1. Data Collection & Usage
We collect information necessary to coordinate bookings, authenticate accounts, process payments, and host storefront templates. This includes your name, email, calendar availability ranges, and Stripe profile information.
2. Calendar Integration Scopes
When linking your Google or Outlook calendar, CalFlow requests read/write access to your calendar events. We only query busy slots to prevent double-bookings, and we write confirmed dispatches. We never crawl, share, or store your private personal event descriptions.
3. Payment Processing Integrity
All paid booking checkout sequences are handled directly by Stripe. CalFlow never handles, reads, or stores your credit card number or bank security keys. Payout splits are executed via Stripe Connect APIs under secure S2S tokens.
4. Isolated Attachments Storage
Client specifications and intake briefs uploaded during the scheduling flow are stored inside isolated, private buckets on Cloudflare R2. Access to these resources requires private presigned S3 signatures generated for validated account owners only.
5. Cookie and Session Tracking
We use secure cookies to maintain authenticated session states (via Next-Auth) and prevent unauthorized workspace editing. We do not run third-party tracking scripts or monetize user activity logs.