Privacy Policy for SMT
Last Updated: February 24, 2026
At SMT, we provide a CRM solution for beauty and grooming professionals. This policy describes how we collect, use, and protect your data, specifically when you use our Google Calendar integration features.
1. Information We Collect and Access
When you authorize SMT via Google OAuth, we access and process the following data:
- Google Calendar Events: We access your calendar to manage and sync business appointments.
- Google Email Address: We collect your email address to identify your account and maintain the connection.
2. How We Use Your Google Data
Our use of Google data is strictly limited to providing our CRM services:
- Appointment Sync: Creating, updating, and deleting calendar events based on appointments made in the SMT system.
- Conflict Management: Checking your availability to prevent double-booking.
- Service Management: Syncing block times and participant events to ensure your professional schedule is accurately reflected.
3. Data Protection & Security Mechanisms
To address the protection of your sensitive data, SMT implements the following industry-standard security mechanisms:
- Encryption in Transit: All communications between the SMT server and Google APIs are conducted via HTTPS/TLS 1.2+, ensuring that data is encrypted while traveling across the network.
- Encryption at Rest: Sensitive user tokens (access and refresh tokens) are stored in our secure database and are encrypted at rest using AES encryption.
- Access Control: Access to the data integration layer is restricted via strict server-side authentication. Only automated system processes are permitted to interact with the Google Calendar API on your behalf.
- Data Minimization: We do not store or download your entire calendar history. We only process the specific events created or managed through our CRM.
4. Data Sharing and Third Parties
We do not sell, trade, or share your Google user data with any third-party advertising platforms or data brokers. Your information is used exclusively to facilitate the features you have explicitly requested within SMT.
5. Revoking Access
You can disconnect your Google account and revoke SMT's access at any time through the settings in the SMT dashboard or via your Google Security Settings. Upon disconnection, we immediately invalidate and remove all stored tokens for your account.