Privacy Policy

1. Who We Are

Confirmo (“we”, “our”, or “us”) provides an automated appointment scheduling service that integrates with WhatsApp Business, Google Calendar, and Microsoft Calendar. Our service allows business owners to automate booking, rescheduling, and cancellation conversations with their clients.

If you have questions about this policy, contact us at: support@confirmocr.com

2. Information We Collect

2.1 Business Owner Accounts

When you create a Confirmo account, we collect:

• Name and email address (used to create your account)
• Phone number (used to associate your WhatsApp Business number)
• Timezone preference (used to display times correctly)
• Business services and pricing you configure within Confirmo

2.2 Google Calendar Data

When you connect your Google account, Confirmo requests access to your Google Calendar using the following OAuth 2.0 scope:

This access allows us to:

• Read your calendar events to determine your real-time availability
• Create calendar events when a client books an appointment
• Update calendar events when a client reschedules
• Delete calendar events when a client cancels
• Create blocking events when you request to block time via WhatsApp

We store your Google OAuth access token and refresh token securely in our database. These tokens are used exclusively to perform the calendar operations listed above. We do not read, store, or share the content of your calendar events beyond what is necessary to check availability (busy/free times).

2.3 Microsoft Calendar Data

When you connect your Microsoft account, we request access equivalent to the Google scope above via Microsoft’s OAuth 2.0 flow. The same data handling principles apply: tokens are stored securely and used only for availability checking and appointment management.

2.4 Client Data (Your Customers)

When your clients interact with your Confirmo-powered WhatsApp number, we collect and store:

• WhatsApp phone number
• Name as provided by WhatsApp
• Incoming WhatsApp message text needed to understand booking requests
• Conversation state (to maintain context across messages)
• Booked appointment details (service, date, time)
• Preferred language (detected automatically from messages)

This data is collected on your behalf as the business operator and is used solely to power the booking assistant for your business. We do not sell WhatsApp message data, client contact data, or appointment data, and we do not use it for advertising.

2.5 WhatsApp and Meta Data

Confirmo uses the WhatsApp Business API provided by Meta to receive client booking messages and send automated booking-related replies. WhatsApp data we process may include phone numbers, profile names, message content, message identifiers, delivery status, timestamps, and conversation context.

We use WhatsApp data only to provide appointment automation: answering availability questions, collecting service and time preferences, confirming bookings, sending reminders, handling cancellations or reschedules, and routing the conversation to the correct business account.

2.6 Usage Data

We collect standard server logs including IP addresses, request timestamps, and error information for operational monitoring and debugging. This data is not linked to individual users and is retained for no more than 30 days.

3. How We Use Your Information

We use the information we collect to:

• Operate and deliver the Confirmo booking assistant service
• Check your real-time calendar availability when clients request appointments
• Understand WhatsApp booking messages and maintain conversation context
• Create, update, and delete calendar events on your behalf
• Send booking confirmations, appointment reminders, cancellation updates, and rescheduling messages through WhatsApp
• Manage a waitlist and notify clients when a cancellation occurs
• Provide customer support and respond to your inquiries
• Improve the reliability and performance of our service

We do not use your data for advertising, and we do not sell or rent your personal information or your clients’ personal information to any third party.

4. Google API Services — Limited Use Disclosure

Confirmo’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only request access to the calendar scopes necessary to provide the booking assistant service
• We do not use Google user data to develop, improve, or train generalized AI or ML models
• We do not transfer Google user data to third parties except as necessary to provide the service (e.g., storing tokens in our secured database)
• We do not use Google user data for serving advertisements
• Human access to Google user data is limited to security and support purposes, with user consent

5. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Supabase, with servers located in the United States. We implement the following security measures:

• OAuth tokens are stored encrypted at rest
• All data is transmitted over HTTPS/TLS
• Access to production data is restricted to authorized personnel only
• Authentication is managed through Supabase Auth with industry-standard JWT tokens

While we take security seriously, no system is 100% secure. In the event of a data breach affecting your information, we will notify you as required by applicable law.

6. Data Retention

• Account data is retained for as long as your account is active
• Appointment records are retained for 3 years for business record-keeping purposes
• Client contact information associated with appointments is retained with the appointment record unless deletion is requested earlier
• WhatsApp conversation state and message automation history are retained for up to 12 months
• WhatsApp delivery logs and operational message metadata are retained for up to 12 months
• OAuth tokens are deleted immediately when you disconnect a calendar account
• Upon account deletion, all personal data is removed within 30 days

7. Third-Party Services

Confirmo integrates with the following third-party services:

• WhatsApp Business API (Meta) — for sending and receiving messages
• Google Calendar API — for calendar availability and event management
• Microsoft Graph API — for Microsoft calendar availability and event management
• Supabase — for database hosting and authentication

Each of these providers has their own privacy policy governing how they handle data within their platforms.

8. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Revoke Google or Microsoft calendar access at any time through your Google/Microsoft account settings
• Export your data in a portable format

To exercise any of these rights, contact us at support@confirmocr.com or follow the instructions on our Data Deletion page. We will respond within 30 days.

Deletion requests may include your Confirmo account, WhatsApp automation records, client appointment information, connected calendar tokens, and associated business configuration, subject to limited retention required for security, fraud prevention, billing, tax, or legal compliance.

You can revoke Confirmo’s access to your Google account at any time by visiting myaccount.google.com/permissions.

9. Children's Privacy

Confirmo is a business tool intended for use by adults operating service businesses. We do not knowingly collect personal information from children under the age of 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page and notify account holders by email if the changes are material.

11. Contact Us

For any questions, concerns, or requests related to this Privacy Policy:

Email: support@confirmocr.com