← Back to BookLeaf

Privacy Policy

Effective: February 9, 2026

BookLeaf (bookleaf.us) is a scheduling tool that connects with Google Calendar to help you share availability and accept bookings. This policy explains what information we collect, how we use it, and your choices.

Information We Collect

Account Data

When you sign in with Google, we receive and store your name, email address, profile image, and basic profile information. You also provide a username and timezone within BookLeaf.

Booking Data

When someone books time with you, we collect their name, email address, optional notes, selected time slot, timezone, and (if applicable) a Google Meet URL generated for the meeting.

Calendar Data

We access your Google Calendar to check free/busy status and create calendar events for confirmed bookings. We store connected calendar names, availability rules, and scheduling preferences you configure.

OAuth Tokens

We store Google OAuth refresh and access tokens server-side to maintain calendar access on your behalf. We never see or store your Google password.

Technical Data

We collect error logs through Sentry, which may include IP addresses, browser information, and technical details about errors encountered. We use a session cookie for authentication.

How We Use Your Information

  • Provide the scheduling service — check availability, create calendar events, generate meeting links
  • Send transactional emails — booking verification, confirmation, reminders (24 hours before), cancellation and rescheduling notifications
  • Monitor and fix errors to keep the service running

Google API Access

We request the following Google API permissions, each for a specific purpose:

  • Calendar access — read and create events on your calendar for confirmed bookings
  • Calendar list — display your calendars so you can choose which ones to check for conflicts
  • Free/busy access — check your availability without reading event details
  • Calendar settings — read your calendar timezone and preferences

You can revoke BookLeaf's access at any time from your Google Account permissions.

Third-Party Services

  • Google — authentication (OAuth) and calendar operations (Google Calendar API)
  • Sentry — error monitoring and diagnostics
  • Email delivery — transactional emails sent via SMTP

Each service operates under its own privacy policy. We only share the minimum data necessary for each service to function.

Data Sharing

We do not sell your personal information. Information is shared only with the third-party services listed above to operate the platform. When someone books time with you, their name, email, and notes are visible to you as the host, and your name is visible to them.

Data Retention

Account data is kept while your account is active. Booking records are retained for historical reference. To request deletion of your data, contact us at privacy@bookleaf.us.

Cookies

We use a single session cookie for authentication. We do not use third-party tracking cookies or analytics cookies.

Security

All connections use HTTPS. OAuth tokens are stored server-side and never exposed to browsers. Google API permissions are scoped to only what is needed for the service.

Children

BookLeaf is not intended for children under 13. We do not knowingly collect information from children under 13.

Changes

We may update this policy from time to time. Changes will be posted on this page with a revised effective date.

Contact

Questions about this policy? Email privacy@bookleaf.us.