necessary for the user-facing notification.
  • Web tier (Nginx) and application runtime (Node.js) — self-hosted; no third-party application-hosting or function-as-a-service vendor is used.

Each named third-party service provider above is bound by a written data-processing agreement at least as protective as this Policy and, for any Google user data they may incidentally encounter, no less protective than the Google API Services User Data Policy. A current, named list of sub-processors is available to customers on request — email [email protected]. We notify users at least 30 days before adding or replacing a sub-processor that handles personal data.

When We May Disclose Data

Beyond the service providers listed above, we may disclose your personal information only in the following situations:

  • Legal requirements — when required by law, regulation, subpoena, court order, or other legal process
  • Safety & fraud prevention — to protect the rights, safety, or property of brandID, our users, or the public; or to investigate potential violations of our Terms of Service
  • Business transfers — in connection with a merger, acquisition, or sale of assets. Where the transfer would include Google User Data, we will obtain your explicit prior consent as required by the Google API Services User Data Policy. You will be notified before your data is transferred and becomes subject to a different privacy policy.
  • With your consent — when you explicitly authorize us to share specific data with a third party

International Data Transfers

Your data may be processed on servers located outside your country of residence. We ensure that appropriate safeguards are in place for any international transfers, including encryption in transit and at rest, the European Commission Standard Contractual Clauses (2021/914), the UK International Data Transfer Addendum where applicable, and Swiss-equivalent safeguards endorsed by the FDPIC.

What We Do NOT Do With Your Data

  • We do not sell your personal data or Google user data to third parties
  • We do not share your data with data brokers or information resellers
  • We do not use your data for targeted advertising, personalized ads, retargeted ads, or interest-based advertising
  • We do not transfer your data to third parties for purposes unrelated to providing the brandID bookme service
  • We do not use Google user data to determine creditworthiness or for lending purposes

7. Zoom Integration & Data Handling

When you connect your Zoom account to brandID bookme, we access limited Zoom data solely to provide our scheduling service. This section explains what data we access, how we use it, and how you can revoke access.

Zoom Scopes We Request

  • View and manage meetings (meeting:write) — to create Zoom meeting rooms when bookings are confirmed and delete them when bookings are cancelled
  • View user profile (user:read) — to verify your Zoom connection status and display your Zoom account information in the integrations dashboard

How We Use Zoom Data

  • Zoom meeting data is used exclusively to create, manage, and delete meeting rooms for video call bookings
  • Zoom profile information is used exclusively to display your connection status
  • We access Zoom data only when you explicitly connect your Zoom account through our Integrations page
  • We do not access your Zoom recordings, chat messages, webinars, phone data, or any other Zoom features

Zoom Data Storage & Security

  • Zoom OAuth tokens (access token and refresh token) are encrypted at rest using AES-256 encryption
  • Tokens are stored only while the integration is active
  • We do not store Zoom meeting recordings, participant lists, or meeting content
  • Meeting links created via Zoom are stored as part of booking records
  • All communication with Zoom APIs is conducted over HTTPS/TLS 1.2+

Revoking Zoom Access

You can disconnect your Zoom account from brandID bookme at any time through the Integrations page in your dashboard. Upon disconnection:

  • We immediately and permanently delete the stored Zoom OAuth tokens (access token and refresh token)
  • We stop all API access to your Zoom account
  • Previously created Zoom meetings remain on your Zoom account
  • You can also remove the app from your Zoom Marketplace installed apps page

For full details on what happens when you disconnect, see our Zoom Integration Guide.

8. Third-Party Service Providers

brandID bookme integrates with the following third-party services to provide our scheduling platform. Each service has its own privacy policy governing their handling of your data:

  • Google LLC (Privacy Policy) — OAuth authentication, Google Calendar access for availability checking and event creation, Google Meet conference link generation via the Calendar API
  • Microsoft Corporation (Privacy Policy) — Outlook Calendar integration via OAuth for calendar synchronization
  • Zoom Video Communications, Inc. (Privacy Policy) — OAuth-based integration for automatic meeting creation and deletion
  • Stripe, Inc. (Privacy Policy) — Payment processing for subscriptions and paid bookings, plus Stripe Connect for host payouts
  • PayPal Holdings, Inc. (Privacy Policy) — Alternative payment processing for paid event bookings
  • Contabo GmbH (Privacy Policy) — German cloud hosting provider for the dedicated virtual server on which the entire bookme application (including database, queue, and email server) runs, bound by EU GDPR and the Contabo Data Processing Agreement

Note that the following infrastructure components are self-hosted on our Contabo server, not delegated to any commercial third-party service: our MongoDB database, our Redis cache/queue, our Postal transactional-email server (at mail.ainfluenser.com), our Nginx web tier, and our Node.js application runtime. No managed-database, managed-Redis, managed-email-delivery, or function-as-a-service vendor is in our stack.

We only share the minimum data necessary for each integration to function. We do not grant these service providers access to data beyond what is required for their specific purpose. We do not sell your personal information to any third party.

A current, named list of our sub-processors is available on request — email [email protected]. We notify customers at least 30 days before adding or replacing a sub-processor that handles personal data.

