Privacy Policy

Effective Date: January 29, 2026

Last Updated: January 29, 2026

Contact: support@thestyleapp.ca

Introduction
Information We Collect
Google Calendar Data Collection & Use
How We Use Your Information
Data Storage & Protection
Data Sharing & Third Parties
Data Retention & Deletion
Your Rights & Choices
Children's Privacy
Changes to Privacy Policy
Contact Us

1. Introduction

Style Project ("Company," "we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and web services (collectively, the "Service").

By accessing and using Style Project, you acknowledge that you have read, understood, and agree to be bound by all the provisions of this Privacy Policy. If you do not agree with our practices, please do not use our Service.

This Privacy Policy applies to information we collect through:

Our mobile application (iOS, Android, Web)
Our website (thestyleapp.ca)
Google Calendar API integration
Any other digital channels we may operate

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide, including:

Account Information: Name, email address, phone number, physical address, profile picture
For Stylists: Professional information, experience, certifications, portfolio, service rates, availability preferences
For Clients: Booking information, style preferences, service requests, special requirements
Payment Information: Payment method, billing address (processed by third-party payment providers; we do not store full credit card numbers)
Communication Data: Messages, feedback, support requests, and communications between stylists and clients
Preferences: Language preferences, notification settings, accessibility needs

2.2 Information We Collect Automatically

When you use Style Project, we automatically collect:

Device Information: Device type, operating system, unique device identifiers, mobile network information, device settings
Usage Data: Features accessed, content viewed, session duration, actions performed, pages visited
Log Data: IP address, access timestamps, browser type, referring URL, error logs, server logs
Cookies & Similar Technologies: Session identifiers, preference cookies, analytical cookies

3. Google Calendar Data Collection & Use

3.1 Overview

Style Project integrates with Google Calendar to streamline the booking process. Our system connects stylists' calendars with the booking platform to provide real-time availability to clients.

How It Works:

Stylist Setup: Stylists connect their Google Calendar to Style Project
Availability Marking: Stylists mark time slots in their Google Calendar when they're available for consultations/sessions
Slot Detection: Our system reads the stylist's calendar to identify free time slots
Client Booking: Clients see only the stylist's available time slots
Event Creation: After booking confirmation, we automatically create a calendar event on the stylist's calendar as a reminder

3.2 Data We Access from Google Calendar

For Stylists (Read-Write Access):

When stylists authorize Style Project to access their Google Calendar, we request the ability to:

Read: Event titles, dates, times, event descriptions, free/busy status, attendee information
Write: Create new calendar events for confirmed sessions/consultations

Purpose: Determine availability and automatically log confirmed bookings

For Clients (Read-Only Access):

When clients view stylist availability, we:

Access stylist calendar data to identify FREE time slots
Display only available times (NOT busy times or private information)
Process this data in real-time to show current availability

What We Explicitly DO NOT Access or Store:

Private event descriptions or content details
Calendar event attendee contact information beyond confirmation
Email addresses of other event attendees
Your Google Calendar contacts list
Your Gmail, Google Drive, or other Google Workspace services
Password or authentication credentials (we use OAuth 2.0)
Full calendar metadata beyond basic scheduling information

3.3 Explicit Permission & Authorization

We only access your Google Calendar data after you explicitly grant permission through Google's OAuth 2.0 authorization flow. You will:

See exactly what data we request
Understand the purpose before authorizing
Be able to revoke access anytime from your Google Account settings
Receive a confirmation when access is connected or disconnected

3.4 Data Handling for Calendar Integration

Real-Time Processing:

Calendar data is processed in real-time when you check availability
Free slots are calculated dynamically (not stored permanently)
Client views see only time slots marked as "free" by the stylist

Calendar Event Creation:

After booking confirmation, we create ONE calendar event on the stylist's calendar
This event includes: Session date/time, client name, session type
Event is created automatically as a reminder for the stylist
Stylist can edit or delete this event at any time

Temporary Caching:

Calendar data may be cached briefly (seconds to minutes) during your session for performance
Cache is cleared when you log out
No permanent storage of calendar event details beyond what's needed for the booking record

