Skip to main content
Snivel Platform

Privacy Policy

Last updated: February 2026

This Privacy Policy describes how ODOV LLC, a North Carolina limited liability company ("we," "us," or "our"), collects, uses, stores, and protects your information when you use the Snivel platform, including Book with Snivel (scheduling and booking), Sigs by Snivel (email signature management), and related services (collectively, the "Services"). By using our Services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Full name
  • Organization name (for team accounts)
  • Authentication method preference (magic link, email code, or OAuth provider)

We use passwordless authentication. We do not collect or store passwords.

1.2 Calendar Integration Data (Book with Snivel)

When you connect a calendar, we access:

  • OAuth tokens (access token and refresh token) to maintain your calendar connection
  • Calendar event metadata (start/end times, free/busy status) to determine your availability
  • Calendar identifiers (calendar ID, email address, provider) to manage your connected calendars

We access the minimum calendar data necessary to check availability and create booking events. We do not read event titles, descriptions, attendee lists, or other event content beyond what is needed for availability checking.

1.3 Booking Data

When bookings are made through your pages, we collect:

  • Booker's name and email address
  • Timezone
  • Notes or messages provided by the booker
  • Responses to custom intake questions (configured by you)
  • Additional attendee information (if provided)
  • Recording consent acknowledgment (if applicable)

1.4 Email Signature Data (Sigs by Snivel)

When using our email signature management service, we collect:

  • Professional contact information (job title, department, phone numbers, address)
  • Social media profile URLs (LinkedIn, Twitter)
  • Avatar/photo URLs
  • Signature template preferences and branding settings
  • OAuth tokens for Gmail or Microsoft Outlook (for signature deployment only)

1.5 Payment Information

Payment processing is handled entirely by Stripe. We do not collect, store, or have access to your full credit card number or payment credentials. We store only:

  • Stripe customer ID (a reference identifier)
  • Subscription status and plan type
  • Billing period dates

1.6 Usage and Log Data

We automatically collect minimal technical data:

  • IP address (for rate limiting and security only)
  • Request timestamps
  • Browser type and device information

Log data is retained for a maximum of 30 days and is used exclusively for security monitoring and abuse prevention. We do not use analytics tracking or third-party analytics services.

2. How We Use Your Information

We use the information we collect to:

  • Provide our Services: Manage your account, display availability, process bookings, deploy email signatures, and deliver the core functionality you signed up for.
  • Authenticate you: Verify your identity via magic links, email codes, or OAuth provider authentication.
  • Process payments: Manage your subscription through Stripe.
  • Send transactional communications: Booking confirmations, reminders, authentication links, and account notifications.
  • Maintain security: Rate-limit authentication attempts, detect abuse, and protect against unauthorized access.
  • Comply with legal obligations: Respond to lawful requests and enforce our Terms of Service.

We do not use your information for advertising, profiling, or selling to third parties.

3. Google API Services — Limited Use Disclosure

Snivel's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3.1 What Google Data We Access

When you connect your Google account, we request access to the following scopes depending on the features you use:

  • Google Calendar (calendar.events): To read your calendar events for availability checking and to create booking events on your behalf.
  • Gmail Settings (gmail.settings.basic): To deploy email signatures to your Gmail account when you use Sigs by Snivel.
  • Basic Profile (email, profile, openid): To identify your account and pre-fill your name and email.

3.2 How We Use Google Data

Data obtained through Google APIs is used exclusively to provide and improve user-facing features of Snivel that are visible in the application's interface:

  • Calendar data is used only to check your availability and create/manage booking events.
  • Gmail Settings access is used only to set your email signature in Gmail.
  • Profile data is used only to identify your account within Snivel.

3.3 Limited Use Compliance

In compliance with Google's Limited Use requirements, we confirm that:

  • We do not transfer Google user data to advertising platforms, data brokers, or information resellers.
  • We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • We do not use Google user data to determine creditworthiness or for lending purposes.
  • We do not use Google user data for training artificial intelligence or machine learning models.
  • We do not allow humans to read Google user data except: (a) with the user's affirmative agreement to view specific data, (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) when the data is aggregated and used for internal operations.
  • All Snivel employees, agents, contractors, and any successors or acquirers of Snivel are required to comply with these Limited Use restrictions.

3.4 Revoking Google Access

You can revoke Snivel's access to your Google account at any time by:

  • Disconnecting your calendar or email from the Snivel settings page.
  • Removing Snivel from your Google account's third-party app permissions.

Upon revocation, we will delete your stored Google OAuth tokens. Previously created booking events or deployed signatures will remain in your Google account but Snivel will no longer have access to modify them.

4. Microsoft API Services

When you connect your Microsoft account, we request access to:

  • Outlook Calendar (Calendars.ReadWrite): To read your calendar for availability checking and to create booking events.
  • Mailbox Settings (MailboxSettings.ReadWrite): To deploy email signatures to your Outlook account when you use Sigs by Snivel.
  • User Profile (User.Read): To identify your account.

Microsoft data is subject to the same use restrictions described for Google data above. We do not transfer, sell, or use Microsoft user data for advertising, profiling, or any purpose beyond providing the Snivel Services. You can revoke access at any time from your Microsoft account permissions.

5. Third-Party Services

We use the following third-party services to operate Snivel. Each processes only the minimum data necessary for their function:

Stripe

Purpose: Payment processing and subscription management

Data shared: Email address for customer creation; all payment details are collected directly by Stripe

Stripe Privacy Policy

Resend

Purpose: Transactional email delivery (authentication links, booking confirmations, reminders)

Data shared: Recipient email address and email content

Resend Privacy Policy

Deno Deploy

Purpose: Application hosting and data storage (Deno KV)

Data shared: All application data is stored in Deno KV on Deno Deploy infrastructure

Deno Privacy Policy

Google (Calendar API, Gmail API)

Purpose: Calendar synchronization and email signature deployment

Data shared: OAuth tokens, calendar availability queries, signature HTML content

Google Privacy Policy

Microsoft (Outlook Calendar API, Graph API)

Purpose: Calendar synchronization and email signature deployment

Data shared: OAuth tokens, calendar availability queries, signature HTML content

Microsoft Privacy Statement

We maintain Data Processing Agreements with each of our service providers that comply with applicable data protection requirements, ensuring your data is protected throughout the processing chain.

6. Data Security

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
  • Encryption at rest: OAuth tokens are stored encrypted in Deno KV. All data at rest is protected by Deno Deploy's infrastructure encryption.
  • Passwordless authentication: We use magic links and email codes rather than passwords, eliminating password-based attack vectors.
  • Two-factor authentication: Optional TOTP-based two-factor authentication is available for additional account security.
  • Rate limiting: Authentication endpoints are rate-limited by IP address to prevent brute-force attacks.
  • Minimal access: Employee access to user data is restricted to what is necessary for support and operations.
  • Token management: OAuth tokens are automatically refreshed and old tokens are invalidated. Authentication tokens (magic links, email codes) expire after 10 minutes.
  • Breach response: In the event of a data breach affecting your personal information, we will notify affected users and relevant supervisory authorities as required by applicable law, including within 72 hours where required by the GDPR.

7. Data Retention

Data TypeRetention Period
Account dataRetained while account is active
Calendar OAuth tokensUntil disconnected by user or account deletion
Booking history12 months after booking date
Signature templates & dataRetained while account is active
Payment records7 years (legal/tax compliance)
Log/usage data30 days
Authentication tokens10 minutes (auto-expire)
Data after account cancellation90 days, then permanently deleted

8. Cookies

We use only essential, session-based cookies for authentication and session management. We do not use:

  • Third-party tracking cookies
  • Advertising cookies
  • Analytics cookies
  • Persistent cookies beyond your login session

Our cookies are HTTP-only and Secure-flagged, meaning they cannot be accessed by JavaScript and are only transmitted over encrypted connections.

9. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data and account.
  • Data export: Export your data in a machine-readable format.
  • Revoke access: Disconnect Google or Microsoft calendar/email integrations at any time.
  • Opt out: Unsubscribe from marketing emails (transactional emails necessary for the service cannot be opted out).
  • Restrict processing: Request that we limit how we process your data.
  • Object: Object to processing of your data for specific purposes.

To exercise any of these rights, contact us at privacy@snivel.com. We will respond within 30 days.

10. GDPR Compliance (EEA and UK)

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), you have rights under the General Data Protection Regulation (EU GDPR) and the UK GDPR respectively. ODOV LLC acts as the data controller for the personal data processed through our Services.

Lawful Basis for Processing

We process your personal data under the following lawful bases:

Processing ActivityLawful Basis
Account creation and managementContractual necessity (Art. 6(1)(b))
Processing bookingsContractual necessity (Art. 6(1)(b))
Calendar integration (OAuth)Consent (Art. 6(1)(a))
Email signature deployment (OAuth)Consent (Art. 6(1)(a))
Payment processingContractual necessity (Art. 6(1)(b))
Transactional emailsContractual necessity (Art. 6(1)(b))
Security and rate limitingLegitimate interest (Art. 6(1)(f))
Payment record retention (7 years)Legal obligation (Art. 6(1)(c))

Your Rights

  • Data portability: You can request your data in a structured, commonly used, machine-readable format (Art. 20).
  • Right to erasure: You can request complete deletion of your data ("right to be forgotten") (Art. 17).
  • Right to restrict processing: You can request limitation of processing under certain conditions (Art. 18).
  • Right to object: You can object to processing based on legitimate interests (Art. 21).
  • Supervisory authority: You have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO).
  • Withdrawal of consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Data Protection Practices

  • Data protection by design: We implement privacy by design principles, including data minimization, purpose limitation, and collecting only the data necessary for our Services.
  • Data protection impact assessments: We conduct DPIAs where processing is likely to result in a high risk to the rights and freedoms of data subjects.
  • Sub-processor oversight: We maintain Data Processing Agreements with all sub-processors and monitor their compliance.
  • Data protection contact: For GDPR-related inquiries, contact privacy@snivel.com. We will respond to data subject requests within 30 days, extendable by 60 days for complex requests with notice.

11. CCPA / CPRA Compliance (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know: You may request that we disclose what personal information we collect, use, and share.
  • Right to delete: You may request deletion of your personal information.
  • Right to correct: You may request correction of inaccurate personal information we hold about you.
  • Right to opt-out of sale/sharing: You have the right to opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information as defined by the CCPA/CPRA.
  • Right to limit sensitive personal information: You may direct us to limit our use of sensitive personal information to what is necessary to provide the Services. We do not collect sensitive personal information as defined under the CPRA beyond what is necessary to operate the Services.
  • Non-discrimination: We will not discriminate against you for exercising your privacy rights.

Categories of Personal Information

CategoryExamplesBusiness Purpose
IdentifiersName, email addressAccount creation, authentication
Commercial informationSubscription plan, billing statusService delivery, billing
Internet activityIP address, request logsSecurity, rate limiting
Professional informationJob title, company, departmentEmail signature generation

We do not sell personal information. We do not share personal information with third parties for their own marketing or advertising purposes. We do not use personal information for cross-context behavioral advertising.

Service providers: We share personal information with service providers (Stripe, Resend, Deno Deploy) solely for the business purposes described in this policy. Our service provider contracts restrict them from using your data for any purpose other than providing services to us.

We will acknowledge your request within 10 business days and provide a substantive response within 45 calendar days of receiving a verifiable consumer request.

12. Organization-Managed Accounts

If your account is part of an organization (team or enterprise plan), your organization's administrator may:

  • View your booking activity and availability settings
  • Manage your email signature templates and deployed signatures
  • Set field permissions (which signature fields you can edit)
  • Deploy signatures to your email account on your behalf (with your consent via OAuth)
  • Configure booking policies, approval workflows, and intake forms
  • Remove your account from the organization

Your organization's use of your data is also subject to their own privacy policies. If you have questions about how your organization handles your data, contact your administrator.

13. International Data Transfers

Our Services are hosted on Deno Deploy, which may process data in multiple regions. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our infrastructure is located. By using our Services, you consent to this transfer. We ensure appropriate safeguards are in place for international data transfers, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission and compliance with the EU-US Data Privacy Framework where applicable. Our service providers are contractually required to maintain equivalent data protection standards.

14. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child, please contact us at privacy@snivel.com.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by email or by posting a prominent notice on our website prior to the change becoming effective. The "Last updated" date at the top of this page indicates when this policy was last revised. Your continued use of the Services after changes take effect constitutes acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us:

We aim to respond to all privacy-related inquiries within 30 days.