DraftMeet
Privacy

Privacy Policy

Last updated: April 18, 2026

1

Introduction

Welcome to DraftMeet. We are committed to protecting your personal data and ensuring full transparency about how we collect, use, and share information.

This policy complies with global privacy standards including the GDPR and CCPA.
2

Data We Collect

For Hosts (Account Holders)

  • OAuth Data: We access your Google Calendar to manage bookings and check availability. We store your basic profile info (email, name) and OAuth access tokens securely via Supabase.
  • Calendar Scopes: We request access to auth/calendar.events (to create/edit bookings) and auth/calendar.freebusy (to prevent scheduling conflicts).
  • Availability Settings: Your working hours, slot configuration, and timezone.

For Guests (Attendees)

  • Booking Information: Your name, email, and any meeting notes you provide.
  • Custom Answers: Any explicit answers provided during the booking flow (e.g. custom intake questions set by the host).
3

How We Use Your Data

  • To generate and manage Google Meet events for confirmed bookings.
  • To check your availability (Free/Busy status) to prevent double-bookings.
  • To send automated notifications and webhook payloads on behalf of the host.
  • To prevent fraud, abuse, and to secure our API endpoints.
  • We do not sell, rent, or share your personal data with third parties for marketing.
4

Your Rights (GDPR & CCPA)

Depending on your location, you hold specific rights regarding your data:

Right to Erasure (Right to be Forgotten)

Hosts can permanently delete their account and revoke all Google OAuth access directly from their Dashboard. This action is immediate and irreversible.

Right to Access & Rectification

You may request a copy of your stored data or ask us to update inaccurate details.

To exercise your rights, please contact the host of the meeting, or reach out to DraftMeet Support directly via your dashboard.
5

Security

We leverage industry-standard security measures to ensure your data stays private and protected:

  • All data in transit is encrypted via HTTPS / TLS.
  • OAuth tokens are stored encrypted at rest via Supabase.
  • Row-level security (RLS) ensures users can only access their own data.
  • Session cookies are HMAC-signed and HttpOnly.
6

Google API Disclosure

DraftMeet's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

This means we only use Google user data to provide or improve the core scheduling functionality of DraftMeet. We do not use Google data for advertising or to train AI/ML models.