Privacy Policy

1. Introduction

Welcome to Scout Scheduling ("Scout," "we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Microsoft Outlook add-in and related services.

By using Scout, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

• Microsoft Account Information: When you authenticate with Microsoft, we receive your email address, name, and basic profile information.
• Calendar Data: We access your Outlook calendar to read availability and create meeting events on your behalf.
• Meeting Information: We temporarily store meeting scheduling session data including proposed times, recipient information, and meeting titles.

2.2 Automatically Collected Information

• Usage Data: We collect information about how you interact with Scout, including features used and actions taken.
• Technical Data: IP address, browser type, operating system, and device information for security and diagnostics.
• Log Data: Timestamps, API calls, and error logs for troubleshooting and service improvement.

3. How We Use Your Information

We use the collected information for the following purposes:

• Provide Core Functionality: Enable meeting scheduling, calendar integration, and time slot suggestions
• Improve Our Service: Analyze usage patterns to enhance features and user experience
• Communicate: Send booking confirmations, scheduling updates, and important service notifications
• Security & Fraud Prevention: Detect and prevent unauthorized access, abuse, and security threats
• Compliance: Meet legal obligations and enforce our Terms of Service
• Support: Respond to your questions and provide customer assistance

4. Data Storage and Security

We take data security seriously and implement industry-standard measures to protect your information:

• Encryption: All data transmitted between your device and our servers is encrypted using HTTPS/TLS
• Access Controls: Limited employee access to user data on a need-to-know basis
• Secure Infrastructure: We use Supabase and Vercel, which maintain SOC 2 compliance and robust security practices
• Token Security: Microsoft OAuth tokens are encrypted and stored securely
• Session Expiration: Scheduling sessions automatically expire after 24 hours

Data Retention: We retain your data only as long as necessary to provide our services. Expired scheduling sessions are automatically deleted. You can request deletion of your account data at any time.

5. Third-Party Services

Scout integrates with the following third-party services:

• Microsoft Graph API: To access your Outlook calendar and create meetings (subject to Microsoft's privacy policy)
• Supabase: Database and authentication services (see Supabase Privacy Policy)
• Vercel: Hosting and serverless functions (see Vercel Privacy Policy)
• Resend: Email delivery for booking notifications (see Resend Privacy Policy)

These third parties have access to your information only to perform tasks on our behalf and are obligated not to disclose or use it for other purposes.

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

• With Your Consent: When you explicitly authorize us to share information
• Service Providers: Third-party vendors who help us operate our service (as listed above)
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)
• Protection of Rights: To protect our rights, property, or safety, or that of our users

7. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Withdrawal of Consent: Revoke OAuth permissions via Microsoft account settings
• Data Portability: Request your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing communications (service notifications may still be sent)

To exercise these rights, contact us at support@scoutscheduling.com.

8. Children's Privacy

Scout is not intended for users under the age of 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using Scout, you consent to such transfers. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

10. Cookies and Tracking

Scout uses minimal cookies and tracking technologies:

• Authentication Cookies: To keep you signed in
• Session Cookies: To maintain your scheduling session state
• Analytics: We may use basic analytics to understand service usage (no personal identification)

You can control cookies through your browser settings, but some features may not function properly if cookies are disabled.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification for material changes
• Displaying an in-app notification when you next use Scout

Your continued use of Scout after changes are posted constitutes acceptance of the updated policy.

12. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process your data based on consent, contract performance, and legitimate interests
• Data Protection Officer: Contact us for DPO information if required
• Right to Lodge a Complaint: You may file a complaint with your local data protection authority
• Automated Decision Making: Scout does not use automated decision-making or profiling

13. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information (with certain exceptions)
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at support@scoutscheduling.com.