Privacy Policy

1. Overview

BCL Meetings ("we", "our", or "the app") is a meeting scheduling and calendar management tool operated by BookSmart Consultancy Limited. This Privacy Policy explains how we collect, use, and protect your information when you use our application at meetings.booksmartportals.com.

2. Information We Collect

• Account information: Your name, email address, username, and role within the organisation, provided during account creation or login.
• Google account data: When you connect your Google account, we access your Google email address and Google Calendar to create, update, or delete calendar events on your behalf. We store an OAuth refresh token to maintain this connection.
• Meeting data: Details of meetings you schedule or attend, including client names, dates, times, locations, and attendee lists.
• Usage data: Basic session information such as login timestamps and last-active records.

3. How We Use Your Information

• To authenticate you and manage your session securely.
• To sync meetings to your personal Google Calendar when you choose to connect it.
• To display your meeting schedule and allow you to manage bookings.
• To send meeting reminders and notifications via WhatsApp or other channels you opt into.
• To improve the application and fix issues.

4. Google API Data Usage

BCL Meetings uses the Google Calendar API solely to create, update, and delete calendar events that you explicitly initiate within the app. We do not read your existing calendar events, share your Google data with third parties, or use it for advertising purposes.

Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

5. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. Your data may be processed by the following infrastructure providers solely to operate the service:

• Supabase — database storage (meetings, user accounts)
• Firebase (Google) — authentication tokens
• Vercel — application hosting

6. Data Retention

We retain your data for as long as your account is active. Meeting records are kept for operational and reporting purposes. If you disconnect Google Calendar, your OAuth tokens are deleted immediately. You may request full account deletion at any time.

7. Your Rights

• Request access to the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and all associated data.
• Disconnect Google Calendar at any time from the app settings.

To exercise any of these rights, contact us at info@booksmartconsult.com.

8. Security

We use HTTPS for all data in transit, secure session cookies with HttpOnly and SameSite flags, and server-side authentication tokens. OAuth credentials are stored encrypted in our database and never exposed to the browser.

9. Changes to This Policy

We may update this policy periodically. Continued use of the app after changes are posted constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions, contact us at info@booksmartconsult.com or call +254 700 298 298. BookSmart Consultancy Limited, Parklands, Nairobi, Kenya.