Privacy Policy

We take your privacy seriously. This policy explains how we collect, use, and protect your data.

Last updated: March 8, 2026Effective immediately

Quick navigation

Information We Collect How We Use It Data Storage & Security Third-Party Services Google API Services Data Sharing Your Rights Data Retention Cookies Children's Privacy Changes to This Policy Contact Us

Biz SaaS (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at app.biz-saas.com and related services.

Section 1

Information We Collect

Account Information

When you create an account, we collect your name, email address, phone number, and business details (company name, address, services offered). Staff members invited to your account provide their name, email, and phone number during onboarding.

Booking & Customer Data

When customers book appointments through your branded booking page, we collect their name, email, phone number, selected services, and appointment preferences. This data is stored on your behalf as the data controller.

Usage Data

We automatically collect information about how you interact with our platform, including pages visited, features used, browser type, device information, and IP address.

Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers or full payment credentials on our servers. We receive transaction confirmations and payment status from Stripe.

Google Account Data

If you sign in with Google, we receive your name and email address from your Google account for authentication purposes. If you connect Google Calendar, we create and delete calendar events in your calendar for staff appointment scheduling. If you enable the Gmail integration (available on Gold and Platinum subscription plans), we access your Gmail inbox in read-only mode to detect expense-related emails and bills for automated bookkeeping. We do not access, read, or store any Gmail data beyond what is necessary for this specific expense-detection feature.

Section 2

How We Use Your Information

To provide and maintain our platform and services
To process bookings, send appointment confirmations, and deliver reminders (email and SMS)
To manage staff accounts, permissions, shifts, and leave requests
To process payments through Stripe Connect
To authenticate users via Google Sign-In
To create and manage calendar events for staff appointments via Google Calendar
To scan Gmail for expense-related emails and bills for automated bookkeeping (Gold and Platinum plans only)
To send important service updates and security notifications
To improve our platform based on usage patterns
To respond to support inquiries and sales requests

Section 3

Data Storage & Security

Your data is stored securely with strict tenant isolation — each business account’s data is accessible only by its authorized users. We use HTTPS encryption for all data in transit and encryption at rest for stored data.

Encryption

256-bit SSL/TLS

Isolation

Row-level security

Hosting

SOC 2 compliant

Section 4

Third-Party Services

We use the following third-party services to operate our platform:

Supabase

Database, auth & file storage

Stripe

Payment processing

Google

Authentication, Calendar & Gmail API

SendGrid

Transactional email delivery

Twilio

SMS notifications & reminders

Vercel

Application hosting

Section 5

Google API Services

Scopes We Request

We request access to the following Google API scopes when you use Google-related features:Email (userinfo.email): Your Google account email address, used for authentication and account identification when you sign in with Google.Google Calendar (calendar.events): Used to create and delete calendar events for staff members when appointments are booked, rescheduled, or cancelled. We do not read or modify any of your existing calendar events.Gmail (gmail.readonly): Used exclusively to scan your inbox for expense-related emails and receipts to automate bookkeeping. This feature is optional and available only on Gold and Platinum subscription plans. You must explicitly enable it in your account settings before any Gmail data is accessed.

How We Use Google Data

Google data is used solely to provide user-facing features within the Biz SaaS platform:Email address: Used for account authentication and identification only.Calendar data: Appointment events are created in your Google Calendar when bookings are confirmed, and removed when cancelled. No other calendar data is read or accessed.Gmail data: When enabled, we programmatically scan email subjects, senders, and content to identify potential expense receipts and bills. Detected expenses are presented in your bookkeeping dashboard for review. Gmail data is processed entirely by automated systems — no human reads your emails.

Limited Use Disclosure

Biz SaaS’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.Specifically:• We only use Google data to provide and improve user-facing features that are prominent in our application.• We do not transfer Google data to third parties except as necessary to provide or improve these features, to comply with applicable laws, or as part of a merger, acquisition, or asset sale with prior user notice.• We do not use Google data for serving advertisements, including retargeting, personalized, or interest-based advertising.• We do not allow humans to read Google data unless you have given your affirmative consent to view specific data, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for our internal operations when the data has been aggregated and anonymized.

Prohibited Uses

We do not and will not:• Sell, rent, or trade any data obtained from Google APIs to third parties, advertising platforms, data brokers, or information resellers.• Use Google data to determine creditworthiness or for lending purposes.• Use Google data for surveillance purposes or distribute it to any third party conducting surveillance.• Use Google data for any purpose not explicitly described in this privacy policy.

Revoking Google Access

You can revoke our access to your Google data at any time by visiting your Google Account permissions page and removing Biz SaaS. You can also disconnect Google integrations from within your Biz SaaS account settings. Upon revocation, we will stop accessing your Google data and delete any cached Google data within 30 days.

Section 7

Your Rights

You have the right to:

✓

Access the personal data we hold about you

✓

Request correction of inaccurate data

✓

Request deletion of your account and data

✓

Export your data in a portable format

✓

Opt out of marketing communications

✓

Withdraw consent for SMS/email notifications

✓

Revoke Google API access via your Google Account settings

Section 8

Data Retention

We retain your data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law (e.g., financial records). Audit logs are retained for compliance purposes. Google API data cached for processing is deleted within 30 days of access revocation or account deletion.

Section 9

Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies.

Section 10

Children's Privacy

Our platform is not intended for children under 16. We do not knowingly collect personal information from children.

Section 11

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notification. Continued use of our platform after changes constitutes acceptance.

Section 12

Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, contact us at support@biz-saas.com.