Privacy Policy

Pay2Book has two kinds of user. An owner is a service professional who connects their own calendar and takes paid bookings. A booker is a customer who books and pays for a session. This policy covers both. Where a section applies only to one, we say so.

When an owner connects their account, we request the narrowest set of permissions that lets Pay2Book work. We never request access we do not use. Each permission below is tied to a single purpose.

Google

• Sign in (openid, userinfo.email, userinfo.profile) - to authenticate you and identify your account. We read only your name and email address.
• See your calendars (calendar.readonly) - to read your calendars at the moment a booker requests a slot, so the times we offer reflect your real availability.
• Check when you are busy (calendar.freebusy) - to read busy/free intervals so a paid booking is never placed over an existing commitment.
• Manage calendar events (calendar.events) - to write a confirmed booking onto your calendar, and to update or cancel that event if the booking changes. We only create or modify events that Pay2Book itself manages.
• Send email on your behalf (gmail.send) - to send the booking confirmation and calendar invite to your booker from your own account, so it arrives as you rather than from a no-reply address. We can only send; we cannot read your inbox.

Microsoft

• Sign in (openid, profile, email, User.Read) - to authenticate you and read your name and email address.
• Stay connected (offline_access) - to keep your connection working without asking you to sign in again for every booking. This is the standard refresh-token permission.
• Read and write your calendar (Calendars.ReadWrite) - to read your availability and to write, update, or cancel the booking events Pay2Book manages.
• Read shared calendars (Calendars.Read.Shared) - to include calendars shared with you when working out your availability, so a booking does not clash with time blocked on a shared calendar.
• Send email on your behalf (Mail.Send) - to send the booking confirmation and invite to your booker from your own mailbox. Send only; we can not read your mail.

You can revoke these permissions at any time from your Google Account or Microsoft Account security settings, or by disconnecting your calendar in Pay2Book. Revoking access stops Pay2Book reading your availability and sending on your behalf.

Pay2Book's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. The same principles apply to data received from Microsoft Graph. Specifically:

• We use calendar and email access only to provide and improve the booking features you see in Pay2Book.
• We do not transfer this data to others except as needed to provide the service, comply with law, or as part of a merger you are notified of.
• We do not use this data for advertising.
• We do not allow humans to read your calendar or email data, except with your explicit consent for support, to comply with law, or for security.

Your calendar is the source of truth, read live at the moment it is needed. We do not keep a copy of your calendar. We store the booking records, holds, and payment state that Pay2Book itself creates, keyed to your calendar's identifiers.

We store: your account profile (name, email), your connected-calendar identifiers and settings, your services and availability rules, bookings and their status, and a record of each payment. A booker's email address is stored encrypted so we can send confirmations and let them manage their own booking.

Payments are processed by Stripe. Card details are entered on Stripe's systems and are never seen or stored by Pay2Book. We store only the references Stripe returns (such as a payment or subscription identifier) and the amount and status of a booking, so we can confirm, refund, and report on it. Stripe's handling of payment data is governed by Stripe's own privacy policy.

Sensitive values, including the access tokens for your connected calendar and a booker's email address, are encrypted at rest. Access to our systems is restricted and authenticated. We never store your Google or Microsoft password; sign-in is handled by Google and Microsoft directly.

We do not sell your data. We share data only with the providers needed to run the service: Google or Microsoft (your calendar and email, at your direction), Stripe (payments), and our hosting and infrastructure providers. A booker's name is shown to the owner of the session they booked, as part of providing the booking.

You can disconnect a calendar, delete your services, or close your account at any time. Disconnecting or closing your account revokes our access and removes the data we hold for you, subject to records we must keep for legal, tax, or anti-fraud reasons (for example, payment records). To request access to or deletion of your data, contact us at the address below.

We may update this policy as the product evolves. We will change the date at the top, and for material changes we will give notice in the app.

Questions about this policy or your data: privacy@pay2book.app.