This article is for the Legacy version of Appointlet. Click here for the instructions on the most recent app version.

Here at Appointlet we use industry-standard techniques to protect your information. 

This document will describe how the Google and Office 365 calendar integrations work, what information we get access to, the data we store, and how long we retain it.

To use Appointlet you must grant us authorization to read and update your calendars so that we can check your availability and add new bookings.

The process of granting us authorization is a typical OAuth2 flow, which means that instead of collecting your username and password for Google/Office, we are given a special password by your calendar provider that only grants us access to your calendar.  Think of this like a valet key for your car.

When we request information from your calendar provider about your availability, it's done over a TLS connection, so all data is encrypted in transit.

Google provides developers with an API that returns times when you are busy; no private information like event names, attendees, etc are revealed through it.

Full disclosure: we do have access to information like event names and attendees, but we do not request that information as it's not necessary to know your availability.

Similar to Google, we only request your availability data, so we get back data on when your events start and end, but not information like event names, attendees, etc.

The disclosure above applies here as well.

Whenever you receive a booking, we store the relevant information (start time, name/email/fields for the user) in our database.  The database is accessed over a secure connection, and encrypts all data at rest.

At this time we don't have a formal data retention policy, but are happy to remove any booking data upon request.

All of our servers (application, database and cache) are located in Amazon's US-East facilities.

Please feel free to reach out to our customer support and we'll get your questions answered ASAP!