Privacy Policy

1. Introduction

Welcome to TimeTuna.com (“we,” “our,” or “us”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our booking platform designed for creative professionals.

This policy applies both to hosts (people who create booking pages and connect their calendars) and to guests (people who book a meeting through a host's booking page).

By using TimeTuna.com, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Account and Profile Information

When you create an account or set up your profile, we may collect:

• Name and email address (via Google or Microsoft sign-in)
• Profile information such as your avatar and basic account details
• Your phone number, if you choose to enable SMS notifications (verified by a one-time code)
• Your subscription plan and related billing status

2.2 Calendar Integration Data

When you connect a calendar, we access availability and event data needed to run your booking pages. We support:

• Google Calendar (via Google OAuth)
• Microsoft Outlook Calendar (via Microsoft OAuth and the Microsoft Graph API)
• Other calendars you add through a read-only iCal (ICS) URL

2.3 Booking and Guest Information

When a guest books a meeting, we collect the information they provide, which may include:

• Name and email address
• Phone number (optional, used for SMS reminders if provided)
• Answers to any custom questions configured by the host
• Booking details such as the selected time slot, duration, and meeting type

2.4 Payment Information

Payments for subscriptions, and any per-booking payments hosts choose to collect, are processed by Stripe. We do not store full payment card numbers on our servers. Stripe processes card details directly and shares limited information with us (such as plan status and the last four digits of a card) so we can manage your account.

2.5 Content You Provide

We store content you upload or create, including avatar images, booking page background images and videos, and any text prompts you enter into our optional AI booking page generator.

2.6 Technical and Usage Information

• IP address and browser information
• Usage data and analytics
• Device and operating system information

3. How We Use Your Information

We use your information to:

• Provide and maintain our booking service
• Create and manage your booking pages
• Process bookings and send confirmations
• Integrate with your connected calendars and create meeting links
• Send service communications, booking confirmations, and reminders by email and SMS
• Process subscription and per-booking payments
• Generate booking page designs when you use our optional AI features
• Support team and cohost collaboration
• Improve our platform and user experience
• Prevent fraud and ensure platform security

4. Calendar Integrations

4.1 Google API Services

Our use of information received from Google APIs adheres to theGoogle API Services User Data Policy, including the Limited Use requirements.

We only access the minimum necessary Google Calendar data to provide our booking functionality and do not use this data for advertising or other unrelated purposes. With your consent, we request only the following specific Google OAuth scopes:

• email - Access to your email address
• profile - Access to basic profile information
• userinfo.profile - Access to user profile information
• calendar.calendarlist.readonly - Read-only access to your calendar list
• calendar.freebusy - Access to your calendar free/busy information
• calendar.events - Access to create and manage calendar events

These permissions allow us to display your available time slots, prevent double-bookings, and create calendar events when bookings are confirmed.

AI and Machine Learning Commitment: We explicitly affirm that TimeTuna.com does not use any data accessed through Google Workspace APIs to develop, improve, or train generalized artificial intelligence and/or machine learning models. Any data obtained from Google Workspace services is used exclusively for the specific functionality of our booking platform (calendar integration, availability checking, and event creation).

4.2 Microsoft Outlook

When you connect a Microsoft account, we use Microsoft OAuth and the Microsoft Graph API to read your calendar availability and to create or update events for confirmed bookings. We request only the calendar and basic profile permissions needed for this functionality.

4.3 Zoom

If you connect a Zoom account, we use Zoom OAuth solely to create Zoom meeting links for bookings on pages where you have selected Zoom as the meeting type. We do not access your Zoom recordings or meeting history.

4.4 iCal Calendars

You may add additional calendars by providing a read-only iCal (ICS) URL. We periodically fetch busy times from these URLs to check your availability. We do not modify calendars added this way.

5. AI Features

TimeTuna.com offers an optional AI booking page generator. When you choose to use it, the text prompt you enter is sent to OpenAI to generate booking page settings and to create background images. This processing only occurs for prompts you actively choose to submit.

Our AI features operate independently of your calendar data. As stated in Section 4.1, data accessed through Google Workspace APIs is never used for AI or machine learning purposes.

6. Communications

We send transactional messages related to your account and bookings:

• Email: Booking confirmations, reminders, cancellation and reschedule notices, and account communications are sent through our email provider, Loops.so. Confirmation emails may include a calendar (.ics) attachment.
• SMS: If a phone number is provided, we may send booking confirmations and reminders by SMS through Twilio. We also use Twilio to send a one-time verification code when a host adds a phone number.

Standard message and data rates may apply to SMS messages, depending on your mobile carrier.

7. Information Sharing and Third-Party Service Providers

We do not sell, trade, or rent your personal information. We share information only with service providers that help us operate the platform, and only to the extent needed to provide our service. These providers include:

• Supabase: Database, authentication, and file storage
• Vercel: Application hosting and custom domain management
• Google: Calendar integration, sign-in, and analytics
• Microsoft: Outlook calendar integration and sign-in
• Zoom: Meeting link creation
• Stripe: Subscription and per-booking payment processing
• Twilio: SMS messages and phone number verification
• Loops.so: Transactional email delivery
• OpenAI: Optional AI booking page generation
• PostHog: Product analytics
• Crisp: Customer support chat

We may also disclose information when required by law or to protect our rights, and in connection with a merger, acquisition, or asset sale.

When you make a booking, the information you provide is shared with the host of that booking page so they can manage and attend the meeting.

8. Cookies and Analytics

We use cookies and similar technologies for the following purposes:

• Essential cookies: Required to keep you signed in and to operate the service
• Analytics: We use PostHog and Google Analytics to understand how the platform is used
• Support: We use Crisp to provide in-app customer support chat
• Measurement: We use Google Tag Manager and Google Ads conversion tracking to measure the effectiveness of our marketing

9. Teams and Collaboration

TimeTuna.com supports teams and cohosts. When you invite someone to a team or to cohost a booking page, we send an invitation to the email address you provide. Members of a team or a shared booking page may be able to view booking page settings and the booking information associated with that page.

10. Data Security

We implement appropriate security measures to protect your personal information, including:

• Encryption of data in transit and at rest
• Secure authentication via trusted OAuth providers
• Regular security assessments and updates
• Limited access to personal data by authorized personnel

11. Your Rights

You have the right to:

• Access and update your personal information
• Delete your account and associated data
• Disconnect any connected calendar or integration account
• Export your booking data
• Object to certain data processing activities
• Request data portability (where applicable)

12. Data Retention

We retain your personal information only as long as necessary to provide our services and comply with legal obligations. When you delete your account, we will delete your personal data within 30 days, except where retention is required by law. Booking records may be retained by the host of the relevant booking page for their own records.

13. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your personal information during such transfers.

14. Children's Privacy

Our service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “last updated” date. Your continued use of the service after such modifications constitutes acceptance of the updated Privacy Policy.

16. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: