Privacy Policy

GridMyTime ("we", "us", "our") provides appointment scheduling software for service businesses. This policy explains how we collect, use, and protect your personal information when you use our website, web application, and mobile application (collectively, the "Service").

Account information

When you create a business account we collect your name, email address, and password (hashed). If you sign in with Google we receive your Google profile name and email.

Booking information

When a customer books an appointment we collect their name, email address, phone number (optional), and any notes they provide. Appointment dates, times, and status changes are stored as part of the booking record.

Usage data

We collect standard server logs (IP address, browser type, pages visited) to operate and improve the Service. The mobile app does not collect device identifiers beyond what Expo provides for crash reporting.

• Provide, maintain, and improve the Service
• Send booking confirmations, reminders, and cancellation notices
• Send SMS reminders when the business owner has enabled them and the customer has not opted out
• Process payments through our billing provider
• Respond to support requests
• Prevent fraud and enforce our Terms of Service

We share data with the following providers only as needed to operate the Service:

• Supabase — database hosting (PostgreSQL)
• SendGrid — transactional email delivery
• Twilio — SMS notifications
• Stripe — payment processing (we never store card numbers)
• Vercel / Railway — application hosting
• Google — OAuth sign-in (only if you choose Google login)

Each provider processes data under their own privacy policy. We do not sell your personal information to any third party.

We retain account and booking data for as long as your account is active. Soft-deleted records (archived staff, services, or clients) remain in the database to preserve appointment history but are hidden from the active interface. You may request full deletion at any time (see Section 7).

We use a single httpOnly cookie to manage your authentication session (refresh token). We do not use tracking cookies or third-party analytics cookies.

You may at any time:

• Access the personal data we hold about you
• Correct inaccurate information via your account settings
• Request deletion of your account and all associated data
• Opt out of SMS reminders by replying STOP to any message

To exercise these rights, email support@gridmytime.com.

We protect your data with HTTPS encryption in transit, hashed passwords (bcrypt), and encrypted token storage on mobile devices. Access to production infrastructure is restricted to authorized personnel.

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice. The effective date at the top of this page indicates when the policy was last revised.

Questions about this policy? Email us at support@gridmytime.com.