1. Introduction

Idyllo ("we," "us," or "our") provides scheduling and estimating software for residential painting companies. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

2. Information We Collect

A. Account Information

When you create an account, we collect and store:

• Name

• Email address

• Business information

We do not access or collect any Google data during account creation.

B. Google Calendar Data (Optional Integration)

Connecting a Google account is optional.

We only access Google Calendar data after a user explicitly authorizes Idyllo through Google OAuth.

If you connect your Google account, we may access and store:

• Calendar ID and calendar name

• Event title

• Event description

• Event start and end times

• Attendee email addresses

We access this data solely to:

• Check availability

• Prevent double bookings

• Create events requested by the user

We fetch availability data on demand and sync event data only when a booking is created.

Users who do not connect their Google account do not have any Google data accessed or stored by Idyllo.

C. OAuth Tokens

If you connect your Google account, we store:

• OAuth access tokens

• OAuth refresh tokens

• OAuth access tokens and refresh tokens are stored securely and encrypted at rest using industry-standard encryption mechanisms.

These tokens are used only to enable authorized calendar functionality.

D. Customer and Scheduling Data

When using our platform, we store booking-related information including:

• Event title

• Event description

• Event start and end times

• Attendee email addresses

• Calendar ID and calendar name

• Customer contact information entered by the user

• Project and estimate details entered by the user 

This data is stored in our database to support scheduling and estimating functionality.

3. How We Use Information

We use collected information solely to:

• Provide scheduling and booking services

• Create calendar events

• Check calendar availability

• Prevent double bookings

• Manage customer estimates and appointments

We do NOT:

• Use Google Calendar data for advertising

• Use Google data for marketing

• Sell user data

• Share Google Calendar data with third parties

• Use Google data for AI model training

• Feed Google data into large language models (LLMs)

• Build user profiles based on Google data

4. Google API Services User Data Policy Compliance

Our use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

Google user data is used only to provide user-facing features that are directly requested by the user. We do not use this data for advertising, profiling, or unrelated purposes.

5. Data Storage and Security

All data is transmitted over HTTPS.

OAuth tokens are encrypted at rest using industry-standard encryption mechanisms.

We implement industry-standard security measures to protect stored data.

While we take reasonable steps to protect data, no system can guarantee absolute security.

6. Data Sharing

We do not sell user data.

We do not share Google Calendar data with third parties.

We may disclose information only if required by law.

7. Data Retention and Deletion

Revoking Google Access

If a user disconnects their Google account:

• OAuth access tokens and refresh tokens are permanently deleted.

• Previously stored booking and calendar event data within Idyllo remains in the system to preserve scheduling records.

Account Deletion

Users may request account deletion by contacting jess@idyllo.com . 

Upon account deletion:

• OAuth tokens are deleted

• User account data is deleted

• Stored calendar and booking records are deleted

• Deletion requests are processed within 30 days.

8. Your Rights

You may:

• Revoke Google access at any time via your Google Account Security settings

• Request deletion of your account and data

• Request access to your stored information