Privacy Policy

We collect information you provide directly to us, such as when you create an account, use our services, or contact us for support. This may include:

• Personal Information: Name, email address, company name, phone number • Account Data: Username, password (encrypted), account preferences • Usage Data: How you interact with our services, features used, documents/waivers created • Device Information: Browser type, IP address, device identifiers • Payment Information: When you subscribe to paid plans (processed securely by our payment providers) • Third-Party Integration Data: When you connect external services (such as Google Calendar), we store OAuth tokens, the associated account email address, and display name required to maintain the connection

We also automatically collect certain information when you use our services, including log data, analytics information, and cookies.

We use the information we collect to:

• Provide, maintain, and improve our services • Process transactions and send related information • Send you technical notices, updates, security alerts, and support messages • Respond to your comments, questions, and customer service requests • Communicate with you about products, services, offers, and events • Monitor and analyze trends, usage, and activities in connection with our services • Detect, investigate, and prevent fraudulent transactions and other illegal activities • Personalize and improve your experience • Facilitate contests, sweepstakes, and promotions

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: With vendors, consultants, and other service providers who need access to perform services on our behalf • Business Transfers: In connection with any merger, acquisition, or sale of company assets • Legal Requirements: When required by law or in response to valid legal process • Protection: When necessary to protect the rights, property, or safety of Apollyx, our users, or the public

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

Apollyx allows you to connect third-party services to enhance your experience. When you choose to connect an integration, we access only the data necessary to provide the requested functionality. You can disconnect any integration at any time from your account settings, which revokes our access.

Google Calendar Integration

When you connect your Google Calendar, we request the following permissions (OAuth scopes) and use them strictly as described below:

• Calendar Events (calendar.events): We create new calendar events on your behalf when a client submits a booking through your published page or confirms an appointment. We also read your list of calendars so you can choose which calendar to sync to. We do not modify or delete your existing events. • Calendar Availability (calendar.readonly): We query your calendar's free/busy status to determine available time slots on your public booking page. This prevents double-bookings. We only read busy/free time blocks — we do not access event titles, descriptions, attendees, or other event details. • Email Address (userinfo.email): We retrieve your Google account email to display which account is connected in your integrations dashboard. • Profile Name (userinfo.profile): We retrieve your display name to help you identify the connected account in your dashboard.

What We Store

When you connect Google Calendar, we store: your OAuth access token and refresh token (encrypted), the token expiration timestamp, and your Google account email and display name. We do not store your calendar events, event details, or attendee information in our systems. Calendar availability data is cached temporarily (up to 5 minutes) solely to reduce API calls and is not persisted.

What We Do Not Do

• We do not sell, share, or transfer your Google Calendar data to any third party • We do not use your Google Calendar data for advertising, profiling, or any purpose unrelated to the scheduling features you have enabled • We do not retain your Google data after you disconnect the integration

Revoking Access

You can disconnect Google Calendar at any time from your Apollyx integrations settings. This immediately revokes our OAuth tokens. You can also revoke access directly from your Google Account at https://myaccount.google.com/permissions.

Apollyx's use and transfer of information received from Google APIs adheres to the [Google API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.

We take reasonable measures to help protect your personal information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. We implement appropriate technical and organizational measures including:

• Encryption: All data transmitted is encrypted using TLS/SSL • Access Controls: Strict access controls and authentication mechanisms • Regular Audits: Security audits and vulnerability assessments • Employee Training: Regular security awareness training for our team • Incident Response: Documented incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request access to your personal data • Correction: Request correction of inaccurate data • Deletion: Request deletion of your personal data • Portability: Request transfer of your data to another service • Objection: Object to processing of your personal data • Restriction: Request restriction of processing • Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at privacy@apollyx.com.

We use cookies and similar tracking technologies to track activity on our services and store certain information. Types of cookies we use:

• Essential Cookies: Required for the operation of our services • Performance Cookies: Help us understand how visitors interact with our services • Functionality Cookies: Remember choices you make and provide enhanced features • Analytics Cookies: Help us measure and improve our services

You can set your browser to refuse all or some cookies, or to alert you when cookies are being sent. However, some parts of our services may not function properly without cookies.

For more information, please see our [Cookie Policy](/cookies).

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including:

• While you have an active account with us • As needed to provide you with our services • To comply with legal obligations • To resolve disputes and enforce our agreements

When we no longer need to retain your information, we will securely delete or anonymize it in accordance with our data retention policies.

We may update this privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page and updating the "Last Updated" date.

For significant changes, we will provide more prominent notice (such as email notification or a notice within our services). We encourage you to review this privacy policy periodically for any changes.

Your continued use of our services after any changes to this policy constitutes your acceptance of the updated policy.