Privacy Policy
How findtime.io collects, uses, and stores data
This policy applies to findtime.io products and integrations, including the public website, booking links, optional Google Sign-In, optional Google Calendar connection, optional read-only Google Contacts access for contact picking, and the Slack app.
Last updated: May 1, 2026
1. Data we collect
- If you connect Google Calendar, we access the Google user data required to provide that feature, including your Google account email, basic profile information, access tokens, refresh tokens, calendar event metadata, and calendar event content such as event titles, descriptions, locations, attendees, color IDs, and start/end dates and times.
- If you authorize Google Contacts access (read-only), you can search your saved contacts in the product. Contact names and email addresses are returned by Google’s People API directly to your browser for the contact picker; findtime.io does not upload or store your Google address book on our servers. Only guests you explicitly add (same as if you typed their email) are sent to Google Calendar or shown in your invite fields.
- Platform installation data such as Slack workspace IDs, workspace names, workspace domains, enterprise IDs, and installer identifiers when provided by the platform.
- Platform-scoped access tokens and related installation credentials required to keep the integration connected and able to respond inside the customer workspace.
- User-submitted query text and platform message metadata only to the extent needed to process a command or direct message and generate the requested time-related response.
- Operational and product telemetry such as route used, success or failure status, timestamp, app version, and coarse technical metadata for reliability, abuse prevention, and aggregate analytics.
2. Data we do not collect or use
- We do not collect full channel archives or full conversation histories.
- We do not sell personal data or message content.
- We do not use Google user data obtained through Google Workspace APIs to develop, improve, or train generalized AI or machine learning models.
- We do not use Slack data for advertising.
- We do not access or retain more third-party data than is reasonably necessary to operate the requested feature.
3. How we use third-party data
- Display connected Google Calendar events inside the findtime.io homepage calendar, including schedule, day, week, month, and year views.
- Create, edit, move, resize, and delete Google Calendar events at the user’s direction, including optional attendee invitations and scheduling updates.
- Compare Google Calendar events against meeting-planner selections so users can see conflicts, availability, and timezone-aware scheduling context on one page.
- Show a searchable contact picker or similar UI using your Google contacts (when authorized), so you can select names and emails you already have in Google rather than entering them manually.
- Maintain the Google Calendar connection for the signed-in user and send requests to Google APIs needed to read calendar data and write approved changes back to Google Calendar.
- Use your Google OAuth credentials (including for People API) so your browser can list or search the contacts you have consented to share, for the contact-picking features above — without storing your full contact list on findtime.io.
- Authenticate and maintain installations across supported platforms.
- Process timezone conversion, current-time lookup, DST, and meeting-planning requests.
- Return results back into Slack, direct messages, and other supported client surfaces.
- Monitor uptime, reliability, abuse, and aggregate product usage.
4. Google Sign-In, OAuth scopes, Google Calendar, and Google Contacts
The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.
When you use Google Sign-In, choose to connect Google Calendar, or use a feature that needs your contacts, Google shows a consent screen listing the access you approve. findtime.io requests only what is needed for account identity, the calendar features you turn on, and contact-picking features you start (we may use incremental authorization so contacts access is requested at the moment you use that feature).
Scopes we may request (as shown on Google's consent screen) include:
- OpenID Connect (
openid) — associate your findtime.io session with your Google account. - Email (
https://www.googleapis.com/auth/userinfo.email) — your primary Google Account email address for sign-in and account-related communication where applicable. - Profile (
https://www.googleapis.com/auth/userinfo.profile) — basic profile information you have made available to the app (for example, name and profile image) to personalize the signed-in experience. - Google Calendar events (
https://www.googleapis.com/auth/calendar.events) — only when you connect Calendar: view and edit events on calendars you can access through Google Calendar, so we can display your schedule in findtime.io and create, update, move, or delete events that you initiate (including optional sync related to booking flows when you use those features). We do not use this access for unrelated purposes such as advertising. - Google Calendar read-only access (
https://www.googleapis.com/auth/calendar.readonly) — only when you connect Calendar: see calendars you can access and read event details needed for conflict checks, multi-calendar selection, and availability views. - Google Contacts (read-only) (
https://www.googleapis.com/auth/contacts.readonly) — only when you use a feature that shows your Google contacts: list or search contacts in “My Contacts” via Google’s People API so you can choose people (for example, to prefill attendee email fields) without typing addresses. We do not use this access to edit or delete your Google contacts, or for advertising.
The event scope supports user-initiated calendar changes. The read-only scope supports calendar discovery and conflict checks across calendars you can access. The contacts read-only supports contact selection in the product.
If you connect Google Calendar, Google user data accessed through these permissions may include your Google account email and basic profile information, access tokens, and Google Calendar event data such as event titles, descriptions, locations, attendees, color identifiers, and start and end dates and times.
If you authorize Google Contacts access, Google user data accessed may include contact display names and email addresses (and any other contact fields we request from Google for the same picker experience, as shown on Google’s consent screen).
Contacts data accessed. For the read-only Google Contacts scope, the data we access is limited to the Google contact information needed for the picker experience you initiate, such as a contact's display name and email address. We access that data only after you choose to use a contacts-based feature and authorize the scope on Google's consent screen.
For contact picking, People API requests are made from your browser to Google using your access token; matching contact rows are not uploaded to findtime.io as a stored address book. Your OAuth tokens for Calendar (and the same connection when Contacts is included) may still be handled by findtime.io as described above for Calendar features.
