Schedule
HomeTermsSign up

Privacy Policy

How Schedule handles your data

Schedule is a scheduling product by oneAppKit. This policy explains what we collect, how we use it, and how Google Calendar data is handled when you choose to connect your calendar.

Information We Collect

  • Account information: name, email address, login provider, profile details you enter, and settings such as timezone, booking link, availability, and brand color.
  • Booking information: event type, date, time, guest name, guest email, answers to booking questions, and booking status.
  • Calendar connection information: provider, selected calendar IDs, calendar display names, access role, connection status, and OAuth tokens needed to keep the calendar connection working.

How Schedule Uses Google Calendar Data

Schedule requests Google Calendar access only after you click “Connect Google Calendar.” We use Google Calendar data to provide the scheduling features you request.

  • We use calendar list access to show the calendars available in your Google account so you can choose which calendars Schedule should check for conflicts and where new bookings should be added.
  • We use free/busy access to check whether selected calendars are available during possible booking times. Schedule uses busy time windows to hide unavailable slots.
  • We use event access to create a booking event on your selected Google Calendar, update that event if the booking is rescheduled, and delete or cancel that event if the booking is canceled.

Schedule does not use Google Calendar data for advertising and does not sell Google Calendar data.

Google API Limited Use

Schedule's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Data Protection and Security

Schedule stores account, booking, calendar connection, and OAuth token data in a Supabase-hosted database. Schedule relies on Supabase's documented infrastructure-level encryption to protect hosted data at rest; any provider-managed backups are also encrypted at rest. In production, Schedule uses HTTPS and TLS to protect data sent between your browser and Schedule, and uses HTTPS when communicating with Supabase and Google APIs.

Google OAuth tokens are received, stored, and used by server-side Schedule code and are not returned to users' browsers. The token database tables use row-level security with no browser-access policies. Schedule also uses row-level security and server-side authorization to restrict non-public data based on account and resource ownership. Information needed to operate public booking pages is intentionally available to visitors.

These safeguards are designed to protect personal information and Google user data against unauthorized access, disclosure, alteration, or destruction. No method of electronic transmission or storage is completely secure.

Data Retention and Deletion

We retain account, booking, and Google user data while needed to provide Schedule and for legitimate legal, security, accounting, and dispute-resolution purposes.

When you disconnect Google Calendar, Schedule deletes its stored Google OAuth token, which stops Schedule from using that connection for future calendar access. Disconnecting does not revoke Schedule's access in your Google Account, delete existing Google Calendar events, or delete existing Schedule bookings. You can separately revoke access from your Google Account permissions page.

You may request account or data deletion by emailing oneappkit@gmail.com. We will review and respond to your request, and some records may be retained where required or permitted by law.

Sharing

We share booking details with the people involved in a booking, such as the host and guest, so the meeting can happen. We use service providers such as Supabase, Vercel, Resend, Google, and Microsoft to operate Schedule. We do not sell personal data.

Your Choices

You can disconnect Google Calendar from Schedule in your account settings. You can also revoke Schedule's Google access from your Google Account permissions page. To request account deletion or data deletion, contact us at oneappkit@gmail.com.

Contact

Questions about this policy can be sent to oneappkit@gmail.com.

Last updated: July 12, 2026.

© 2026 oneAppKitSchedule is built for simple appointment scheduling.