Privacy Policy

QuickSearch+ by SaariyS-II Corporation

Effective date: June 7, 2026

This Privacy Policy applies to the QuickSearch+ web application, iOS app, Android app, and browser extension (collectively, the "Service") operated by SaariyS-II Corporation ("QuickSearch+," "we," "our," or "us"). It explains what personal information we collect, why we collect it, how we use and protect it, and what choices you have — including our use of Google and Microsoft APIs.

By using the Service you agree to this policy. If you do not agree, please stop using the Service and contact us to delete your account. Contact: info@quicksearchplus.com.

1. Google API Scopes We Request

QuickSearch+ requests the following Google OAuth 2.0 scopes, depending on which features you enable. We request only the scopes necessary for the specific feature you are activating.

OAuth Scope	Feature	Why It Is Needed
`userinfo.profile` `userinfo.email`	Sign-in with Google	Read your name, email address, and profile picture to create and authenticate your QuickSearch+ account. We do not receive your Google password.
`https://www.googleapis.com/auth/calendar.events`	Calendar Sync & Booking	Read and create calendar events so we can display your meetings, generate AI agendas and summaries, and write new events when a booking is confirmed.
`https://www.googleapis.com/auth/calendar.readonly`	Read-Only Calendar View	Used where only reading events is required (e.g., agenda display) and no event creation is needed.
`https://www.googleapis.com/auth/gmail.send`	Enterprise Email — Send-As	Allows QuickSearch+ to send transactional emails (booking confirmations, cancellations, meeting notifications) from your connected Google Workspace or Gmail address, so recipients see your business email as the sender rather than a generic QuickSearch+ address.
`openid` `email`	Enterprise Email — Identity	Requested alongside `gmail.send` to confirm which mailbox was connected and to display the connected sender address in your settings. We do not read email content with these scopes.

Google Limited Use Compliance: QuickSearch+'s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Google user data is used only to provide or improve user-facing features of the Service. It is not used for serving advertising, is not transferred to data brokers, and is not used for any purpose that is unrelated to the specific feature you connected.

2. Enterprise Email Integration (Gmail Send-As)

Enterprise plan users can connect a Google Workspace or Gmail account as a dedicated email sender. When this feature is enabled, QuickSearch+ uses the Google gmail.send API scope to dispatch emails on your behalf. This section provides the full disclosure Google requires.

2.1 Data Accessed

When you connect a Google account for Enterprise Email, we access:

Sender identity — your Google account email address and display name, retrieved via the openid and email scopes, so we can show you which account is connected and label outgoing emails with the correct From address.
Send permission — the gmail.send scope grants us the ability to compose and send emails through your Gmail or Google Workspace account. We do not use this scope to read, search, delete, or modify any existing emails or mailbox data.
OAuth refresh token — stored encrypted so we can send emails in the background (e.g., when a guest books an appointment) without requiring you to re-authenticate each time.

We do not read, store, index, or process any email content from your Gmail or Google Workspace inbox. The gmail.send scope is used exclusively to dispatch outbound transactional emails that you or your booking guests trigger.

2.2 Data Usage

The Gmail send access is used solely for the following purposes, all directly requested by you or your guests:

Booking confirmations — emailing guests when an appointment is booked, rescheduled, or cancelled through your QuickSearch+ booking link.
Meeting notifications — sending reminder or update emails related to calendar events managed within QuickSearch+.
Test emails — sending a verification email at your explicit request from the Settings page to confirm the connection is working.

Email content (subject, body) is generated by QuickSearch+ based on the booking or event data you have configured. We do not use the Gmail send capability for marketing, advertising, or any purpose not listed above.

2.3 Data Sharing

Information related to the Enterprise Email integration is shared only as described below:

Google (Gmail API) — each outbound email is transmitted to Google's servers via the Gmail API over encrypted HTTPS. Google processes this in accordance with its own Privacy Policy.
Email recipients — the recipients of the emails you send receive the email content and see your connected email address as the sender (the "From" field).
Transactional email provider (backup) — if the Gmail send call fails and a fallback delivery is necessary, we may use our transactional email service provider. In this case, your configured sender name is used but our provider's infrastructure sends the message.

Your Gmail OAuth access token and refresh token are never shared with third parties, data brokers, or advertisers.