3.5 Limited Use Commitment

Consistent with the Google API Services User Data Policy, we use Google Calendar data:

ONLY for:

Displaying stylist availability to clients in real-time
Creating calendar event reminders for confirmed sessions
Preventing double-bookings by checking time slot conflicts
Providing the core booking functionality of Style Project

NEVER for:

Building user profiles or behavioral tracking
Marketing, advertising, or promotional purposes
Selling, licensing, or sharing calendar data with third parties
Training machine learning models on calendar data
Aggregating data for profiling across users
Any purpose beyond the explicit appointment booking function

4. How We Use Your Information

4.1 Core Service Delivery

Creating and managing stylist and client accounts
Processing and managing booking requests
Facilitating payments for services
Reading stylist calendar availability (for slot detection)
Creating calendar events for confirmed sessions
Providing customer support and responding to inquiries
Handling refunds and booking modifications

4.2 Communication

Sending booking confirmations and reminders
Providing booking updates and status notifications
Responding to customer service requests
Sending important service announcements
Notifying you of policy changes

4.3 Service Improvement

Analyzing app features usage to improve user experience
Identifying technical issues and bugs
Testing new features in a controlled manner
Generating anonymized usage statistics

4.4 Safety & Security

Detecting, investigating, and preventing fraudulent transactions
Protecting against unauthorized access
Enforcing our Terms & Conditions
Complying with legal obligations
Security incident response

4.5 Legitimate Business Operations

System administration and maintenance
Database backups and disaster recovery
Internal record-keeping
Audits and compliance verification

We DO NOT use your information for:

Profiling or automated decision-making
Targeted advertising based on sensitive data
Selling to data brokers
Training AI models on raw user data
Building predictive models about your behavior

5. Data Storage & Protection

5.1 Security Measures

We implement industry-standard security practices to protect your data:

In Transit:

All data transmission uses TLS 1.2+ encryption (HTTPS)
API calls to Google are encrypted and authenticated
OAuth 2.0 tokens stored securely with encryption
Secure token storage with automatic expiration

At Rest:

Database encryption using AES-256 or equivalent
Encrypted backups stored in secure facilities
Access controls restricting data visibility by role
Separate encrypted storage for payment data

Access Control:

Role-based access control (RBAC) for employees
Principle of least privilege (employees access only necessary data)
Multi-factor authentication for admin accounts
Audit logs tracking all data access and modifications
Regular security assessments and penetration testing

Employee & Contractor Training:

All staff handling personal data receive privacy training
Confidentiality agreements included in employment contracts
Third-party vendors sign Data Processing Agreements (DPAs)
Regular security awareness training

5.2 Limitations

While we implement reasonable security measures, NO SYSTEM IS COMPLETELY SECURE. We cannot guarantee absolute security. You use our Service at your own risk. We encourage you to:

Use strong, unique passwords
Enable two-factor authentication on your Google account
Review connected apps in your Google Account settings regularly
Report suspicious activity immediately

6. Data Sharing & Third Parties

6.1 When We Share Your Information

We share your information ONLY in the following circumstances:

Between Stylists and Clients (For Service Delivery):

Stylist name, profile, rates, and availability shown to clients
Client name and session details shared with the booked stylist
Only information necessary to facilitate the session
Both parties bound by confidentiality agreements

With Google (For Calendar Integration):

OAuth tokens securely managed per Google's standards
Calendar data accessed through authenticated, encrypted connections
No data exported or stored outside Google's infrastructure during API calls
Compliance with Google API Services User Data Policy

With Payment Processors:

Minimal payment data (NOT full credit card numbers) to process transactions
We use PCI-DSS compliant payment providers
You agree to their privacy policies when authorizing payments

For Legal Compliance:

When required by law, court order, or government request
When necessary to protect our legal rights
To enforce our Terms & Conditions
To prevent fraud or security breaches

For Service Providers (Data Processors):

Cloud hosting providers (for data storage and backup)
Email service providers (for sending notifications)
Analytics providers (anonymized data only)
Payment processors (limited payment data)

All third parties are contractually obligated to:

Use data ONLY for the specified purpose
Maintain data confidentiality
Implement appropriate security measures
Comply with applicable privacy laws
Not share data with unauthorized parties

6.2 What We DO NOT Do

We DO NOT sell your personal data to third parties

We DO NOT share your data with advertisers or marketers

We DO NOT license your data to data brokers

We DO NOT share Google Calendar data outside the booking process

We DO NOT aggregate user calendar data for any analysis

We DO NOT export or store stylist availability data

7. Data Retention & Deletion

7.1 How Long We Retain Data

Active Account Data:

Account information, profile data, and preferences retained as long as account is active
Provides service continuity and booking history

Google Calendar Data:

Calendar availability data is NOT permanently stored
Free/busy information processed in real-time only
Calendar event creation logs retained for 1 year (for dispute resolution)
OAuth tokens refreshed automatically; old tokens discarded
Calendar-linked data deleted immediately upon account deletion or OAuth revocation

Booking Records:

Booking history retained for 3 years for financial and dispute resolution purposes
After 3 years, archived and then deleted (except as required by law)

Payment Records:

Retained for 7 years as required by tax and financial regulations
Does not include full credit card numbers

Communication Logs:

Messages and support tickets retained for 2 years
After 2 years, automatically deleted unless needed for legal proceedings

Usage Analytics:

Anonymized usage data retained for 2 years
Individual session logs retained for 90 days
Automatically deleted after retention period

Google OAuth Tokens:

Refresh tokens retained while authorization is active
Immediately revoked and deleted when you disconnect Google Calendar
Automatic token rotation for security

7.2 Your Right to Delete Data

You have the right to request deletion of your personal data at any time. Upon deletion request:

Account Deletion: All profile data, preferences, and personal information deleted
Booking History: Anonymized booking records retained for tax/compliance (3 years)
Payment Data: Payment method information deleted; transaction records retained per law
Google Calendar: All OAuth tokens revoked; calendar-related data deleted immediately
Confirmation: Written confirmation of deletion provided within 30 days

To request deletion, email us at support@thestyleapp.ca with subject line: "Data Deletion Request"

8. Your Rights & Choices

8.1 Your Privacy Rights

You have the following rights regarding your personal data:

Right to Access (Data Portability):

Request a copy of all personal data we hold about you
Receive data in a portable format (CSV, JSON)
Typically provided within 30 days

Right to Correction:

Request correction of inaccurate or incomplete data
Update your account information anytime in app settings

Right to Deletion (Right to be Forgotten):

Request deletion of your personal data
We delete data except where legally required (taxes, compliance)
Response typically within 30 days

Right to Restrict Processing:

Request that we limit how we use your data
We comply except where necessary for service delivery

Right to Opt-Out:

Unsubscribe from marketing communications anytime
Disable non-essential cookies and analytics
Disable notifications in app settings

Rights Related to Google Calendar:

Disconnect your Google Calendar at any time in app settings
Your data immediately deleted upon disconnection
All calendar-related information removed from our systems
Revoke access directly from your Google Account settings

8.2 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: support@thestyleapp.ca

Subject: [DATA ACCESS / CORRECTION / DELETION / PRIVACY REQUEST]

Include: Your full name, email address, and specific request details

We will respond within 30 days and may request identity verification for security.

8.3 Google Calendar Specific Rights

You can manage your calendar authorization at any time:

In App: Disconnect in settings (calendar data immediately purged)

In Google Account: Visit myaccount.google.com → Security → Third-party apps

Revocation: Access revoked immediately; no residual data retained

9. Children's Privacy

Style Project is NOT intended for users under 18 years of age. We do not knowingly collect personal data from children under 18.

If we become aware that a user is under 18, we will:

Delete the account and associated data
Notify you of the deletion

If you believe a child has created an account, please contact us immediately at support@thestyleapp.ca .

10. Changes to Privacy Policy

We may update this Privacy Policy to reflect changes in:

Our data practices
Legal requirements
Technology capabilities
User feedback

How We Notify You:

Major changes: In-app notification and email notice
Minor changes: Updated "Last Updated" date

Your Continued Use: Continued use after updates constitutes acceptance of the updated policy.

11. Contact Us

11.1 Privacy Questions & Requests

For privacy-related questions or to exercise your rights: