Privacy Policy

1. Information We Collect

Information You Provide:

• Account Information: Name, email address, and profile picture obtained through Google OAuth authentication.
• Booking Data: Guest name, email address, meeting details, timezone, scheduling preferences, and any responses to custom questions provided during the booking process.
• Payment Information: Payment and billing information is collected and processed by our payment processor, Stripe. We do not directly store your credit card numbers or full payment details on our servers.
• Communications: Any information you provide when contacting us for support, feedback, or inquiries.

Information Collected Automatically:

• Calendar Data: When you connect Google Calendar, we access your calendar availability to check free/busy status and create calendar events. We access only the minimum data necessary for scheduling functionality.
• Usage Data: Pages visited, features used, actions taken, timestamps, session duration, referral sources, and general analytics to operate and improve the Services.
• Device and Technical Data: IP address, browser type and version, operating system, device type, screen resolution, language preferences, and unique device identifiers.
• Log Data: Server logs that may include your IP address, access times, pages viewed, error logs, and the page you visited before navigating to the Services.

Information from Third Parties:

• AI Features: When AI-powered features are enabled, limited meeting context (guest name, email domain, meeting title, schedule) may be sent to our AI provider (currently OpenAI) to generate meeting insights. We do not send your calendar event content, personal messages, or full email addresses to AI providers. We do not use your personal data to train generalized AI models.
• Third-Party Integrations: When you connect services such as Google, Zoom, or other integrations, we may receive information from those services in accordance with their privacy policies and the permissions you grant.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, maintain, and improve the Services
• To process transactions, manage subscriptions, and send billing-related communications
• To send booking confirmations, reminders, cancellation notices, and scheduling notifications
• To generate AI-powered meeting insights and recommendations (when enabled by you)
• To personalize your experience and provide content and features relevant to you
• To communicate with you about service updates, new features, security alerts, and administrative messages
• To analyze usage trends, monitor service performance, and conduct research and analytics
• To detect, investigate, and prevent fraud, abuse, security incidents, and other harmful activities
• To enforce our Terms of Service and comply with legal obligations
• To create aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you, which we may use for any lawful business purpose, provided that such data cannot reasonably be used to identify any individual, and we will not attempt to re-identify such data

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: We share information with third-party service providers who assist us in operating the Services, including Supabase (database hosting), Vercel (application hosting), Google (authentication, calendar, video), Zoom (video calls), OpenAI (AI features), and Stripe (payment processing). These providers are contractually obligated to use your information only as necessary to provide services to us.
• Meeting Participants: When a booking is made, relevant scheduling details are shared between the host and guest as necessary for the meeting.
• Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a government request.
• Business Transfers: In connection with any merger, acquisition, sale of assets, financing, reorganization, bankruptcy, dissolution, or similar transaction involving BestStory, your information may be transferred to the acquiring or successor entity. You acknowledge and agree that such transfers may occur and that the acquiring entity may continue to use your information as set forth in this Privacy Policy.
• With Your Consent: We may share your information for other purposes when you have given us your explicit consent.
• Aggregated or De-identified Data: We may share aggregated, statistical, or de-identified data that cannot reasonably be used to identify you with any third party for any purpose.

4. Data Retention

We retain your account and booking data for as long as your account is active or as needed to provide the Services to you. We may also retain and use your information as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, and for legitimate business purposes.

After account deletion or termination, we may retain certain information for a reasonable period (typically up to 90 days) for backup, archival, fraud prevention, and legal compliance purposes. After this retention period, we will delete or anonymize your data, unless longer retention is required by law. We are under no obligation to delete data earlier than required, unless earlier deletion is requested by you and is legally permissible.

5. Data Security

We implement commercially reasonable technical and organizational security measures to protect your information, including encryption in transit (TLS/SSL), secure database hosting, OAuth-based authentication, and access controls. However, no method of transmission over the Internet or method of electronic storage is 100% secure.

BESTSTORY CANNOT AND DOES NOT GUARANTEE THE ABSOLUTE SECURITY OF YOUR INFORMATION. WE SHALL NOT BE LIABLE FOR ANY UNAUTHORIZED ACCESS TO, USE OF, OR LOSS OF YOUR DATA, EXCEPT AS OTHERWISE PROVIDED IN OUR TERMS OF SERVICE OR REQUIRED BY APPLICABLE LAW. You acknowledge and accept the inherent security risks of providing information online and agree not to hold us responsible for any breach of security except to the extent caused by our willful misconduct or gross negligence.

6. Cookies and Tracking Technologies

We use essential cookies and similar technologies for authentication, session management, security, and service functionality. We may also use analytics cookies to understand how you use the Services and to improve them.

We do not use third-party advertising or behavioral tracking cookies. We do not currently respond to "Do Not Track" (DNT) browser signals, as there is no industry consensus on DNT standards.

Most browsers allow you to control cookies through their settings. Disabling cookies may affect the functionality of the Services.

7. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information:

• Access: Request access to the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your account and personal data, subject to our retention obligations and legal requirements.
• Data Portability: Request a copy of your data in a structured, machine-readable format where technically feasible.
• Opt-Out: Disconnect third-party integrations at any time through your account settings.

To exercise any of these rights, contact us at im@beststory.com. We will respond to your request within a reasonable timeframe, and in any event within the timeframe required by applicable law. We may require verification of your identity before processing your request. We reserve the right to deny requests that are unreasonable, repetitive, or technically impractical.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• No Sale of Personal Information: We do not sell or share personal information for cross-context behavioral advertising purposes as defined under the CCPA/CPRA.

To submit a CCPA request, contact us at im@beststory.com.

9. Children's Privacy

The Services are not intended for or directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18 (or under 13 where COPPA applies). If we become aware that we have inadvertently collected information from a child under 18 (or under 13 where applicable), we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Our servers and service providers are located primarily in the United States. If you are accessing the Services from outside the United States, you acknowledge and consent to the transfer, processing, and storage of your information in the United States, where data protection laws may differ from those of your country of residence. By using the Services, you acknowledge and consent to such transfers. We rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms where required under applicable data protection laws. Where required under applicable law, we process personal data on the basis of contract performance, legitimate interests, consent, or legal obligation.

11. Third-Party Links and Services

The Services may contain links to third-party websites, applications, or services that are not owned or controlled by BestStory. We are not responsible for the privacy practices, content, or security of any third-party services. We encourage you to review the privacy policies of any third-party services you access. Any interaction with third-party services is at your own risk.

12. Changes to This Policy

We reserve the right to update or modify this Privacy Policy at any time at our sole discretion. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date and, where required by law, by sending an email notification. Your continued use of the Services after any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you must stop using the Services.

13. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

im@beststory.com

BestStory LLC · 30 N Gould St Ste R, Sheridan, WY 82801, United States