Privacy Policy

1. Introduction

Welcome to DraftMeet. We are committed to protecting your personal data and ensuring transparency about how we collect, use, and share information. This policy complies with global privacy standards, including the GDPR and CCPA.

2. Data We Collect

For Hosts (Account Holders):

• OAuth Data: We access your Google Calendar to manage bookings and check availability. We store your basic profile info (email, name) and OAuth access tokens securely via Supabase.
• Calendar Scopes: We request access to auth/calendar.events (to create/edit bookings) and auth/calendar.freebusy (to prevent scheduling conflicts).
• Availability Settings: Your working hours and timezone configurations.

For Guests (Attendees):

• Booking Information: Your name, email, and meeting notes.
• Custom Answers: Any explicit answers provided during the booking flow.

3. How We Use Your Data

• To generate and manage Google Meet events for confirmed bookings.
• To check your availability (Free/Busy status) to prevent double-bookings.
• To send automated notifications and webhook payloads on behalf of the host.
• To prevent fraud, abuse, and secure our API endpoints.

4. Your Rights (GDPR & CCPA)

Depending on your location, you hold specific rights regarding your data:

• Right to Erasure (Right to be Forgotten): Hosts can permanently delete their accounts and revoke all Google OAuth access directly from their Dashboard.
• Right to Access & Rectification: You may request a copy of your stored data or update inaccurate details.

To exercise these rights securely, please contact the host of the meeting or reach out to DraftMeet Support.

5. Security

We leverage industry-standard security measures (HTTPS, Supabase RLS, encryption at rest for tokens) to ensure your data stays private and protected from unauthorized access.