What we collect, how we use it, what we don't do with it. Plain language.
The short version
We collect what's necessary to run the service.
We don't sell your data. We don't use it to train AI models.
You can request deletion at any time from the dashboard.
We keep dispatch logs to help you see what happened — you can clear them by deleting your account.
What we collect
From you (the account owner)
Email address, name, business name, slug (subdomain), industry choice.
Vendor / contact list you configure for routing.
Property / matter / client list (subjects) you configure.
Notification preferences, timezone.
Stripe customer / subscription IDs (when billing is added).
From callers using your routing page
Tenant name, phone number, and free-text description as they submit through the form.
Which property + category they selected.
Timestamps of dispatch events.
This data is logged to your account's dispatch history and used to send the routing email to your vendor. We do not aggregate it for analytics or sell it.
Automatically
IP addresses (for abuse detection; not retained beyond 30 days).
Standard server logs (HTTP requests; aggregated, not retained beyond 30 days).
Google Analytics on the marketing site (outofofficepro.com main domain) for traffic patterns. Subscriber dashboards do not have GA tracking.
From your Google Calendar (only if you connect it)
Booking is optional, and connecting Google Calendar is optional within it. If you connect it, you grant access via Google OAuth.
We read your calendar's free/busy times so we can hide slots when you're already busy. We do not read event titles, descriptions, attendees, or attachments for this — only the busy/free windows.
When someone books a slot, we create a calendar event on the calendar you selected, including the booking details (guest name, phone, email, note) so the appointment appears on your calendar with an invite to the guest.
We store a Google refresh token (so the connection persists) and the connected account's email address (so you can see which calendar is linked). You can disconnect anytime from the booking dashboard, which deletes the token and revokes our access.
How we use it
To run the routing service (dispatch emails, store config, render your subdomain page).
To run the optional booking feature (show your availability, accept appointments, and — if connected — sync with your Google Calendar).
To send transactional emails (magic links, dispatch notifications, trial reminders).
To process billing (via Stripe; we don't store card data on our servers).
To detect abuse and enforce the Terms of Service.
What we don't do
We don't sell or rent your data to anyone.
We don't use it to train AI models.
We don't use it for unrelated marketing.
We don't share it with vendors beyond what's needed for the dispatch (the vendor sees only the ticket info you'd expect them to see — caller name, phone, issue, your contact info).
Third parties we use
Cloudflare — hosting, edge compute, DNS. They see traffic patterns and IPs.
Resend — transactional email delivery. They see email addresses and message bodies for the emails we send through them.
Stripe — billing (only when you add a card). They handle card data; we don't.
Google Analytics — marketing-site traffic analytics. Drop a do-not-track or browser-level blocker if you don't want it.
Google Calendar API — only if you connect your calendar. Used to read free/busy times and create booking events on your behalf.
Specifically, for data accessed through Google Calendar APIs:
We use it only to provide the booking/scheduling feature you enabled — showing your availability and creating booking events.
We do not transfer or sell this data to third parties, except as needed to provide the feature, for security, or to comply with law.
We do not use it for advertising.
We do not allow humans to read it, except with your explicit consent, for security/abuse purposes, to comply with law, or where the data is aggregated and anonymized.
We do not use it to train generalized AI/ML models.
Your rights
Access. You can see your data in the dashboard. For things not visible there, email us.
Correction. Edit your config in the dashboard or email us.
Deletion. Click "Delete account" in your dashboard, or email us. We delete within 7 days; cascades to events and sessions.
Portability. Email us for a copy of your data.
EU/UK residents: same rights as above, plus GDPR rights to object and to lodge complaints with your supervisory authority.
California residents: CCPA rights to know, delete, and not be discriminated against for exercising rights.
Data retention
Dispatch event logs: kept while your account is active. Deleted on account deletion.
Magic links: 15-minute TTL, single-use.
Sessions: 30-day TTL.
Server logs: 30 days.
Slug-hold (after cancellation): 60 days, then slug returns to the pool.
Booking appointments: kept while your account is active; deleted on account deletion.
Google Calendar connection (refresh token + connected email): kept until you disconnect or delete your account, at which point it's deleted and access revoked.
Security
Data is stored in Cloudflare D1 with at-rest encryption. Connections use HTTPS. Magic-link tokens and session tokens are randomly generated; vendor-action tokens are HMAC-signed. We don't store passwords (no password auth — magic-link only).
No security is perfect. Report vulnerabilities to hi@outofofficepro.com and we'll respond within 5 business days.
Children
The service is not intended for users under 13. We don't knowingly collect data from children.
Changes
We may update this Policy. Material changes will be communicated via email. Last updated: 2026-05-10.