Legal

Privacy Policy

How we collect, use, and protect your information.

Last updated: April 21, 2026

This Privacy Policy describes how OTpage (“we”, “us”, “our”) collects, uses, stores, and shares information when you use our website, applications, and related services (collectively, the “Services”).

By using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

1. Who we are

OTpage provides tools for hosts to publish booking pages, manage availability, take appointments, sell digital products where offered, and related features. Depending on your role, you may use the Services as a host (account holder) or as a guest or visitor (for example, someone who books a time or browses a public page).

2. Information we collect

2.1 You provide to us

  • Account and profile data — such as name, email address, password (stored in hashed form), and profile or page content you choose to add (for example, display name, links, descriptions, images).
  • Booking and scheduling data — such as guest name, email, requested time slots, notes you or the guest submit, and status of a booking.
  • Communications — messages you send to us (for example, support requests) and, where applicable, metadata needed to deliver them.
  • Payment-related information — we use payment processors (such as Stripe). We do not store full payment card numbers on our servers; payment data is handled according to the processor’s terms and privacy policy.

2.2 Automatically collected

  • Technical and usage data — such as IP address, browser type, device type, general location derived from IP, timestamps, and pages or features accessed.
  • Cookies and similar technologies — used where necessary for authentication, security, preferences, and to understand how the Services are used.

2.3 Information from third parties

  • Google Calendar and Google Account data — if you choose to connect your Google account to OTpage, we may access certain Google user data only as needed to provide the features you enable. Depending on the permissions you grant, this may include your basic Google account information (such as name and email address), calendar metadata, calendar event details, availability or busy/free information, and the ability to create, update, or delete calendar events on your behalf. We do not access Google user data unless you authorize the connection.
  • Other integrations — if we add or you enable other services, we will collect or receive information according to that service’s terms and your choices.

3. How we use information

3.1 How we use Google user data

If you connect Google Calendar to OTpage, we use Google user data only to provide and improve user-facing features that are visible and prominent in the OTpage product, such as:

  • authenticating your Google account connection;
  • displaying calendar availability to help prevent double-booking;
  • allowing you to sync bookings with your calendar;
  • creating, updating, or deleting calendar events when triggered by your actions or enabled settings in OTpage;
  • sending related transactional notifications and maintaining the reliability and security of the integration.

We do not use Google user data for targeted advertising, sale to data brokers, creditworthiness determinations, lending decisions, building unrelated databases, or training generalized artificial intelligence or machine learning models.

We use information to:

  • Provide, operate, maintain, and improve the Services;
  • Create and manage accounts, bookings, notifications, and (where applicable) calendar events;
  • Send transactional and service-related emails (for example, confirmations, reminders, security notices);
  • Process payments and prevent fraud;
  • Analyze usage in aggregate to improve performance and user experience;
  • Comply with legal obligations and enforce our Terms of Service.

4. Legal bases (where applicable)

If laws such as the GDPR apply, we rely on one or more of the following: performance of a contract with you, legitimate interests (for example, securing the Services and understanding usage), consent (where required, such as certain cookies or marketing), and legal obligation.

5. How we share information

5.1 Sharing of Google user data

We do not sell Google user data.

We do not share, transfer, or disclose Google user data to third parties except in the following limited circumstances:

  • to service providers or subprocessors that help us operate the Services and only where necessary to provide or secure the Google integration;
  • when required for security purposes, such as investigating abuse, fraud, or security incidents;
  • when required to comply with applicable law, regulation, legal process, or enforceable governmental request;
  • in connection with a merger, acquisition, or sale of assets, where permitted by law and, where required, with appropriate notice or consent.

We do not transfer Google user data to third parties for advertising, marketing, data-brokering, or information resale purposes.

We do not sell your personal information. We may share information with:

  • Service providers who assist us (for example, hosting, email delivery, analytics, payment processing, calendar APIs), bound by appropriate confidentiality and processing terms;
  • Hosts and guests as reasonably necessary to operate bookings (for example, sharing guest contact details with the host for a confirmed appointment);
  • Authorities when required by law, legal process, or to protect rights, safety, and security;
  • Business transfers — in connection with a merger, acquisition, or sale of assets, subject to appropriate safeguards.

6. International transfers

We may process information in countries other than where you live. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

7. Retention

We retain information for as long as your account is active, as needed to provide the Services, and as required for legal, accounting, or dispute resolution purposes. Booking and transaction records may be kept for a period consistent with law and legitimate business needs.

For Google user data, we retain connected account data only for as long as needed to maintain the features you have enabled, satisfy legal obligations, resolve disputes, and enforce agreements. If you disconnect your Google account or request deletion, we will delete or de-identify stored Google user data within a commercially reasonable period, except where retention is required by law, needed for security or fraud prevention, or necessary to maintain limited business records of actions already taken through the Services.

8. Security

We use reasonable technical and organizational safeguards to protect personal information, including Google user data, in transit and at rest. These safeguards may include encrypted transmission over HTTPS, access controls, logging, and restricted access to stored credentials and tokens. We also take steps designed to prevent unauthorized access, alteration, disclosure, or destruction of data.

We implement technical and organizational measures designed to protect information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

9. Your rights and choices

9.1 Google account disconnect and deletion

You may stop our access to your Google data at any time by disconnecting your Google account from within OTpage, if that feature is available, or by revoking OTpage's access in your Google account permissions. You may also request deletion of stored Google-related data by contacting us using the details below. Revoking access will prevent OTpage from continuing to access your Google Calendar data, though previously created records in OTpage or calendar events already synced may remain unless separately deleted.

Depending on your location, you may have rights to access, correct, delete, or export your personal data, restrict or object to certain processing, or withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority.

To exercise rights, contact us using the details below. We may need to verify your identity before responding.

10. Children

The Services are not directed at children under 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, contact us and we will take appropriate steps.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the “Last updated” date. Continued use of the Services after changes constitutes acceptance where permitted by law.

12. Google API Services disclosure

OTpage's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

13. Contact

For privacy-related requests or questions, please contact us at the support channel listed on our website (for example, support@otpage.com or the contact email published on the Services).

This policy is provided for general information. It is not legal advice. For specific obligations in your jurisdiction, consult a qualified professional.