Slott Logo

Privacy Policy

Last updated: March 2026

1. Introduction

Slott ("we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at slott.ai, our mobile applications, and our related services (collectively, the "Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

  • Account information: Name, email address, phone number, password, and business details when you create an account
  • Booking information: Appointment details, service preferences, and special requests when booking appointments
  • Client information: Names, phone numbers, and appointment history of your clients (for service providers)
  • Payment information: Billing details processed through Stripe (we do not store your full payment card information directly)
  • Communications: Messages, support requests, and feedback you send us

2.2 Information Collected Automatically

When you use the Service, we may automatically collect:

  • Device information: Browser type, operating system, and device identifiers
  • Usage data: Pages visited, features used, and interactions with the Service
  • Log data: IP address, access times, and referring URLs

2.3 Information from Third Parties

We may receive information from third-party services you connect to your account:

  • Google Calendar: Calendar events and availability data when you enable calendar sync
  • Google OAuth: Basic profile information (name, email) when you sign in with Google
  • Stripe: Payment status and transaction information for deposit processing

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process and manage appointment bookings
  • Send transactional SMS messages (appointment confirmations, reminders, and updates)
  • Process payments and deposits through Stripe
  • Synchronize your calendar data
  • Power AI features including voice call answering and automated scheduling
  • Respond to your support requests and communications
  • Monitor and analyze usage patterns to improve the Service
  • Detect, prevent, and address fraud or technical issues
  • Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service providers & clients: When a client books with a service provider, necessary contact and appointment information is shared between the parties to facilitate the appointment
  • Third-party service providers: We share information with trusted third parties that help us operate the Service:
    • Supabase — database hosting and authentication
    • Stripe — payment and deposit processing
    • Twilio — SMS delivery and voice services
    • Google — calendar synchronization and authentication
  • Legal requirements: When required by law, regulation, legal process, or governmental request
  • Protection of rights: When necessary to protect the rights, property, or safety of Slott, our users, or the public
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction

5. SMS & Voice Communications

Our Service sends SMS messages and handles voice calls through Twilio. Important details:

  • We send transactional SMS messages related to appointments (confirmations, reminders, rescheduling, cancellations). These are not marketing messages.
  • Voice calls to service providers may be answered by our AI system, which processes the call content to facilitate booking.
  • Phone numbers are stored to facilitate appointment communications and are shared with the relevant service provider or client.
  • You can opt out of SMS messages at any time by replying STOP. Note that opting out may affect your ability to receive appointment notifications.
  • Message and data rates may apply depending on your carrier and plan.
  • Message frequency varies based on your appointment activity — typically a few messages per booking (confirmation, reminder, and any rescheduling updates).
  • We do not sell, rent, or share your mobile phone number or SMS opt-in data with third parties or affiliates for marketing or promotional purposes. Your number is used solely to deliver appointment-related messages from the business you booked with.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. We may also retain information as required to comply with legal obligations, resolve disputes, and enforce our agreements. If you request account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication and access controls
  • Regular security monitoring and updates
  • Payment information handled by PCI-compliant processors (Stripe)

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Request a portable copy of your data
  • Opt-out: Opt out of SMS communications by replying STOP
  • Withdraw consent: Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at privacy@slott.ai. We will respond to your request within 30 days.

9. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and share, the right to delete your personal information, and the right to opt out of the sale of personal information. We do not sell personal information.

10. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn we have collected personal information from a child under 13, we will delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

12. Google User Data

When you connect your Google account, Slott accesses Google user data only to provide the Google Calendar integration feature. This section explains specifically what data we access, how we use it, how it is stored, and your rights with respect to that data.

12.1 Data We Access

Slott requests the following Google OAuth scope:

  • https://www.googleapis.com/auth/calendar.events — permission to view and edit events on calendars you have connected to Slott.

With this scope we read events from your primary calendar to detect scheduling conflicts, create new events when appointments are booked, and update or delete events when appointments are rescheduled or canceled. We do not access calendar metadata such as your calendar list, sharing settings, or access control lists. We do not access events on calendars you have not explicitly connected to Slott.

12.2 How We Use Google Data

Google user data is used exclusively to power user-facing features of Slott, specifically:

  • Creating calendar events on your behalf when customers book appointments through Slott
  • Reading existing events to detect scheduling conflicts before confirming bookings
  • Updating or canceling events when appointments are changed or canceled
  • Displaying your schedule within the Slott mobile application

12.3 Limited Use Compliance

Slott's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Google user data only to provide and improve user-facing features that are prominent in the Slott application's user experience.
  • We do not transfer Google user data to others except as necessary to provide or improve user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
  • We do not use Google user data to serve advertisements, including retargeted or personalized advertising.
  • We do not allow humans to read Google user data unless we have obtained the user's explicit consent for specific messages, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for internal operations on data that has been aggregated and anonymized.
  • We do not use Google user data to develop, improve, or train generalized AI or machine learning models.

12.4 Storage and Security of Google Data

Google OAuth access and refresh tokens are stored in our database (hosted by Supabase) and encrypted at rest. Calendar event data is not persistently stored beyond the appointment records required to operate the Slott service. All communication with Google APIs occurs over TLS-encrypted connections.

12.5 Revoking Slott's Access to Your Google Account

You can revoke Slott's access to your Google account at any time:

  • Within the Slott mobile app: Settings → Google Calendar → Disconnect.
  • From your Google Account: visit myaccount.google.com/permissions, locate Slott in the list of connected apps, and select Remove access.

Revoking access through your Google Account immediately invalidates Slott's tokens. Any appointment records previously synced will remain in Slott unless you also delete your Slott account, in which case they are removed in accordance with Section 6 (Data Retention).

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@slott.ai