Privacy Policy — CalenMe

1. Introduction and Data Controller Identity

Leinas Labs LLC, a company incorporated under the laws of the State of Florida, USA, with its registered address at 1000 Brickell Avenue, Suite #715 PMB 153, Miami, Florida 33131, USA, owns and operates CalenMe (hereinafter "CalenMe", "we", or "the Platform"). This Privacy Policy describes what personal data we collect, the legal basis for processing it, how we use it, with whom we share it, and what rights you have over it. CalenMe serves two types of users: Publishers (professionals or businesses that subscribe to create appointment agendas) and Clients (individuals who book appointments through a Publisher's public page, without needing to create an account in CalenMe). By using the Platform, you accept the practices described in this policy. If you do not agree, you must refrain from using the service.

2. Legal Basis for Processing

CalenMe processes personal data under the following legal bases depending on the applicable jurisdiction: (a) Performance of a contract: processing is necessary to provide the service subscribed to by the Publisher. (b) Consent: granted upon accepting this policy and authorizing Google Calendar integration. (c) Legitimate interest: to improve the Platform, prevent fraud, and ensure system security. (d) Legal obligation: when the law requires retaining certain data. EU residents have additional rights under the GDPR (General Data Protection Regulation). California (USA) residents have additional rights under the CCPA/CPRA. Argentine residents are protected by Law 25.326 on Personal Data Protection.

3. Personal Data We Collect

We collect personal data in three distinct contexts:

Data provided by Publishers

Business information: business name and main activity, entered during account setup.
Agenda preferences: availability schedules, service descriptions, notification settings, and offered activity data.

Google permissions requested

CalenMe requests access to specific Google services solely to provide the features described in this Policy. Below is a detailed breakdown of each permission requested, its technical identifier, scope, and purpose.

Permissions required for platform access

The following permissions are requested during Google OAuth authentication and are necessary to create and manage the user's account in CalenMe.

Permission	Technical identifier	Purpose
Email address	https://www.googleapis.com/auth/userinfo.email	Unique identification of the user and linking with their CalenMe account.
Basic profile information	https://www.googleapis.com/auth/userinfo.profile	Retrieval of the user's name and profile picture from Google for display within their account.

Optional permissions for Google Calendar integration

The following permissions are strictly optional and are only requested when the user chooses to connect their Google Calendar account from the platform settings. Not enabling this integration does not limit the core functionality of CalenMe.

Permission	Technical identifier	Purpose
Create and delete events	https://www.googleapis.com/auth/calendar.events	Automatic recording of confirmed bookings in the user's calendar and their removal upon cancellation.
Read list of calendars	https://www.googleapis.com/auth/calendar.calendarlist.readonly	Display of the user's available calendars so they can select the destination for appointment events.

Statements on scope of access

CalenMe does not request or use the full Google Calendar access permission (https://www.googleapis.com/auth/calendar). Permissions are strictly limited to the operations necessary for the integration to function.
Google Calendar access tokens are stored securely within CalenMe's infrastructure and are never shared with third parties under any circumstances.
CalenMe accesses the user's calendars exclusively to create and delete events generated by the platform. It does not read, modify, or process pre-existing events in the user's calendar.
Calendar list information is used solely for display within the platform interface. It is not stored permanently or used for any other purpose.

Revoking permissions

Users may revoke permissions granted to CalenMe at any time from the connected apps panel in their Google account at myaccount.google.com/permissions. Revoking permissions will deactivate the Google Calendar integration until the user chooses to reconnect it. Events previously created in Google Calendar by CalenMe will not be automatically deleted upon revocation. Users may also disconnect the integration directly from the CalenMe application (Settings).

Data provided by Clients when booking

Client's first and last name.
Email address.
Phone number. This data is voluntarily provided by the Client when making a booking and is stored exclusively to manage the corresponding appointment. Clients do not create an account in CalenMe.

Data collected automatically by cloud infrastructure

IP address, browser type and version, operating system, and device used.
Pages visited, date and time of access, and browsing patterns within the Platform.
Service performance and availability data. This data is managed exclusively by the cloud infrastructure where the Platform operates (Microsoft Azure, West US 2 region), in accordance with their own retention and security policies, and is not stored in CalenMe's database.

4. Cookies and Tracking Technologies

CalenMe uses cookies to operate and improve the Platform. Cookies are small text files stored on your device that allow us to remember preferences and analyze site usage. Users may configure their browser to reject cookies, although this may affect Platform functionality.

Session cookies (strictly necessary): required for the Platform to function, including User authentication; deleted when the browser is closed.
Persistent and analytics cookies: user behavior analysis is performed exclusively through the built-in telemetry services of the cloud provider (Microsoft Azure). CalenMe does not use Google Analytics, Meta Pixel, or any third-party advertising or analytics tools.

5. How We Use Personal Data

We use the personal data collected solely for the following purposes, in compliance with the Google API Services User Data Policy:

To provide the service in accordance with the Terms and Conditions: authentication, account management, agendas, bookings, and notifications.
To securely process subscription payments through Stripe (CalenMe does not access or store credit card data).
To send appointment confirmations and automatic reminders to Publishers and Clients.
To analyze aggregated usage patterns to improve the Platform, fix errors, and develop new features.
To comply with legal obligations, respond to requests from competent authorities, and protect the rights and legitimate interests of CalenMe.
Data obtained via Google OAuth is NOT used for personalized advertising, is not sold or transferred to unauthorized third parties, and its use is strictly limited to the purposes declared in this policy, in compliance with the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy).

