Privacy Policy

Last updated: March 25, 2026

1. Introduction

H2Op, doing business as Skedule ("we," "us," or "our"), operates the Skedule mobile application (iOS and Android) and website at schedju.com (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using Skedule, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect information provided by your authentication provider:

  • Name and email address (via Google Sign-In or Apple Sign-In)
  • Profile photo URL (if provided by your authentication provider)
  • Unique user identifier

2.2 Calendar Data

With your explicit authorization, we access your Google Calendar data through the Google Calendar API. This includes:

  • Event titles, descriptions, times, and locations
  • Attendee information for events you organize or attend
  • Calendar metadata (calendar names, time zones)

Google API Services User Data Policy

Skedule's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What Google data we access and why:

  • Check availability: We read your Google Calendar free/busy status and event times to detect conflicts and suggest optimal scheduling.
  • Manage events: We create, edit, or delete calendar events that are scheduled or managed through Skedule.
  • Verify identity: We access your Google account email to confirm which account is connected.
  • AI scheduling assistance: When you ask the AI assistant a scheduling question, limited calendar context (event titles, times, and conflicts) is sent to Google Cloud Vertex AI (Gemini) in real-time to process your specific request. This data is not stored by the AI service, is not used to train any AI models, and is used solely to generate a response to your request.
  • Scheduling analytics: We use your calendar event data to calculate your Calendar Reality Vector (time allocation by category) and alignment score, which are displayed to you in the app as part of the scheduling features you requested.

How we store and protect your Google data:

We store a copy of your calendar event data (titles, times, locations, and attendee information) in our encrypted Firestore database to provide scheduling features. Your Google Calendar OAuth tokens are also stored encrypted. All data is hosted on Google Cloud Platform, encrypted in transit (TLS) and at rest. Stored calendar data is deleted when you disconnect your calendar or delete your account.

How to revoke access:

You can disconnect your Google Calendar at any time from your Skedule app settings. You can also revoke access directly from your Google Account permissions page. When you disconnect, we delete your stored OAuth tokens and stop all calendar access immediately.

What we do NOT do with your Google data:

  • We do not use your Google data for advertising or retargeting.
  • We do not sell, rent, or share your Google data with third parties, data brokers, or information resellers.
  • We do not allow humans to read your Google data unless you have given affirmative consent, it is necessary for security purposes, or it is required by law.
  • We do not use your Google data for any purpose other than providing the scheduling features you requested.
  • We do not use Google user data to develop, improve, or train artificial intelligence or machine learning models.

Google User Data Retention and Deletion:

  • We retain your Google OAuth credentials, Google account email address, and stored calendar event data only for as long as your Skedule account is active and your Google Calendar remains connected.
  • User-initiated disconnection: When you disconnect your Google Calendar from the Skedule app, your OAuth tokens are immediately revoked with Google and your stored calendar event data and OAuth tokens are permanently deleted from our systems.
  • Account deletion: When your Skedule account is deleted, all Google user data (OAuth tokens, stored calendar events, and derived analytics) are permanently deleted from our systems within 30 days.
  • Revocation from Google: If you revoke Skedule's access from your Google Account permissions page, we detect the revocation and remove your stored credentials.
  • Deletion requests: You may request deletion of your Google data at any time by contacting us at privacy@schedju.com. We will process deletion requests within 30 days.

Google user data described in this section is governed exclusively by the Google API Services disclosure above and is not used for any of the general purposes listed elsewhere in this policy.

2.3 Scheduling Preferences & Behavioral Data

To personalize your experience, we collect and store:

  • Priority settings (e.g., work, family, health allocations)
  • Working hours and buffer time preferences
  • Learned behavioral patterns (peak productivity hours, meeting preferences)
  • Calendar Reality Vector (CRV) — aggregated time-use analytics
  • Alignment scores and streaks
  • Achievement and gamification progress

2.4 Location Data

If you choose to set home and work locations in your preferences, we store:

  • Home and work addresses (stored as geographic coordinates)
  • Travel time estimates between locations

Location data is used solely for scheduling optimization (e.g., adding travel buffers between events). We do not track your real-time location.

2.5 Contacts & Relationship Data

When you use Skedule's coordination features, we may store:

  • Contact names, email addresses, and phone numbers
  • Relationship type (e.g., coworker, friend, family) and VIP designation
  • Meeting history and frequency with contacts
  • Communication preferences for scheduling coordination

2.6 Conversation History

Messages exchanged with the AI scheduling assistant are stored to maintain conversation context within your current session. You can delete your conversation history through the app at any time.

2.7 Payment Information

We use Stripe and in-app purchases (Apple App Store, Google Play) to process payments. We do not store your credit card numbers, bank account details, or full payment card information on our servers. Payment processors receive and store this data subject to their own privacy policies:

2.8 AI Interaction Data

Skedule uses a third-party AI service — Google Cloud Vertex AI (Gemini) — to provide scheduling assistance. When you interact with the AI assistant, we process:

  • Messages you send to the scheduling assistant
  • Limited calendar context (event titles, times, and conflicts) needed to respond to your specific request
  • AI-generated scheduling suggestions and actions

AI processing is performed in real-time to service your specific scheduling requests. Calendar data sent to the AI is used solely to provide the scheduling functionality you requested — it is not stored by the AI provider, not used to train or improve any AI or machine learning models, and not used for any purpose other than generating a response to your request.

Your data is processed in accordance with Google Cloud's Data Processing Addendum. Google does not use Vertex AI customer data to train its models.

2.9 Device & Usage Information

  • Device type, operating system, and app version
  • Push notification tokens (Firebase Cloud Messaging)
  • Anonymous usage analytics (features used, session duration)
  • Crash reports and error logs

2.10 Cookies & Tracking (Website Only)

Our website uses Google Analytics (GA4) with cookie consent. We respect your cookie preferences — analytics only activate after you consent. See our cookie banner for details.

2.11 SMS Communications

No mobile opt-in data will be shared with third parties.

Skedule respects your privacy regarding SMS and text messaging communications. All text messaging originator opt-in data and consent information will not be shared with any third parties, except as required to provide the messaging service or comply with applicable law.

You may opt out of SMS communications at any time by replying STOP to any message. Message frequency may vary. Message and data rates may apply. For help, reply HELP or contact us at support@schedju.com.

3. How We Use Your Information

Google user data is used solely as described in the Google API Services Disclosure in Section 2.2 (providing scheduling features, analytics, and AI assistance you requested). We use other information we collect to:

  • Provide and maintain the Service
  • Process payments and manage subscriptions
  • Send push notifications about scheduling decisions and reminders
  • Detect and resolve scheduling conflicts
  • Facilitate Agent-to-Agent (A2A) scheduling negotiations on your behalf
  • Monitor app performance through aggregated, anonymized analytics
  • Communicate with you about updates, security alerts, and support

4. How We Share Your Information

We do not sell your personal information. We share data only in these circumstances:

4.1 Service Providers

  • Google Cloud Platform — infrastructure, Firestore database, AI processing (Vertex AI/Gemini), authentication (Firebase), push notifications (FCM)
  • Stripe — payment processing
  • Apple / Google — in-app purchase processing
  • SendGrid — transactional email delivery (event reminders, weekly reflections)
  • Telnyx — SMS notifications and scheduling coordination
  • Google Analytics — anonymous website usage analytics

4.2 A2A Scheduling

When you use Agent-to-Agent scheduling, limited event information (proposed times, duration, event type) may be shared with other Skedule users' agents to negotiate meeting times. No personal data beyond what is necessary for scheduling is exchanged.

4.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Skedule, our users, or the public.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred. We will notify you before your data becomes subject to a different privacy policy.

5. Data Storage & Security

Your data is stored on Google Cloud Platform servers in the United States (us-central1 region). We employ industry-standard security measures including:

  • Encryption in transit (TLS 1.2+) and at rest
  • Firebase Security Rules restricting data access to authenticated users
  • OAuth 2.0 authentication with Google and Apple
  • No plaintext storage of passwords or payment credentials
  • Regular security reviews and access controls

While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Retention

  • Account data: retained while your account is active
  • Calendar data: synced in real-time; removed when you disconnect your calendar or delete your account. OAuth tokens are revoked with Google and permanently deleted from our systems
  • Behavioral data: retained while your account is active to personalize your scheduling experience
  • Payment records: retained as required by tax and accounting regulations (typically 7 years)
  • AI interaction logs: retained for up to 90 days for debugging and support purposes, then deleted
  • Conversation history: retained while your account is active; deletable by you at any time
  • Contact data: retained while your account is active; deleted with account
  • Location data: retained while your account is active; removable in settings

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law. This includes removing your data from all systems including analytics and stored calendar data.

7. Your Rights & Choices

Depending on your location, you may have the following rights:

  • Access: request a copy of your personal data
  • Correction: request correction of inaccurate data
  • Deletion: request deletion of your account and associated data
  • Portability: export your data in a machine-readable format (available in-app)
  • Withdrawal of consent: revoke calendar access or other permissions at any time
  • Opt out of analytics: decline cookies on our website; disable analytics in-app

To exercise these rights, contact us at privacy@schedju.com. We will respond within 30 days.

7.1 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected and the right to request deletion. We do not sell personal information.

7.2 European Residents (GDPR)

If you are in the European Economic Area, our legal basis for processing your data is:

  • Contract: processing necessary to provide the Service
  • Consent: calendar access, push notifications, cookies
  • Legitimate interest: app functionality, fraud prevention

You may file a complaint with your local data protection authority.

8. Children's Privacy

Skedule is not intended for children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@schedju.com.

9. Third-Party Links & Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated "Last updated" date. For significant changes, we will also notify you via email or in-app notification.

Continued use of the Service after changes are posted constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us: