Privacy Policy

Effective Date: June 25, 2025

1. Introduction

Welcome to Quikly ("Quikly", "we", "our", or "us"). We are committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible manner. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our website and use our services, including our integrations with third-party services like Google Calendar.

2. Information We Collect

We may collect the following types of information:

  • Personal Information: Name, email address, phone number, and other contact details.
  • Booking Information: Details related to appointments, services booked, and transaction history.
  • Payment Information: Billing details and payment method information.
  • Technical Data: IP address, browser type, operating system, and usage data.
  • Google Account Information: When you connect your Google Calendar, we collect your Google account email, name, profile picture, and email verification status through Google's OAuth2 authorization process.
  • Calendar Integration Data: Calendar event information, appointment synchronization data, sync timestamps, and OAuth access tokens necessary for Google Calendar integration.
  • SMS Communication Data: Phone numbers, message content, delivery status, and timestamps for appointment reminders and notifications sent through our SMS service.
  • Feedback: Customer reviews and responses to surveys.

3. Google Calendar Integration

Our Google Calendar integration allows you to synchronize your Quikly appointments with your Google Calendar. Here's what you need to know:

  • Authorization: We use Google's OAuth2 authorization system to securely access your Google Calendar. You must explicitly grant permission for each scope we request.
  • Permissions Requested: We request access to create and modify calendar events, read your basic profile information (name, email), and verify your email address.
  • Data Access: We only access the specific data needed to synchronize your appointments. We do not read, modify, or access your existing personal calendar events.
  • Event Creation: We create calendar events containing appointment details including service names, customer information, appointment times, and booking notes.
  • Token Security: OAuth access and refresh tokens are encrypted and stored securely. These tokens allow us to maintain calendar synchronization without requiring repeated authorization.
  • Revocation: You can revoke our access to your Google Calendar at any time through your Google Account settings or by disconnecting the integration in your Quikly dashboard.

4. How We Use Your Information

We use the collected information to:

  • Provide and manage our booking services.
  • Process transactions and send related information.
  • Communicate with you regarding your account and our services.
  • Send appointment reminders, confirmations, and notifications via SMS.
  • Improve our website and services through analytics.
  • Synchronize your appointments with your Google Calendar when you enable this integration.
  • Create, update, and manage calendar events on your behalf.
  • Maintain authentication with Google services for continued calendar synchronization.
  • Comply with legal obligations.

5. Sharing Your Information

We may share your information with:

  • Google Services: When you enable Google Calendar integration, we share appointment information with Google to create and manage calendar events in your account. This includes appointment times, service details, customer names, and booking notes.
  • Twilio SMS Services: When you use our SMS features, we share phone numbers and message content with Twilio to deliver appointment reminders and notifications. Twilio processes this data in accordance with their Privacy Policy and applicable telecommunications regulations.
  • Service Providers: Third-party vendors who assist in providing our services (e.g., payment processors, email service providers).
  • Legal Authorities: When required by law or to protect our rights.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets.

We do not sell or rent your personal information to third parties.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. For Google Calendar integration specifically:

  • OAuth tokens are encrypted at rest using industry-standard encryption methods.
  • All communications with Google services use secure HTTPS connections.
  • Access to calendar integration features requires user authentication.
  • We implement CSRF protection for OAuth authorization flows.
  • Calendar synchronization includes error handling to prevent data corruption.

However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your information for different purposes and periods:

  • Account Information: Retained while your account is active and for a reasonable period after closure for legal compliance.
  • Google Calendar Integration Data: OAuth tokens and sync data are retained while the integration is active. When you disconnect the integration, we delete the tokens and cease synchronization.
  • Calendar Events: Events created in your Google Calendar remain under your control. Disconnecting our integration does not delete previously created events.
  • Appointment History: Retained for business purposes and legal compliance, typically for 7 years or as required by applicable law.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access the personal data we hold about you.
  • Request correction or deletion of your data.
  • Object to or restrict processing of your data.
  • Withdraw consent where processing is based on consent.
  • Google Calendar Specific Rights: Disconnect the Google Calendar integration at any time, revoke OAuth permissions through your Google Account, and request deletion of integration-related data.

To exercise these rights, please contact us at [email protected].

9. Third-Party Services

We integrate with third-party services to enhance your experience:

  • Google Calendar: Subject to Google's Privacy Policy and Terms of Service. We access your Google Calendar only with your explicit consent and within the scope of permissions you grant.
  • Twilio SMS Services: Subject to Twilio's Privacy Policy and Terms of Service. By using our SMS features, you acknowledge that:
    • Message delivery is not guaranteed and may be affected by carrier restrictions, network issues, or recipient device limitations.
    • Message content and delivery status may be logged by Twilio for service quality and compliance purposes.
    • You are responsible for obtaining proper consent from message recipients in accordance with applicable laws (e.g., TCPA in the United States, GDPR in the European Union).
    • You must not use SMS services for spam, harassment, or any unlawful purposes.
    • Message rates and charges may apply based on your location and the destination country.
  • Other Services: We may integrate with additional third-party services in the future. We will update this policy to reflect any new integrations.

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website, including session management for OAuth authorization flows. You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies.

11. Third-Party Links

Our website may contain links to third-party websites, including Google services. We are not responsible for the privacy practices or the content of such websites.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including when using Google Calendar integration services. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including when we add new integrations or modify existing ones. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the effective date. For significant changes affecting Google Calendar integration, we may provide additional notice. You are advised to review this Privacy Policy periodically for any changes.

14. Google API Services User Data Policy Compliance

Quikly's use and transfer of information received from Google APIs adheres to the Google Workspace API User Data and Developer Policy, including the Limited Use requirements.

 

Limited Use Compliance Statement: The use of information received from Google Workspace APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We only use the minimum necessary permissions and data required to provide our calendar synchronization service. We do not use this data for advertising purposes, transfer it to third parties for advertising, or use it to determine credit-worthiness or for lending purposes. We do not use this data to create, train, or improve machine learning or artificial intelligence models beyond that specific user's personalized model for the appropriate use case or user-facing feature.

15. SMS and Telecommunications Compliance

Our SMS services are provided through Twilio and are subject to various telecommunications regulations and compliance requirements:

  • Consent Requirements: You must obtain proper consent from message recipients before sending SMS messages. This includes clear disclosure of what messages will be sent, how often, and how to opt out.
  • Opt-Out Mechanism: All SMS messages sent through our service must include clear opt-out instructions (e.g., "Reply STOP to unsubscribe").
  • TCPA Compliance (US): For US-based users, compliance with the Telephone Consumer Protection Act (TCPA) is required, including obtaining prior express written consent for marketing messages.
  • GDPR Compliance (EU): For EU-based users, SMS communications must comply with GDPR requirements, including lawful basis for processing and data subject rights.
  • Message Content: You are responsible for ensuring that SMS content complies with applicable laws and regulations, including prohibitions on spam, harassment, and deceptive practices.
  • Data Retention: SMS message logs and delivery status information are retained for service quality and compliance purposes, typically for 90 days or as required by applicable law.

 

Disclaimer: While we provide tools to help you comply with these requirements, you are ultimately responsible for ensuring your SMS communications comply with all applicable laws and regulations in your jurisdiction.

16. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Quikly Privacy Team

Email: [email protected]

Address:

3 Jasmine Place, Blockhouse Bay

Auckland, New Zealand 0600