6. Sharing Data with Third Parties

CalenMe does not sell, rent, or trade personal data under any circumstances. We only share information with the following essential service providers, under data processing agreements and strict confidentiality obligations:

Google LLC: for OAuth 2.0 authentication and Google Calendar synchronization (when enabled by the Publisher). Google Privacy Policy: https://policies.google.com/privacy.
Stripe, Inc.: for secure subscription payment processing (PCI-DSS Level 1). Stripe directly manages all card data; CalenMe only receives customer and subscription identifiers. Stripe Privacy Policy: https://stripe.com/privacy.
Microsoft Corporation (Azure): for Platform hosting, file and image storage, and infrastructure services. Data is stored in the West US 2 region. Microsoft Privacy Policy: https://privacy.microsoft.com.
We do not share behavioral data or personal data for advertising, third-party marketing purposes, or with data brokers.

7. International Data Transfers

CalenMe operates from the United States. Personal data is processed and stored on Microsoft Azure infrastructure in the West US 2 region (United States). By using the Platform, Users outside the United States expressly consent to the transfer of their data to that country. For Users in the European Union or United Kingdom, CalenMe adopts the Standard Contractual Clauses approved by the European Commission as the appropriate transfer mechanism. For Users in other countries, CalenMe applies equivalent contractual and technical measures to ensure an adequate level of protection.

8. Data Retention

We retain Publishers' personal data for as long as their account is active and for the additional period reasonably necessary to fulfill the purposes described in this policy or as required by law (including tax and accounting obligations). Client booking data (name, email, phone number) is retained for the duration of the corresponding Publisher's subscription. When a Publisher account is cancelled, associated data (including Client data) is deleted within a maximum period of 90 days, unless legal retention obligations require a longer period. Cloud infrastructure data (access logs, telemetry) is retained in accordance with Microsoft Azure policies.

9. Data Security

CalenMe implements reasonable and appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include: HTTPS/TLS encryption for all communications, OAuth 2.0 authentication, role-based access controls, and infrastructure monitoring by Microsoft Azure. However, no Internet data transmission system or electronic storage is absolutely secure. In the event of a security breach affecting personal data, CalenMe will notify affected Users and competent authorities within the timeframes required by applicable law.

10. User Rights

Under applicable law, Users have the following rights over their personal data. To exercise any of these rights, contact [email protected] with sufficient identification. CalenMe will respond within a maximum of 30 days:

Right of access: request a copy of the personal data we hold about you.
Right of rectification: correct inaccurate, outdated, or incomplete data.
Right of erasure ("right to be forgotten"): request deletion of your personal data, subject to legal retention obligations.
Right of portability: receive your data in a structured, commonly used, machine-readable format.
Right of objection: object to the processing of your data for purposes other than the performance of the contract.
Right to withdraw consent: at any time, for processing based on consent, including Google Calendar integration (which can be disconnected from account settings).
Right not to be discriminated against (CCPA/CPRA, California residents): exercising your privacy rights will not result in discriminatory treatment by CalenMe.
Right to revoke Google data access: CalenMe's access to Google data can be revoked at any time from your Google account security settings (myaccount.google.com/permissions).

11. Marketing Communications

CalenMe may send communications about service updates, new features, or information relevant to Platform use to registered Publishers. These communications are not third-party advertising. Publishers may unsubscribe from these communications at any time by clicking the unsubscribe link included in each email, or by sending a request to [email protected]. Unsubscribing from marketing communications does not affect the sending of essential transactional service notifications (appointment confirmations, security alerts, billing notifications).

12. Minors

CalenMe is not directed at individuals under the age of 13 and does not knowingly collect personal data from minors of that age. If you have reason to believe that a child under 13 has provided personal data through the Platform, please contact us at [email protected] and we will promptly delete that information.

13. Changes to This Policy

CalenMe may update this Privacy Policy at any time. We will post the revised version on this page with the updated date indicated. If the changes are material (for example, new categories of data, new third-party recipients, or changes to the legal bases for processing), we will notify registered Publishers by email at least 15 days in advance. Continued use of the Platform after the changes are published constitutes acceptance of the updated policy.

14. Contact and Data Controller

For questions, concerns, rights requests, or reports related to this Privacy Policy, contact: [email protected]. Data Controller: Leinas Labs LLC, 1000 Brickell Avenue, Suite #715 PMB 153, Miami, Florida 33131, USA. Requests are handled on business days within a maximum of 30 calendar days.

15. Google API Services — Limited Use Disclosure

CalenMe's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

CalenMe's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. In particular: (a) CalenMe only uses Google user data to provide or improve user-facing features that are prominently described in this Privacy Policy and in the CalenMe user interface; (b) CalenMe does not use Google user data for advertising; (c) CalenMe does not allow humans to read Google user data unless you give explicit permission, it is necessary for security purposes such as investigating abuse, it is necessary to comply with applicable law, or CalenMe's use is limited to internal operations and the data (including derivations) has been aggregated and anonymized; (d) CalenMe does not sell Google user data. For more information, see the Google API Services User Data Policy at https://developers.google.com/terms/api-services-user-data-policy.

No use of Google data for AI, ML, or advertising

CalenMe explicitly declares that information received from Google APIs — including OAuth profile data and Google Calendar data — is never used for: training or improving artificial intelligence or machine learning models; aggregated behavioral or statistical analysis beyond what is strictly necessary to operate the service; targeted or contextual advertising of any kind; or any purpose not directly related to providing the scheduling features visible to the user in CalenMe. This declaration applies to all data obtained via Google APIs, regardless of whether it has been anonymized or aggregated.