Privacy Policy

1. Information We Collect

1.1 Account Information

When you create a JustCC account, we collect:

• Your name
• Your email address
• Your password (stored only in hashed form - we never store plaintext passwords)

1.2 Calendar and Email Data

To provide our scheduling service, we access and process:

• Calendar event data from your connected Google Calendar and/or Microsoft Outlook accounts (event titles, times, attendees, availability status)
• Email content from threads where you CC ari@justcc.to, used solely for detecting and fulfilling scheduling requests
• Meeting records, including proposed times, confirmed bookings, and participant information

1.3 Authentication Tokens

When you connect third-party accounts (Google, Microsoft, Zoom), we store OAuth tokens that allow us to access your calendar and meeting data on your behalf. These tokens are encrypted at rest.

1.4 Usage and Technical Data

We automatically collect certain technical information, including:

• Browser type and version
• Device type and operating system
• IP address
• Pages visited and features used within the application
• Timestamps of interactions

1.5 Bot Verification Data

We use Cloudflare Turnstile to protect against automated abuse. Turnstile may collect limited technical data such as browser characteristics to verify that you are a real user. This data is processed by Cloudflare under their privacy policy.

2. How We Use Your Information

We use the information we collect to:

• Provide our core scheduling service - detecting scheduling requests from emails, finding available time slots, proposing meeting times, and creating/updating/canceling calendar events
• Authenticate your identity and manage your account
• Send scheduling-related emails on your behalf (confirmations, proposals, reminders)
• Process email content through our AI system to understand scheduling intent and extract relevant details (participants, preferred times, meeting topics)
• Improve and maintain the reliability of our service
• Respond to your support requests and communicate about your account
• Detect, prevent, and address technical issues or abuse

We do not use your data for advertising. We do not sell your personal information to third parties. We do not use your email content or calendar data for any purpose other than providing and improving the scheduling service.

3. Third-Party Services

JustCC integrates with and relies on the following third-party services to operate. Each processes certain data on our behalf:

3.1 Google Calendar API

Used to read your availability and create/manage calendar events. Data shared: calendar event data, availability information. Google API usage complies with the Google API Services User Data Policy, including the Limited Use requirements.

3.2 Microsoft Graph API

Used to access your Microsoft/Outlook calendar for availability and event management. Data shared: calendar event data, availability information.

3.3 Zoom API

Used to create and manage Zoom meetings when scheduling video calls. Data shared: meeting details, participant email addresses.

3.4 Anthropic (AI Processing)

We use Anthropic's Claude AI models directly via their API to parse email content and determine scheduling intent. Email content from CC'd threads is sent to Claude for processing. Anthropic does not use API data to train their models. Processing occurs in real time and email content is not retained by Anthropic beyond what is needed to complete the request. See Anthropic's Privacy Policy for details.

3.5 Resend (Email Delivery)

Used to send scheduling-related emails (meeting proposals, confirmations, updates) on behalf of our AI assistant Ari. Data shared: recipient email addresses and email content.

3.6 Cloudflare Turnstile

Used for bot protection during account signup and login. Turnstile processes limited browser fingerprint data to verify human users. See Cloudflare's Privacy Policy for details.

3.7 Stripe (Payment Processing)

If applicable, Stripe processes payment information for paid plans. We do not store your credit card details directly - all payment data is handled by Stripe under their privacy policy.

3.8 Vercel Analytics

We use Vercel Analytics to collect anonymous usage data about page visits and application performance. This data does not include personally identifiable information.

4. Data Storage and Security

• Our application is hosted on Fly.io with servers in the United States.
• All OAuth tokens (Google, Microsoft, Zoom) are encrypted at rest before being stored in our database.
• Passwords are hashed using industry-standard algorithms and are never stored in plaintext.
• All data in transit is encrypted using TLS/HTTPS.
• Database access is restricted to authorized application processes only.
• We regularly review our security practices and update them as needed.

While we implement commercially reasonable security measures, no method of electronic storage or transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. Specifically:

• Account data is retained until you delete your account.
• Email content processed for scheduling is retained only as long as necessary to complete the scheduling request and maintain a record of the meeting.
• Calendar event data is synced in real time and reflects the current state of your connected calendars.
• OAuth tokens are retained until you disconnect the associated account or delete your JustCC account.

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required by law to retain it.

6. Your Rights

You have the right to:

• Access - Request a copy of the personal data we hold about you.
• Correction - Request that we correct any inaccurate personal data.
• Deletion - Request that we delete your account and associated personal data.
• Portability - Request your data in a structured, commonly used, and machine-readable format.
• Revoke access - Disconnect any third-party account (Google, Microsoft, Zoom) at any time through your account settings, which immediately revokes our access to that service.
• Withdraw consent - Stop using the service at any time and request deletion of your data.

To exercise any of these rights, please contact us at hello@justcc.to. We will respond to your request within 30 days.

7. Cookies and Local Storage

JustCC uses cookies and local storage for:

• Authentication - Session cookies to keep you logged in.
• Preferences - Storing your theme preference (light/dark mode) and other UI settings.
• Security - CSRF protection tokens.

We do not use advertising cookies or tracking cookies from third-party ad networks. You can configure your browser to refuse cookies, but this may affect the functionality of the service.

8. Children's Privacy

JustCC is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13 without verification of parental consent, we will take steps to delete that information promptly. If you believe we may have collected information from a child under 13, please contact us at hello@justcc.to.

9. International Data Transfers

Our servers are located in the United States. If you are accessing JustCC from outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States. By using our service, you consent to the transfer of your data to the United States.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you via email or through a notice within the application. Your continued use of JustCC after any changes indicates your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: