Privacy Policy and Terms of Service

Last Updated: March 4, 2026

1. Introduction

This Privacy Policy explains how Foundslot (“we”, “us”, “our”) collects, uses, processes, stores, and protects personal data when you use our scheduling and booking software platform (the “Service”). Foundslot complies with:

  • Regulation (EU) 2016/679 (GDPR)
  • Spanish Organic Law 3/2018 (LOPDGDD)
  • Google API Services User Data Policy

2. Data Controller

Data Controller: Foundslot

Contact Email: hello@foundslot.com

3. Categories of Personal Data We Collect

  • 3.1 Account Data: Name, email address, business information, and encrypted login credentials.
  • 3.2 Booking Data: Client names, email addresses, appointment details, and intake form responses.
  • 3.3 Subscription & Payment Data: Billing information (processed via Stripe). Foundslot does not store full credit card numbers.
  • 3.4 Technical Data: IP address, browser type, device identifiers, and usage logs.

4. Google API Services & OAuth Data

When you choose to connect your Google account to Foundslot, you authorize us to access certain Google user data via Google OAuth and Google Calendar API.

4.1 Google Data We Access

With your explicit permission, Foundslot may access:

  • Google account basic profile information (name and email address).
  • Google Calendar metadata.
  • Calendar event data (title, date, time, description, attendees).
  • Calendar availability information (free/busy status).

4.2 How We Use Google User Data

Google user data is used solely to provide and improve user-facing features:

  • Conflict Prevention: Checking availability to prevent double bookings.
  • Automated Sync: Creating, updating, or deleting calendar events in direct response to user-initiated bookings or cancellations.
  • Dashboard Display: Displaying relevant calendar data inside the Foundslot dashboard for the user's convenience.

4.3 Limited Use & Restrictions

In accordance with the Google API Services User Data Policy, Foundslot strictly adheres to the following:

  • No Advertising: Google user data is not sold, rented, or used for serving or targeting advertisements.
  • No AI/ML Training: We do not use Google user data to develop, improve, or train any generalized AI or machine learning models.
  • Human Review Prohibition: Our employees and contractors are prohibited from viewing your Google user data unless we have obtained your explicit, documented consent to look at specific data for security purposes, to comply with laws, or for troubleshooting a support ticket.
  • Limited Transfer: We only transfer Google user data to third parties (such as our secure cloud hosting) if necessary to provide or improve the Service's core features.

4.4 Required Compliance Statement

Foundslot’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

5. Legal Basis for Processing (GDPR)

We process personal data based on:

  • Performance of a Contract: Providing the core Service features.
  • Legitimate Interest: Security, fraud prevention, and platform optimization.
  • Legal Obligations: Tax, accounting, and regulatory compliance.
  • User Consent: Including Google OAuth authorization and newsletter subscriptions.

6. Data Sharing (General)

We do not sell personal data. We may share data with trusted service providers necessary to operate the platform, including:

  • Cloud hosting providers (e.g., AWS/DigitalOcean/Hetzner).
  • Payment processors (Stripe).
  • Email delivery services.

All subprocessors are contractually bound to protect personal data in accordance with GDPR. Where data is transferred outside the EEA, we implement Standard Contractual Clauses (SCCs).

7. Data Security & Storage

We implement appropriate technical and organizational security measures:

  • Encryption: Data transmission via HTTPS/TLS and encryption of OAuth tokens at rest.
  • Logical Separation: Strict database isolation of user data.
  • Offline Access: We securely store refresh tokens to enable background synchronization as requested by the user. These are deleted immediately upon account termination or integration removal.

8. Data Retention & Deletion

We retain personal data only as long as necessary to provide the Service.

  • Google User Data: Retained only while your Foundslot account is active and the integration is connected.
  • Account Deletion: You may request deletion via hello@foundslot.com. Upon request, all OAuth tokens are revoked and personal data is deleted or anonymized within 30 days.

9. Your Rights (GDPR)

If you are located in the EU, you have the right to access, rectify, request deletion, or restrict processing of your data. To exercise these rights, contact our Data Controller. You may also file a complaint with the Agencia Española de Protección de Datos (AEPD).

10. Cookies

Foundslot uses essential cookies for functionality and security. Non-essential cookies (such as analytics) are used only with your explicit consent. You can manage your cookie preferences through your browser settings.

11. Booking & Dispute Policy

Foundslot acts as a technology intermediary between providers (freelancers) and clients.

  • Provider Responsibility: Providers are responsible for their own cancellation, refund, and no-show policies.
  • Disputes: Disputes must be resolved directly between the provider and the client.

12. Updates to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised "Last Updated" date.

Questions About Privacy?

If you have any questions about this Privacy Policy, please contact us.

Contact Support