2.4 Data Storage & Protection

OAuth tokens — access tokens and refresh tokens are encrypted at rest using AES-256 encryption before being stored in our PostgreSQL database hosted on Heroku. Only the QuickSearch+ backend service can decrypt them.
Connected email address & display name — stored in plain text so you can see which account is connected in Settings. This is the same email address Google shows on your profile.
Email message content — we do not store the body or subject of sent emails in our database. Email content exists only transiently in memory during the send call.
All data is transmitted over TLS 1.2+ (HTTPS). We enforce role-based access controls so only your account can trigger sends from your connected email.

2.5 Data Retention & Deletion

Data	Retained Until	How to Delete
Gmail OAuth access token	Deleted immediately when you disconnect the integration	Settings → Enterprise Email → Disconnect, or email info@quicksearchplus.com
Gmail OAuth refresh token	Deleted immediately when you disconnect or delete your account	Same as above, or delete your account
Connected sender email address & name	Deleted when you disconnect the integration or delete your account	Disconnect in Settings or delete your account
Email message content	Not stored — exists only in memory during transmission	N/A

You can also revoke QuickSearch+'s Gmail access directly from Google at any time, independent of our app:

Visit myaccount.google.com/permissions.
Find QuickSearch+ in the list of connected apps and click Remove Access.

Revoking access at Google immediately invalidates our stored tokens so we can no longer send emails through your account. Please also disconnect the integration in Settings to remove the stored email address from our database.

3. Calendar Integration (Google Calendar & Microsoft)

When you connect a calendar, QuickSearch+ may request the following access:

https://www.googleapis.com/auth/calendar.events — read and create events (meetings, booking slots).
https://www.googleapis.com/auth/calendar.readonly — read-only calendar access for agenda and summary features.
Microsoft Graph calendar scopes — equivalent access for Outlook / Microsoft 365 calendars.

Calendar data (event titles, descriptions, attendees, times, meeting links) is used only to deliver QuickSearch+ features: displaying your agenda, generating AI meeting summaries, creating booking events, and sending meeting notifications. Calendar data is not sold and not used for advertising.

To disconnect a calendar or revoke access:

Google Calendar: Visit myaccount.google.com/permissions → find QuickSearch+ → Remove Access. Or disconnect in Settings → Calendars within the app.
Microsoft: Visit account.live.com/consent/Manage → find QuickSearch+ → remove permissions.

4. Other Data We Collect

Account information: name, email, password (stored as a bcrypt hash — we never store your plain-text password), profile picture, and timezone preference.
Booking data: booking link configurations, guest submissions (name, email, phone, custom question responses).
Payment data: Apple In-App Purchase transaction tokens (we do not store card numbers); Stripe Customer ID for paid booking links (card details handled entirely by Stripe).
Device & push notification tokens: APNs / FCM device tokens used exclusively to deliver meeting reminders and booking alerts.
Usage & diagnostics: IP address, browser/OS, aggregated feature-usage counts, and server access logs — used to operate, secure, and improve the Service.
Uploaded content: files or images you upload to your QuickSearch+ collections, stored on our servers and not used for any purpose other than making them available to you.
Location (opt-in, iOS only): a one-time reading of your approximate location to display weather alongside meetings. Not tracked continuously. Not shared with advertisers.

5. How We Use Your Data

We use data to operate and improve the Service. Specifically:

Authenticate your identity and secure your account.
Provide calendar sync, AI meeting summaries, agenda management, and booking links.
Send transactional emails (booking confirmations, meeting notifications, password resets) — including via your connected Gmail or Google Workspace account if you have enabled Enterprise Email.
Process subscription payments through Apple IAP or Stripe.
Operate the AI Voice Booking Agent (Cameron) on your behalf to schedule appointments via phone.
Send push notifications (meeting reminders, booking alerts, daily digest) — only with your consent, revokable at any time.
Enforce plan limits and protect against abuse.
Comply with legal obligations and respond to lawful requests.

We do not use your personal information, calendar data, or email data to train or improve AI or machine-learning models. We do not sell user data. We do not use user data for advertising.

6. How We Share Data

We share data only with service providers that help us operate the Service, and only to the extent necessary for each provider's function. All providers are contractually bound to process data only on our instructions.

Provider	Purpose	Data Shared
Google (Gmail API)	Enterprise Email — Send-As	Outbound email content (subject, body) transmitted per send call. OAuth tokens stored only on our servers.
Google (Calendar API)	Calendar sync and booking	Calendar event data read and written via your OAuth grant.
Microsoft (Graph API)	Outlook / Teams calendar sync and email send (if connected)	Calendar event data and, if Enterprise Email is connected, outbound email content.
Vapi	AI Voice Booking Agent (Cameron)	Availability settings; caller voice audio processed in-call per Vapi's Privacy Policy.
Stripe	Payment processing for paid booking links	Stripe Customer ID (card details managed by Stripe).
Apple (App Store / IAP)	Subscription management	Signed subscription transaction tokens.
Transactional Email Provider	Booking confirmations and notifications when Enterprise Email is not connected or as a fallback	Recipient email address, name, relevant event details.
Heroku / PostgreSQL	Application hosting and database	All account and app data stored on our servers.
Cloudinary	Profile picture and media file storage	Images and files you upload.
Apple WeatherKit	Weather data alongside meetings	Approximate location (rounded to ~1 km).

We may also disclose data if required by law or to prevent harm, fraud, or illegal activity. In the event of a merger or acquisition, user data may transfer as a business asset; we will notify you before your data is subject to a materially different policy.

7. Data Storage & Security

Our servers are hosted on Heroku (United States) with a PostgreSQL database. We implement:

TLS 1.2+ encryption for all data in transit.
AES-256 encryption at rest for OAuth tokens (calendar and email).
Bcrypt hashing for passwords — we cannot recover your plain-text password.
JWT authentication with automatic expiry; access and refresh tokens stored in the iOS Keychain (hardware-backed encryption) on mobile.
Role-based access controls — you can only access your own data.
No plain-HTTP API endpoints.

No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at info@quicksearchplus.com.

8. Data Retention & Deletion

Data Type	Retention Period
Account profile (name, email)	Until account deletion
Calendar OAuth tokens	Until you disconnect the calendar or delete your account
Calendar event data	Until calendar disconnection or account deletion
Gmail send OAuth tokens (Enterprise Email)	Deleted immediately when you disconnect Enterprise Email or delete your account
Enterprise connected email address & name	Deleted when integration is disconnected or account is deleted
Sent email message content	Not stored — exists only transiently during transmission
Meeting summaries and notes	Until you delete them or your account is deleted
Booking records	Up to 2 years after the booking date for legal compliance
Payment transaction records	Up to 7 years for financial record-keeping obligations
Push notification tokens	Deleted immediately upon logout or account deletion
Uploaded files (documents, images, videos)	Until you delete them or your account is deleted
Server access logs	Up to 90 days for security monitoring

How to delete your account

You can request permanent deletion of your QuickSearch+ account and all associated personal data in two ways:

In-app: Go to Settings → Profile, scroll to the bottom, and tap "Delete Account."
By email: Send a deletion request to info@quicksearchplus.com with the subject "Delete Account" from the email address associated with your QuickSearch+ account.

Upon deletion we permanently anonymise all personally identifiable information, including calendar connections, Gmail send tokens, meeting data, notes, bookmarks, and uploaded files. Some data (e.g., financial transaction records) may be retained for the minimum period required by law.

9. Your Rights & Controls

Access & portability: request a copy of your data by emailing info@quicksearchplus.com.
Correction: update your name, email, and preferences directly within the app at any time.
Deletion: see Section 8 above.
Withdraw calendar access: disconnect in Settings → Calendars, or revoke directly at myaccount.google.com/permissions (Google) or account.live.com/consent/Manage (Microsoft).
Withdraw Enterprise Email access: disconnect in Settings → Enterprise Email, or revoke directly at myaccount.google.com/permissions (Google).
Push notifications: disable in iOS Settings → Notifications → QuickSearch+ or within Settings → Notifications in the app.
Location: disable in iOS Settings → Privacy & Security → Location Services → QuickSearch+. The app remains fully functional; weather features will be unavailable.
EU / UK / California residents have additional rights under GDPR, UK GDPR, or CCPA (right to object, restrict processing, lodge a complaint with your supervisory authority). Contact info@quicksearchplus.com to exercise these rights.

10. Children's Privacy

QuickSearch+ is not directed at children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact info@quicksearchplus.com and we will delete it promptly.

11. International Data Transfers

Our servers are located in the United States. If you access QuickSearch+ from outside the United States, your personal information will be transferred to and processed in the United States. We rely on standard contractual clauses and equivalent transfer mechanisms for transfers from the European Economic Area, UK, and Switzerland.

12. Changes to This Policy

We may update this policy. Material changes will be posted here with a revised effective date, and where appropriate we will send you an email notification or in-app alert.

13. Contact

For questions about this policy, data deletion requests, or to exercise your privacy rights:

Email: info@quicksearchplus.com
Website: quicksearchplus.com/contact

By using QuickSearch+ you acknowledge that you have read and understood this Privacy Policy.