We use this Google user data only to provide the connected experience inside findtime.io: loading your calendar where we show it, showing scheduling and timezone context (including on booking links when you sign in and connect your calendar), writing changes you approve back to Google Calendar, and—when you authorize it—letting you pick contacts in your browser for scheduling flows.
Contacts data usage. Google Contacts data is used only to let you search, view, and select your own saved contacts inside findtime.io so we can prefill attendee or recipient fields at your direction. We do not use Google Contacts data to send marketing, build contact profiles, export your address book, edit contact records, or support advertising.
We disclose Google user data only as needed to provide and operate these features: to Google when we send authorized Google API requests you have approved (including Calendar API requests from our services and People API requests issued by your browser) or when we write approved changes back to your Google Calendar; to our hosting, database, logging, security, and infrastructure service providers that process data on our behalf under confidentiality and security obligations; and when required to comply with law, enforce our terms, prevent abuse, or protect users and the service. We do not share, transfer, or disclose Google user data to advertisers, data brokers, or unrelated third parties.
Contacts data sharing. If you authorize Google Contacts, the contact data used for the picker is shared with: (1) Google, because the People API returns that data to your browser after your authorized request; (2) our infrastructure and security service providers only to the limited extent necessary to operate, secure, log, or troubleshoot the service; and (3) other parties only if required by law or needed to protect the rights, safety, or integrity of users or the service. We do not sell Google Contacts data or share it with advertisers, data brokers, or unrelated third parties.
We do not sell Google user data. We do not use Google user data obtained through Google Workspace APIs to develop, improve, or train generalized AI or machine learning models.
5. How we store and protect data
We use reasonable administrative, technical, and organizational safeguards to protect data. Data is transmitted over encrypted connections where supported, and access to stored credentials is limited to systems and personnel who need that access to operate or support the service.
Access tokens are treated as sensitive credentials. We do not intentionally expose platform tokens in public responses or product UI.
For Google Contacts specifically, findtime.io is designed so matching contacts are returned by Google to your browser for in-product selection rather than synced into a persistent findtime.io address-book database. Where Google OAuth credentials or related logs are stored, we use access controls and encryption measures reasonably designed to protect them.
6. Data retention and deletion
- Google Calendar access tokens and related connection state may be stored locally in the user’s browser so the connected session can continue without reconnecting every page load. If you enable the persistent Google Calendar connection, an encrypted Google refresh token may also be stored server-side so findtime.io can mint new short-lived access tokens without asking you to reconnect every hour. We do not intentionally expose these credentials in public UI.
- Google Contacts data shown in the picker exists in your browser session while you search and select (and in Google’s responses), not as a synced address-book database on findtime.io. We do not sell contact data. Operational needs (troubleshooting, abuse prevention, or legal compliance) may still produce routine technical logs; we do not treat your full contact list as data we keep for unrelated product purposes.
- Google Calendar event data is accessed so it can be displayed and acted on inside the product. Google Calendar data is not sold and is not retained longer than reasonably necessary to provide the requested calendar feature, troubleshoot issues, prevent abuse, or comply with law.
- Installation records and platform tokens are retained while the integration remains installed and for a reasonable period afterward for security, troubleshooting, and legal compliance.
- Command or message content used to answer a request is processed for the request itself and is not retained longer than necessary for operations, debugging, or abuse prevention.
- Aggregate telemetry and operational logs may be retained longer for analytics, fraud prevention, billing support, and service reliability.
- Users or workspace owners can revoke access by uninstalling the app from Slack, which stops future Slack data access.
Users can revoke Google Calendar or Google Contacts access from their Google account permissions page or by disconnecting the integration where that option is provided in findtime.io.
If you want findtime.io to delete stored Google-connected account data associated with your use of the service, email contact@findtime.io with your request. We may ask for reasonable information to verify the request before acting on it. Once verified, we will delete applicable stored data from our active systems within a reasonable period, except where retention is required for security, fraud prevention, legal compliance, or other legitimate legal obligations.
Because Google Contacts results for the picker are intended to stay in your browser session rather than in a persistent server-side contact database, revoking the Google Contacts permission and ending the session generally stops future access to that data. Any remaining technical logs are retained only as described in this policy.
7. Third-party services and subprocessors
- Google, when a user connects Google Calendar and authorizes findtime.io to access calendar data and perform calendar actions on the user’s behalf, and when a user authorizes read-only access to Google Contacts so the user’s client can call Google’s People API for in-browser contact picking.
- Slack and other messaging platforms, which provide the installation and messaging surfaces.
- Infrastructure providers used to host findtime.io services and encrypted data storage.
- Third-party AI providers when required to interpret or answer a user request, such as parsing city names or generating meeting-planning output.
When a request requires outside processing, only the data reasonably necessary to fulfill that request is shared with the relevant provider.
8. Slack-specific notes
For the Slack app, the primary user triggers are the /findtime slash command and direct messages sent to the bot. Query text may be processed to answer the request. Installation data such as workspace identifiers and tokens may be stored so the app can remain installed and respond in the correct workspace.
We do not claim ownership of Slack customer data, and we use Slack-provided data only to provide, secure, support, and improve the findtime service.
9. Contact
Privacy questions or requests can be sent to contact@findtime.io.
Individuals may also use that email address to request access to their data, request transfer of their data where applicable, or request deletion of their data. We may ask for reasonable information to verify the request before acting on it.