Privacy Policy — Schedulr

1. Overview

This Privacy Policy explains how Schedulr ("we", "us", "our") collects, uses, and protects information when you use the appointment scheduling application at calendar.akashpurswani.com (the "Service").

By using the Service — whether to book a meeting or to manage appointments as the administrator — you agree to the practices described in this policy.

Schedulr is a personal scheduling tool operated by Akash Purswani. It is not a commercial product and is not offered to the general public as a platform. Its sole purpose is to allow people to book appointments with the operator.

2. Who we are

Operator: Akash Purswani

Website: calendar.akashpurswani.com

Contact: akashpurswani@gmail.com

References to "we", "us", or "our" in this policy refer to the operator of this application.

3. Data we collect

3.1 Information you provide when booking

When you book a meeting through the Service, we collect:

Data	Why we collect it
Full name	To identify who has booked a meeting
Email address	To send a booking confirmation and to create a calendar event
Meeting type selected	To schedule the correct duration and type of call
Date and time selected	To record when the meeting is scheduled
Notes (optional)	Any context you choose to share ahead of the meeting

3.2 Information collected automatically

When you use the Service, our web server may automatically log:

Your IP address (used only for security rate-limiting on the login endpoint)
Browser type and version
The pages you access and timestamps

This information is used solely for security and operational purposes and is not used for tracking or advertising.

3.3 Information we do not collect

We do not collect:

Payment information of any kind
Social media profile data
Location data beyond the IP address logged by the server
Any data from third-party tracking or advertising platforms

4. Google Calendar integration

This application integrates with the Google Calendar API to provide real-time availability and automatic event creation. This section explains exactly how that works.

4.1 What the integration does

Read calendar events: The application reads the operator's (Akash Purswani's) Google Calendar to determine which time slots are already occupied, so that bookers are only shown genuinely available times.
Create calendar events: When a booking is confirmed, the application creates a new event in the operator's Google Calendar containing the meeting details (meeting type, booker name, booker email, time, and any notes).

4.2 What Google data is accessed

The application requests the following Google OAuth scopes:

Scope	Purpose
`calendar.readonly`	Read the operator's calendar to determine availability. No booker's calendar is accessed.
`calendar.events`	Create a calendar event when a booking is confirmed.

Important: Only the calendar of the application operator (Akash Purswani) is ever accessed. The application does not access, read, or interact with the Google Calendar of any person who books a meeting.

4.3 How Google tokens are stored

OAuth access and refresh tokens granted by Google are stored securely in the application's private MySQL database on the server. They are never exposed to bookers or third parties. Tokens are used only to perform the calendar operations described above.

4.4 Google API Services User Data Policy

Schedulr's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

Google data is used only to provide the scheduling functionality described in this policy.
Google data is not transferred to third parties.
Google data is not used for advertising purposes.
Google data is not used to train machine learning or AI models.
Humans do not read your Google data unless you have explicitly given permission to do so or it is necessary for security purposes.

4.5 Revoking access

The operator can revoke the application's access to Google Calendar at any time by visiting Google Account Permissions and removing Schedulr. Doing so will stop new calendar events from being created but will not affect existing bookings stored in the database.

5. How we use your data

Information collected when you book a meeting is used exclusively to:

Record your appointment in the application's database
Create a Google Calendar event for the operator
Send you a booking confirmation (if email is configured)
Allow the operator to view and manage upcoming appointments

We do not use your data for marketing, profiling, or any purpose other than facilitating the meeting you requested.

6. Data sharing

We do not sell, rent, or trade your personal information. Your booking details are shared only in the following circumstances:

Google Calendar: Your name, email, meeting type, and notes are included in the calendar event created in the operator's Google Calendar, as described in Section 4.
Hosting provider: The application runs on a private server. The hosting provider may have access to server logs as part of normal infrastructure operation, subject to their own privacy policy.
Legal requirements: We may disclose information if required to do so by law or in response to valid legal process.

There are no analytics platforms, advertising networks, or other third-party trackers embedded in this application.

7. Data retention

Booking records (name, email, meeting type, date, time, and notes) are retained in the application's database for as long as they are operationally relevant to the operator.

If you would like your booking data to be deleted, please contact us at the address in Section 13 and we will action your request within 30 days.

Server access logs are retained for up to 90 days for security purposes and then deleted automatically.

8. Security

We take reasonable technical measures to protect your information:

All data is transmitted over HTTPS (TLS encryption)
The admin panel is protected by a bcrypt-hashed password and token-based authentication
Login attempts are rate-limited to prevent brute-force attacks
Google OAuth tokens are stored in a private database, not in client-side storage
Database credentials and signing secrets are stored server-side in configuration, not in the application code

No method of transmission over the internet is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Your rights

You have the right to:

Access the personal data we hold about you
Correct inaccurate information
Delete your booking data
Object to how your data is used

To exercise any of these rights, please contact us using the details in Section 13. We will respond within 30 days.

10. Cookies

This application does not use tracking cookies or third-party cookies of any kind.

The admin panel uses sessionStorage (a browser-side temporary store) to hold an authentication token for the duration of the browser session. This is not a cookie and is cleared automatically when the browser tab is closed. It is never transmitted to third parties.

11. Children's privacy

This Service is not directed at children under the age of 13 (or under 16 in the European Economic Area). We do not knowingly collect personal data from children. If you believe a child has submitted personal data through this Service, please contact us and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

13. Contact

If you have any questions about this Privacy Policy, or wish to exercise your data rights, please contact:

Akash Purswani

Email: akashpurswani@gmail.com

Website: calendar.akashpurswani.com