9. Cookies & Tracking

brandID bookme uses cookies and similar technologies for the following purposes:

  • Essential cookies — maintain your session and authentication state
  • Preference cookies — remember your settings such as timezone and display preferences
  • OAuth state tokens — securely manage third-party authentication flows (Google, Microsoft, Zoom) to prevent CSRF

We do not use third-party advertising cookies or cross-site tracking technologies. We do not use cookies to collect data for advertising purposes. You can configure your browser to block cookies, but this may affect the functionality of our service.

10. Data Retention & Deletion

We retain your data for as long as your account is active or as needed to provide our services:

  • Account data — retained until you delete your account
  • Booking history — retained for 24 months after the booking date for record-keeping
  • Payment records — retained as required by applicable financial regulations (typically 7 years)
  • OAuth tokens (Google, Microsoft, Zoom) — encrypted with AES-256 and stored only while the integration is active; immediately deleted upon disconnection
  • Google Calendar free/busy data — read in real time and held only in transient memory; never persisted
  • Bookme-managed Google Calendar event identifiers — retained as part of the corresponding booking record so the event can be updated or deleted on reschedule/cancellation; deleted within 30 days of integration disconnection except where required by law
  • Usage logs — retained for 90 days for security and debugging purposes
  • Security and access logs — retained for 24 months

When you delete your account, we remove your personal data within 30 days, except where retention is required by law. When the data retention period expires for a given type of data, we delete or destroy it securely.

Requesting Data Deletion

You may request deletion of your data at any time by:

  • Deleting your account through the Settings page in your dashboard
  • Emailing us at [email protected] with a deletion request
  • Disconnecting specific integrations (Google, Zoom, etc.) to delete only the associated tokens and cached data

11. Your Rights (GDPR, CCPA, PIPEDA & Quebec Law 25)

Depending on your location, you may have the following rights under GDPR, UK GDPR, CCPA/CPRA, PIPEDA, Quebec Law 25, or other applicable data protection laws:

  • Access — request a copy of the personal data we hold about you
  • Correction — update or correct inaccurate personal data
  • Deletion — request deletion of your personal data (“right to be forgotten”)
  • Export — receive your data in a portable, machine-readable format
  • Restriction — request that we limit the processing of your data
  • Objection — object to processing based on legitimate interests
  • Opt-out of sale — we do not sell personal data, but California residents may make this request under CCPA; we honor Global Privacy Control (GPC) signals as a valid opt-out
  • Revoke consent — withdraw consent for any data processing that is consent-based (e.g., disconnect Google Calendar integration)
  • Lodge a complaint — file a complaint with your data protection authority (e.g., the Office of the Privacy Commissioner of Canada, the Commission d'accès à l'information du Québec, the UK ICO, or your EU/EEA supervisory authority)

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

12. Security Measures

We take the security of your data seriously and implement industry-standard protections:

  • All data transmitted via HTTPS/TLS 1.2 or higher
  • OAuth tokens (Google, Microsoft, Zoom) encrypted at rest using AES-256 encryption
  • Passwords hashed using bcrypt with salt
  • Data stored in MongoDB with role-based access controls and regular encrypted backups
  • Session data cached in Redis with automatic expiration
  • Multi-factor authentication required for production system access
  • Continuous monitoring and centralized audit logs for anomalous access patterns
  • Regular security reviews, dependency updates, and an annual independent security assessment (CASA Tier 2 or equivalent) where applicable to the scopes we use
  • Principle of least privilege for all third-party API access
  • Documented incident-response and vulnerability disclosure program

13. Children's Privacy

brandID bookme is not intended for use by children under the age of 16 (or the equivalent minimum age in the user's jurisdiction, including 13 under the United States Children's Online Privacy Protection Act). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without verifiable parental consent, we will take steps to delete that information promptly.

If you believe a child has provided us with personal data, please contact us at [email protected].

14. AI / ML Model Training Disclosure

The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.

brandID bookme does not use any user data — including but not limited to Google user data (raw or derived), Google Workspace API data, Microsoft Outlook data, Zoom data, calendar data, booking data, intake-form responses, meeting links, or personal information — to develop, train, fine-tune, evaluate, benchmark, or otherwise improve any generalized, foundational, or non-personalized artificial intelligence (AI) or machine learning (ML) model, whether our own or those of any third party. This restriction applies equally to raw data obtained from API scopes and to data that has been aggregated, anonymized, de-identified, or otherwise derived from such data. This restriction is binding regardless of any other provision of this Policy and applies to all data collected through bookme and all third-party integrations.

brandID bookme does not feed user data into any large-language-model (LLM) provider, foundation-model provider, AI/ML training pipeline, or AI/ML research dataset. We do not contract with any third party for the purpose of training, fine-tuning, or evaluating AI or ML models on user data.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will notify you by email or through a prominent notice on our platform at least 30 days before the changes take effect, except where immediate updates are required by law. The “Effective” date at the top of this Policy reflects the most recent revision. Your continued use of brandID bookme after changes are posted constitutes your acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy, our data practices, our handling of Google user data, or wish to exercise your data protection rights, please reach out: