Privacy Notice

1. Who This Notice Covers

This Privacy Notice explains how PepoCloud LLC (“PepoCloud LLC,” “we,” “us,” or “our”) handles personal data for our websites, applications, widgets, and scheduling services (collectively, the “Services”). It applies to:

• Users: account owners and team members who create event types, host meetings, or embed booking pages.
• Invitees: people who book, attend, or receive invitations to meetings created through the Services.
• Visitors: anyone who browses our sites or interacts with our marketing and support materials.

By using the Services, you consent to the practices described here. If you do not agree, please discontinue use of the Services.

2. Personal Data We Collect

Data you provide to us

We collect the personal data you choose to share, including:

• Account and profile details such as name, email address, password, photo, role, organization details, and time zone.
• Scheduling and meeting details, including event types you create, questions you ask invitees, availability preferences, invitee responses, and communications related to an event.
• Content you upload or submit through the Services, including notes, chat, attachments, and feedback.
• Payment and billing information (e.g., billing contact details, billing address, VAT or tax IDs). Payment card data is processed by our payment processors and not stored in full by Peposmart.
• Support requests, survey responses, and any other information you provide when you contact us.

Data we collect automatically

When you use the Services, we automatically collect certain information, including:

• Usage and log data such as the pages you view, features you use, actions you take, timestamps, referring/exit pages, and session IDs.
• Device and network information including IP address, browser type, operating system, device identifiers, language settings, and approximate location derived from your IP address.
• Diagnostic and security data including error logs, performance metrics, crash data, and identifiers associated with cookies or similar technologies.

Data from third parties and integrations

We may receive personal data about you from others, such as:

• Calendar, conferencing, CRM, or productivity tools you connect to the Services, which may share meeting details, availability, attendee lists, and contact information.
• Authentication and identity providers (for example, single sign-on services), fraud-prevention partners, analytics providers, and marketing or advertising partners.
• Other users who invite you to events or share information about you through the Services.

Sensitive data

We do not require sensitive personal data (such as health, biometric, or precise location data) to provide the Services. Please do not include sensitive information unless it is necessary for a meeting you create or attend; if you do, you direct us to process it consistent with this Notice and applicable law.

3. How We Use Personal Data

We use personal data for the following purposes:

• Provide, operate, and maintain the Services, including scheduling, reminders, meeting creation, and integrations you enable.
• Create and manage accounts, authenticate users, and process payments or subscription charges.
• Send confirmations, invitations, updates, service announcements, and support responses.
• Personalize experiences, recommend configurations, and remember your preferences.
• Monitor and analyze usage, trends, and activities to improve the Services and develop new features.
• Detect, investigate, and prevent fraud, abuse, security incidents, and other harmful activity.
• Comply with legal obligations, enforce our agreements, and protect our rights, users, and the public.
• Market and promote the Services in accordance with your preferences and applicable law.

Where required by law, we will obtain your consent before using personal data for certain purposes, and you may withdraw consent at any time.

4. Legal Bases for EEA/UK/Swiss Personal Data

When the GDPR, UK GDPR, or Swiss data protection laws apply, we process personal data under these legal bases:

• Contract: To provide the Services and fulfill our agreements with you.
• Legitimate interests: To secure and improve the Services, respond to inquiries, market to business contacts, and prevent misuse, provided these interests are not overridden by your rights.
• Consent: For certain marketing, analytics, or optional integrations; you may withdraw consent at any time.
• Legal obligations: To comply with applicable laws, regulations, and lawful requests.
• Vital interests: To protect someone’s safety in rare emergency situations.

5. How We Share Personal Data

We do not sell personal data. We may share personal data in these circumstances:

Service providers

Vendors and subprocessors that help us deliver the Services (for example hosting, email delivery, analytics, customer support, and payment processing) access personal data only to perform work on our behalf.

Integrations you connect

When you enable integrations (such as calendars, conferencing, CRM, or productivity tools), we share relevant information with those partners to complete the connection and facilitate scheduling. Those parties’ use of data is governed by their own policies.

Administrators and teams

For enterprise or team accounts, administrators and authorized team members may access, manage, or export data associated with the workspace, including event types and invitee information.

Business transfers

If we engage in a merger, acquisition, financing, or sale of all or part of our business, personal data may be transferred as part of that transaction, subject to appropriate confidentiality protections.

Legal compliance and protection

We may disclose information if required by law, subpoena, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a government request.

With your direction or consent

We share personal data with third parties when you ask us to, such as when you send an invitation, publish a booking link, or request that we share information with a partner. We may also share aggregated or de-identified data that does not identify you.

6. Cookies and Similar Technologies

We use cookies, pixel tags, local storage, and similar technologies to operate and improve the Services. These technologies help us remember preferences, keep you signed in, understand usage, and deliver relevant content.

Types of cookies we use

• Essential: Required for core functionality and security.
• Performance and analytics: Help us understand how the Services are used to improve performance.
• Functional: Enable enhanced features, such as remembering preferences or availability settings.
• Advertising and targeting: Used to deliver relevant marketing and measure campaigns, where permitted.

Managing preferences

You can manage cookies through your browser settings, our cookie banner (where available), or industry opt-out tools for advertising cookies. Blocking some cookies may affect how the Services function.

Some browsers offer a Do Not Track (DNT) signal. Because there is no common DNT standard, we do not currently respond to DNT, but we honor applicable opt-out choices described above.

7. Data Retention

We keep personal data only as long as needed for the purposes described in this Notice, including to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary based on the type of data, the nature of our relationship with you, and our legal or contractual obligations.

When data is no longer needed, we will delete or de-identify it in accordance with our retention policies, unless we need to keep it to comply with legal or regulatory requirements.

8. Data Security

We implement technical, administrative, and organizational measures designed to protect personal data, including encryption in transit, access controls, network safeguards, regular monitoring, and employee training. Despite these efforts, no security controls are infallible, and we cannot guarantee absolute security.

If you have reason to believe your account or interaction with us is no longer secure, please contact us immediately using the details in Section 32.

9. International Data Transfers

PepoSmart is operated by PepoCloud LLC in the United States. Your personal data may be transferred to and processed in countries other than where you live, primarily in the United States. These countries may have data protection laws that differ from those in your jurisdiction.

When transferring personal data internationally, we use appropriate safeguards such as Standard Contractual Clauses, reliance on adequacy decisions, or other lawful transfer mechanisms, and we take additional measures as needed to protect personal data.

10. Your Privacy Rights and Choices

Depending on where you live, you may have rights regarding your personal data, including the right to request access, correction, deletion, restriction, portability, or to object to certain processing. You may also withdraw consent where processing is based on consent.

You can exercise these rights by contacting us at [email protected] or using in-product settings where available. We may request information to verify your identity before fulfilling your request. If you are an invitee, your data may also be controlled by the user who invited you, and we may direct you to that organizer to fulfill certain requests.

We will respond consistent with applicable law. You may have the right to appeal our decision if we decline to act on a request (see Section 27 for state appeal rights).

11. Marketing and Communication Preferences

You can opt out of marketing emails at any time by clicking the unsubscribe link in the email or contacting us. Even if you opt out, we may still send you non-promotional messages about your account, transactions, or service updates.

You can adjust cookie-based advertising preferences through our cookie banner (where available), your browser settings, or industry opt-out tools.

12. Third-Party Services and Integrations

The Services may contain links to or integrations with third-party sites, tools, or services. Your use of those services is subject to their terms and privacy policies, which we do not control. We encourage you to review those policies to understand how they handle your data.

If you connect a third-party integration, data may flow between Peposmart and that provider as directed by you or your organization. Disconnecting an integration will stop new data sharing but may not delete data already shared with that provider.

13. Use of Google Calendar and Google Meet Data (Google API Services Disclosure)

When you connect your Google account and enable Google Calendar and/or Google Meet in the Services, PepoCloud LLC accesses and processes certain data through Google APIs. This section explains how we handle that information in compliance with the Google API Services User Data Policy, including the Limited Use requirements.

Data we access

Depending on the permissions you grant, we may access:

• Google Calendar data: calendar lists, event metadata (titles, times, attendees, descriptions), and availability needed to provide scheduling.
• Google Meet data: meeting links, meeting IDs, conferencing settings, and related metadata required to generate and attach Google Meet details to events.

We do not access or store the contents of your meetings (such as audio, video, screen shares, or in-meeting chat) through Google APIs.

How we use Google Calendar and Google Meet data

We use this data solely to:

• Read existing calendar events to determine your availability and prevent double-booking.
• Create, update, or delete events created through the Services on your Google Calendar.
• Generate and attach Google Meet links to events scheduled via the Services.
• Display meeting details (including Google Meet links) to you and your invitees.

We do not use Google Calendar or Google Meet data for advertising, profiling, or analytics unrelated to providing and improving the scheduling features.

Sharing of Google API data

We do not sell Google user data. We only share Google Calendar and Google Meet data with service providers that help us operate the Services (such as hosting and infrastructure providers), under appropriate confidentiality and security obligations, and as otherwise described in this Notice. We do not share your Google meeting details with third parties for their own marketing or advertising.

Storage and security

OAuth tokens and related credentials are encrypted and stored securely. We store only what is necessary to maintain your integration (for example, a Google Meet link associated with an event). If you disconnect your Google account, we revoke and delete associated tokens and cease accessing Google data.

User control and disconnection

You can disconnect Google integrations at any time from within the Services or from your Google Account (“Security” → “Third-party access”). Once disconnected, we no longer access your Google Calendar or Google Meet data via Google APIs.

Limited Use compliance

PepoCloud LLC’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We access and use Google user data only as necessary to provide and improve features directly related to scheduling and meeting management, and not for any other unrelated purposes.

14. Use of Zoom Meeting Data (Zoom API Disclosure)

If you connect your Zoom account to generate or attach Zoom meetings in the Services, we access and process data via Zoom APIs solely to deliver scheduling and meeting functionality in line with Zoom’s API policies.

Data we access

• Meeting details such as meeting IDs, join links, settings (e.g., waiting room, passcode), and start/end times needed to create or attach Zoom meetings.
• Basic profile metadata necessary to associate meetings with your account and display host information.

We do not access or store meeting content (audio, video, screen share, chat) through Zoom APIs.

How we use Zoom data

• Create and update Zoom meetings tied to scheduled events.
• Attach Zoom join links and meeting details to calendar events and invites.
• Display meeting details to you and your invitees.

We do not use Zoom data for advertising, profiling, or unrelated analytics.

Sharing, storage, and control

We do not sell Zoom data. We share it only with service providers under appropriate confidentiality and security obligations. OAuth tokens are encrypted and stored securely; if you disconnect Zoom, we revoke and delete tokens and stop accessing Zoom data. You can disconnect via the Services or your Zoom account permissions.

15. Use of Outlook Calendar and Microsoft Teams Data

When you connect Microsoft 365/Outlook Calendar and/or Microsoft Teams, we access data through Microsoft APIs (including Microsoft Graph) solely to provide scheduling and meeting capabilities, consistent with Microsoft’s terms and privacy requirements.

Data we access

• Outlook calendar data: calendar lists, event metadata (titles, times, attendees, descriptions), and availability for scheduling.
• Microsoft Teams meeting data: meeting links, IDs, conferencing settings, and related metadata required to generate and attach Teams details to events.

We do not access or store Teams meeting content (audio, video, screen share, or in-meeting chat) through these APIs.

How we use Outlook and Teams data

• Read existing events to determine availability and avoid double-booking.
• Create, update, or delete events you schedule through the Services on your Outlook calendar.
• Generate and attach Microsoft Teams meeting links to scheduled events and display details to you and invitees.

We do not use this data for advertising, profiling, or analytics unrelated to providing and improving scheduling features.

Sharing, storage, and control

We do not sell Microsoft user data. We share Outlook and Teams data only with service providers supporting the Services under confidentiality and security obligations. OAuth tokens and related credentials are encrypted and stored securely; disconnecting your Microsoft account revokes tokens and stops further access. You can disconnect via the Services or your Microsoft account permissions.

16. Use of HubSpot CRM Data

If you connect your HubSpot account to the Services, we access and process data via HubSpot APIs solely to provide CRM synchronization and contact management functionality, in accordance with HubSpot's API policies.

Data we access

• Contact data: names, email addresses, phone numbers, company information, and other contact properties needed to sync booking information with your CRM.
• Company data: company names, domains, and related properties to associate contacts with organizations.
• Engagement data: meeting notes, tasks, and activities we create in HubSpot to log interactions from scheduled meetings.
• Deal and pipeline data: deal stages, deal names, pipeline configurations, and associated deal properties used to track sales progress and provide AI-powered deal stage suggestions.

How we use HubSpot data

• Create or update contacts in HubSpot when bookings are made through the Services.
• Log meeting notes, summaries, and action items as engagements on contact timelines.
• Create follow-up tasks in HubSpot based on meeting outcomes and action items.
• Search for existing contacts to prevent duplicate entries.
• Read deal stages and pipeline data to display current deal status alongside meeting information.
• Process meeting transcripts using AI (OpenAI) to generate deal stage suggestions based on conversation content, sentiment, and buyer intent signals.
• With your explicit approval, update deal stages in HubSpot based on AI-generated suggestions. Deal stage updates are never applied automatically without user confirmation.

We do not use HubSpot data for advertising, profiling, or analytics unrelated to providing CRM synchronization and deal management features.

Sharing, storage, and control

We do not sell HubSpot data. We share it only with service providers under appropriate confidentiality and security obligations. OAuth tokens are encrypted and stored securely; if you disconnect HubSpot, we revoke and delete tokens and stop accessing HubSpot data. You can disconnect via the Services or your HubSpot account settings.

17. Use of Slack Data

If you connect your Slack workspace to the Services, we access and process data via Slack APIs solely to provide notification and communication functionality, in accordance with Slack's API policies.

Data we access

• Workspace information: workspace name and ID needed to identify your Slack workspace.
• Channel information: list of channels where you authorize our bot to post notifications.
• Bot user information: details about the bot user we create to send messages on your behalf.

We do not access private messages, direct messages, or message history. We only send messages to channels you explicitly authorize.

How we use Slack data

• Send booking notifications to designated Slack channels when meetings are scheduled, rescheduled, or canceled.
• Post meeting reminders to help teams stay informed about upcoming appointments.
• Share meeting summaries and action items after meetings conclude (when enabled).

We do not use Slack data for advertising, profiling, or analytics unrelated to providing notification features.

Sharing, storage, and control

We do not sell Slack data. We share it only with service providers under appropriate confidentiality and security obligations. OAuth tokens are encrypted and stored securely; if you disconnect Slack, we revoke and delete tokens and stop accessing Slack data. You can disconnect via the Services or your Slack workspace settings under “Manage apps.”

18. Use of Salesforce CRM Data

If you connect your Salesforce account to the Services, we access and process data via Salesforce APIs solely to provide CRM synchronization and contact management functionality, in accordance with Salesforce's API policies.

Data we access

• Contact and lead data: names, email addresses, phone numbers, company information, and other properties needed to sync booking information with your CRM.
• Account data: company names and related properties to associate contacts with organizations.
• Task and activity data: tasks and activities we create in Salesforce to log interactions from scheduled meetings.
• Opportunity and pipeline data: opportunity stages, opportunity names, pipeline configurations, and associated properties used to track sales progress and provide AI-powered deal stage suggestions.

How we use Salesforce data

• Create or update contacts/leads in Salesforce when bookings are made through the Services.
• Log meeting notes, summaries, and action items as tasks on contact records.
• Search for existing contacts to prevent duplicate entries.
• Read opportunity stages and pipeline data to display current deal status alongside meeting information.
• Process meeting transcripts using AI (OpenAI) to generate deal stage suggestions based on conversation content, sentiment, and buyer intent signals.
• With your explicit approval, update opportunity stages in Salesforce based on AI-generated suggestions. Stage updates are never applied automatically without user confirmation.

We do not use Salesforce data for advertising, profiling, or analytics unrelated to providing CRM synchronization and deal management features.

Sharing, storage, and control

We do not sell Salesforce data. We share it only with service providers under appropriate confidentiality and security obligations. OAuth tokens are encrypted and stored securely; if you disconnect Salesforce, we revoke and delete tokens and stop accessing Salesforce data. You can disconnect via the Services or your Salesforce account settings.

19. Use of Zoho CRM Data

If you connect your Zoho CRM account to the Services, we access and process data via Zoho APIs solely to provide CRM synchronization and contact management functionality, in accordance with Zoho's API policies.

Data we access

• Contact and lead data: names, email addresses, phone numbers, company information needed to sync booking information with your CRM.
• Note and task data: notes and tasks we create on contacts to log meeting interactions.
• Deal and pipeline data: deal stages, deal names, pipeline configurations, and associated properties used to track sales progress and provide AI-powered deal stage suggestions.

How we use Zoho data

• Create or update contacts in Zoho CRM when bookings are made through the Services.
• Log meeting summaries, notes, and action items on contact records.
• Search for existing contacts to prevent duplicate entries.
• Read deal stages and pipeline data to display current deal status alongside meeting information.
• Process meeting transcripts using AI (OpenAI) to generate deal stage suggestions based on conversation content, sentiment, and buyer intent signals.
• With your explicit approval, update deal stages in Zoho CRM based on AI-generated suggestions. Deal stage updates are never applied automatically without user confirmation.

We do not use Zoho data for advertising, profiling, or analytics unrelated to providing CRM synchronization and deal management features.

Sharing, storage, and control

We do not sell Zoho data. We share it only with service providers under appropriate confidentiality and security obligations. OAuth tokens are encrypted and stored securely; if you disconnect Zoho CRM, we revoke and delete tokens and stop accessing Zoho data. You can disconnect via the Services or your Zoho account settings.

20. Use of Pipedrive CRM Data

If you connect your Pipedrive account to the Services, we access and process data via Pipedrive APIs solely to provide CRM synchronization and contact management functionality, in accordance with Pipedrive's API policies.

Data we access

• Person and organization data: names, email addresses, phone numbers, company information needed to sync booking information with your CRM.
• Activity and note data: activities and notes we create on persons to log meeting interactions.
• Deal and pipeline data: deal stages, deal values, pipeline configurations, and associated properties used to track sales progress and provide AI-powered deal stage suggestions.

How we use Pipedrive data

• Create or update persons in Pipedrive when bookings are made through the Services.
• Log meeting summaries, notes, and action items as activities on person records.
• Search for existing persons to prevent duplicate entries.
• Read deal stages and pipeline data to display current deal status alongside meeting information.
• Process meeting transcripts using AI (OpenAI) to generate deal stage suggestions based on conversation content, sentiment, and buyer intent signals.
• With your explicit approval, update deal stages in Pipedrive based on AI-generated suggestions. Deal stage updates are never applied automatically without user confirmation.

We do not use Pipedrive data for advertising, profiling, or analytics unrelated to providing CRM synchronization and deal management features.

Sharing, storage, and control

We do not sell Pipedrive data. We share it only with service providers under appropriate confidentiality and security obligations. API tokens are encrypted and stored securely; if you disconnect Pipedrive, we delete stored credentials and stop accessing Pipedrive data. You can disconnect via the Services at any time.

21. Use of Microsoft Dynamics 365 Data

If you connect your Microsoft Dynamics 365 account to the Services, we access and process data via Dynamics 365 APIs solely to provide CRM synchronization and contact management functionality, in accordance with Microsoft's API policies.

Data we access

• Contact and account data: names, email addresses, phone numbers, company information needed to sync booking information with your CRM.
• Activity and task data: activities and tasks we create on contacts to log meeting interactions.
• Opportunity and pipeline data: opportunity stages, opportunity values, pipeline configurations, and associated properties used to track sales progress and provide AI-powered deal stage suggestions.

How we use Dynamics 365 data

• Create or update contacts in Dynamics 365 when bookings are made through the Services.
• Log meeting summaries, notes, and action items as activities on contact records.
• Search for existing contacts to prevent duplicate entries.
• Read opportunity stages and pipeline data to display current deal status alongside meeting information.
• Process meeting transcripts using AI (OpenAI) to generate deal stage suggestions based on conversation content, sentiment, and buyer intent signals.
• With your explicit approval, update opportunity stages in Dynamics 365 based on AI-generated suggestions. Stage updates are never applied automatically without user confirmation.

We do not use Dynamics 365 data for advertising, profiling, or analytics unrelated to providing CRM synchronization and deal management features.

Sharing, storage, and control

We do not sell Dynamics 365 data. We share it only with service providers under appropriate confidentiality and security obligations. OAuth tokens are encrypted and stored securely; if you disconnect Dynamics 365, we revoke and delete tokens and stop accessing Dynamics 365 data. You can disconnect via the Services or your Microsoft account settings.

22. Use of Freshsales CRM Data

If you connect your Freshsales account to the Services, we access and process data via Freshsales APIs solely to provide CRM synchronization and contact management functionality, in accordance with Freshworks' API policies.

Data we access

• Contact and lead data: names, email addresses, phone numbers, company information needed to sync booking information with your CRM.
• Note and task data: notes and tasks we create on contacts to log meeting interactions.
• Deal and pipeline data: deal stages, deal values, pipeline configurations, and associated properties used to track sales progress and provide AI-powered deal stage suggestions.

How we use Freshsales data

• Create or update contacts in Freshsales when bookings are made through the Services.
• Log meeting summaries, notes, and action items on contact records.
• Search for existing contacts to prevent duplicate entries.
• Read deal stages and pipeline data to display current deal status alongside meeting information.
• Process meeting transcripts using AI (OpenAI) to generate deal stage suggestions based on conversation content, sentiment, and buyer intent signals.
• With your explicit approval, update deal stages in Freshsales based on AI-generated suggestions. Deal stage updates are never applied automatically without user confirmation.

We do not use Freshsales data for advertising, profiling, or analytics unrelated to providing CRM synchronization and deal management features.

Sharing, storage, and control

We do not sell Freshsales data. We share it only with service providers under appropriate confidentiality and security obligations. API tokens are encrypted and stored securely; if you disconnect Freshsales, we delete stored credentials and stop accessing Freshsales data. You can disconnect via the Services at any time.

23. Use of Copper CRM Data

If you connect your Copper account to the Services, we access and process data via Copper APIs solely to provide CRM synchronization and contact management functionality, in accordance with Copper's API policies.

Data we access

• People and company data: names, email addresses, phone numbers, company information needed to sync booking information with your CRM.
• Activity and task data: activities and tasks we create on people to log meeting interactions.
• Opportunity and pipeline data: opportunity stages, opportunity values, pipeline configurations, and associated properties used to track sales progress and provide AI-powered deal stage suggestions.

How we use Copper data

• Create or update people in Copper when bookings are made through the Services.
• Log meeting summaries, notes, and action items as activities on people records.
• Search for existing people to prevent duplicate entries.
• Read opportunity stages and pipeline data to display current deal status alongside meeting information.
• Process meeting transcripts using AI (OpenAI) to generate deal stage suggestions based on conversation content, sentiment, and buyer intent signals.
• With your explicit approval, update opportunity stages in Copper based on AI-generated suggestions. Stage updates are never applied automatically without user confirmation.

We do not use Copper data for advertising, profiling, or analytics unrelated to providing CRM synchronization and deal management features.

Sharing, storage, and control

We do not sell Copper data. We share it only with service providers under appropriate confidentiality and security obligations. API tokens are encrypted and stored securely; if you disconnect Copper, we delete stored credentials and stop accessing Copper data. You can disconnect via the Services at any time.

24. Use of Monday.com CRM Data

If you connect your Monday.com account to the Services, we access and process data via Monday.com APIs (GraphQL) solely to provide CRM synchronization and contact management functionality, in accordance with Monday.com's API policies.

Data we access

• Board data: board IDs, names, columns, and structure needed to identify where to sync contact information.
• Item data: items (contacts) within your selected CRM board, including names, emails, and column values.
• Updates and subitems: we create updates (notes) and subitems (tasks) linked to contact items.
• Deal and status column data: status columns, deal values, and associated properties used to track sales progress and provide AI-powered deal stage suggestions.

How we use Monday.com data

• Create or update contact items in Monday.com when bookings are made through the Services.
• Log meeting summaries and notes as updates on contact items.
• Create follow-up tasks as subitems based on meeting action items.
• Search for existing contacts to prevent duplicate entries.
• Read deal status columns to display current deal status alongside meeting information.
• Process meeting transcripts using AI (OpenAI) to generate deal stage suggestions based on conversation content, sentiment, and buyer intent signals.
• With your explicit approval, update deal status columns in Monday.com based on AI-generated suggestions. Status updates are never applied automatically without user confirmation.

We do not use Monday.com data for advertising, profiling, or analytics unrelated to providing CRM synchronization and deal management features.

Sharing, storage, and control

We do not sell Monday.com data. We share it only with service providers under appropriate confidentiality and security obligations. OAuth tokens are encrypted and stored securely; if you disconnect Monday.com, we revoke and delete tokens and stop accessing Monday.com data. You can disconnect via the Services or your Monday.com account settings.

25. Use of ActiveCampaign Data

If you connect your ActiveCampaign account to the Services, we access and process data via ActiveCampaign APIs solely to provide CRM synchronization and marketing automation functionality, in accordance with ActiveCampaign's API policies.

Data we access

• Contact data: names, email addresses, phone numbers, and custom fields needed to sync booking information with your CRM.
• Tag data: tags associated with contacts for categorization and tracking.
• Note data: notes we create on contacts to log meeting interactions.
• Deal and pipeline data: deal stages, deal values, pipeline configurations, and associated properties used to track sales progress and provide AI-powered deal stage suggestions.

How we use ActiveCampaign data

• Create or update contacts in ActiveCampaign when bookings are made through the Services.
• Log meeting summaries, notes, and action items on contact records.
• Add tags (such as “Had Meeting”) to contacts for tracking meeting activity.
• Search for existing contacts to prevent duplicate entries.
• Read deal stages and pipeline data to display current deal status alongside meeting information.
• Process meeting transcripts using AI (OpenAI) to generate deal stage suggestions based on conversation content, sentiment, and buyer intent signals.
• With your explicit approval, update deal stages in ActiveCampaign based on AI-generated suggestions. Deal stage updates are never applied automatically without user confirmation.

We do not use ActiveCampaign data for advertising, profiling, or analytics unrelated to providing CRM synchronization and deal management features.

Sharing, storage, and control

We do not sell ActiveCampaign data. We share it only with service providers under appropriate confidentiality and security obligations. API credentials are encrypted and stored securely; if you disconnect ActiveCampaign, we delete stored credentials and stop accessing ActiveCampaign data. You can disconnect via the Services at any time.

26. Use of Close CRM Data

If you connect your Close account to the Services, we access and process data via Close APIs solely to provide CRM synchronization and lead management functionality, in accordance with Close's API policies.

Data we access

• Lead and contact data: names, email addresses, phone numbers, and company information for meeting attendees.
• Activity data: tasks and activities we create in Close to log interactions from scheduled meetings.

How we use Close data

• Create or update leads in Close when bookings are made through the Services.
• Log meeting notes and AI-generated summaries as activities on lead records.
• Create follow-up tasks in Close based on meeting outcomes and action items.

We do not use Close data for advertising, profiling, or analytics unrelated to providing CRM synchronization features.

Sharing, storage, and control

We do not sell Close data. We share it only with service providers under appropriate confidentiality and security obligations. OAuth tokens are encrypted and stored securely; if you disconnect Close, we delete stored credentials and stop accessing Close data. You can disconnect via the Services at any time.

27. Use of PayPal Data

If you connect your PayPal account to the Services to collect payments for scheduled meetings, we access and process data via PayPal APIs solely to facilitate payment processing, in accordance with PayPal's API policies and User Agreement.

Data we access

• Profile information: your PayPal account name and email address to verify your connected account.
• Payment authorization: we facilitate secure payment flows when invitees pay for booked events.

How we use PayPal data

• Display PayPal as a payment option for invitees booking paid events.
• Process payments securely through PayPal's payment flow.
• Associate payment confirmations with bookings in our system.

We do not store payment card details, access your PayPal balance, view your transaction history, or use PayPal data for advertising, profiling, or analytics unrelated to payment processing.

Sharing, storage, and control

We do not sell PayPal data. OAuth tokens are encrypted and stored securely; if you disconnect PayPal, we revoke and delete tokens and stop accessing PayPal data. You can disconnect via the Services or your PayPal account settings (“Apps & Permissions”).

28. Use of Stripe Data

If you connect your Stripe account to the Services to collect payments for scheduled meetings, we access and process data via Stripe Connect APIs solely to facilitate payment processing, in accordance with Stripe's Terms of Service and Connected Account Agreement.

Data we access

• Account information: your Stripe account ID, business name, and email to verify your connected account.
• Payment events: webhook notifications about payment status (succeeded, failed) to update booking records.

How we use Stripe data

• Display Stripe as a payment option for invitees booking paid events.
• Create payment intents and checkout sessions that direct payments to your connected Stripe account.
• Associate payment confirmations with bookings in our system.

We do not store payment card details (handled entirely by Stripe), access your Stripe balance or payout history, or use Stripe data for advertising, profiling, or analytics unrelated to payment processing.

Sharing, storage, and control

We do not sell Stripe data. OAuth tokens and credentials are encrypted and stored securely; if you disconnect Stripe, we revoke access and stop processing payments through your account. You can disconnect via the Services or your Stripe Dashboard (“Settings → Connected accounts”).

29. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the CPRA, provides specific rights regarding your personal information.

Categories of personal information we collect

Depending on how you interact with us, we may collect identifiers (like name, email, IP address), customer records (billing details), commercial information (purchase history), internet or electronic network activity (usage data, device data), approximate geolocation (derived from IP), professional or employment information (if provided), and inferences drawn from other personal information. We also collect limited sensitive personal information such as account login credentials and payment card token data handled by processors.

Sources and purposes

We collect personal information directly from you, automatically from your use of the Services, from your organization, and from third parties or integrations you enable. We use it for the business and commercial purposes described in Section 3, including providing the Services, security, analytics, support, and marketing consistent with your preferences.

Disclosure of personal information

We disclose personal information to service providers and contractors who process data on our behalf, to integration partners you choose, to affiliates, and for legal or business transfer purposes as described in Section 5. We do not sell personal information. We may “share” personal information for cross-context behavioral advertising through cookies or similar technologies; you can opt out via our cookie banner (where available) or by contacting us.

Your California rights

• Request to know the categories or specific pieces of personal information we collect, use, disclose, or share.
• Request correction of inaccurate personal information.
• Request deletion of personal information, subject to legal exceptions.
• Opt out of the “sharing” of personal information for cross-context behavioral advertising.
• Limit the use and disclosure of sensitive personal information to what is necessary to perform our services.
• Be free from discrimination for exercising your rights.

To exercise your rights, contact us at [email protected]. We will verify your request and respond as required by law. You may use an authorized agent to submit a request; we may require proof of authorization and confirmation of your identity.

30. U.S. State Privacy Rights (Virginia, Colorado, Connecticut, Utah, and Similar Laws)

Residents of certain U.S. states have rights such as confirming whether we process personal data, accessing and obtaining a copy of personal data, requesting deletion, correcting inaccuracies, and opting out of targeted advertising, the sale of personal data, or certain profiling.

You can exercise these rights by contacting [email protected] and specifying your state of residence. If we decline to act on a request, you may appeal by replying to our decision with “Appeal” in the subject line. We will respond to appeals within the timeframe required by applicable law.

To opt out of targeted advertising via cookies, adjust your browser settings or use our cookie banner (where available).

31. EEA, UK, and Swiss Residents

If you are located in the EEA, UK, or Switzerland, PepoCloud LLC (United States) is the controller of your personal data unless we process it on behalf of a customer as their processor. You may contact our Data Protection Officer at [email protected].

You have the right to lodge a complaint with your local data protection authority, and you may request information about cross-border transfer safeguards (see Section 9). Where we act as a processor on behalf of a customer, please direct your request to that customer for fulfillment.

If we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

32. Children's Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate steps to delete it.

If we learn that we have collected personal data from a child without appropriate consent, we will delete that information promptly.

33. Changes to This Privacy Notice

We may update this Notice to reflect changes in our practices, technologies, legal requirements, or other factors. When we do, we will update the “Last updated” date at the top of the Notice. In some cases, we may provide additional notice (such as a banner or email).

Your continued use of the Services after an update means you acknowledge the revised Notice.

34. Sub-Processors

We use the following third-party service providers (sub-processors) to process data on our behalf. We ensure all sub-processors maintain appropriate security and privacy standards.

This list may be updated from time to time. We recommend checking this section periodically for any changes.

35. Contact Us

If you have questions about this Privacy Notice or our privacy practices, please contact us: