Privacy Policy

Information we collect

Account information: when you sign in with Google we receive your name, email address, and profile picture (the basic "email" and "profile" scopes) to create and identify your host account.

Scheduling data: meeting types ("roznamas"), availability you configure, and the bookings made on your link — including guest-provided name, email, phone, and notes.

Google Calendar data (only if you connect your calendar): event and free/busy information needed to create booking events and check your availability.

Technical data: basic request metadata and session cookies required to keep you signed in.

Google user data and Calendar access

If you choose to connect Google Calendar, Roznamaty requests the calendar.events and calendar.freebusy scopes. We use calendar.events to create, update, and cancel the calendar events for bookings made through your link, and calendar.freebusy to read your busy times so we never offer a slot when you are unavailable.

Roznamaty’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google Calendar data for advertising, do not sell it, and do not share it with third parties except as needed to provide the service.

Your Google access and refresh tokens are encrypted (AES-256-GCM) before storage and are never exposed to browsers. You can disconnect Google Calendar at any time, which revokes our access.

How we use your information

To operate the scheduling service: create your public booking page, generate available slots in the correct time zones, and record bookings.

To create calendar events and send booking confirmation, cancellation, and reschedule notifications.

To secure the service, prevent abuse, and comply with legal obligations.

Where your data is stored

Data is stored in our managed PostgreSQL database (Supabase) with row-level security so each host can access only their own data. Guest booking endpoints expose only public-safe fields (host name, avatar, handle, and slots).

Sharing and third parties

We do not sell your personal data. We rely on service providers strictly to run Roznamaty: Supabase (authentication and database), Google (sign-in and Calendar), and an email provider for transactional notifications. Each processes data only to provide their service to us.

Data retention and deletion

We keep your data while your account is active. You may request deletion of your account and associated data, or disconnect Google Calendar, at any time by contacting us at the address below. Booking records may be retained where required for legitimate or legal reasons.

Security

We use industry-standard measures including encryption of sensitive tokens, encrypted transport (HTTPS), row-level security, and least-privilege access. No method of transmission or storage is 100% secure, but we work to protect your information.

Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date on this page.

Contact

For privacy questions or data requests, contact us at ahmed.yaseen.dev@gmail.com.