Privacy Policy

QuickSearchPlus (QSP: Calendar & Bookings) – AI-Powered Meeting & Calendar Management

Developer: SaariyS-II Corporation

Last Updated: June 7, 2026

QuickSearchPlus ("we," "our," or "us") operates the QuickSearchPlus mobile application (the "App") and related web services at quicksearchplus.com. This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and what choices you have.

By creating an account or using the App, you agree to the practices described in this policy. If you do not agree, please do not use our services.

1. Information We Collect

1.1 Account & Profile Information

When you register for a QuickSearchPlus account, we collect:

Full name
Email address
Password (stored as a cryptographic hash - we never store your plain-text password)
Profile picture (optional, uploaded by you)
Timezone preference
Account type (Individual or Enterprise)
AI summary preferences (format style and tone)

If you sign in with Google, we receive your Google account name, email address, and profile picture from Google. We do not receive your Google password.

1.2 Calendar & Meeting Data

QuickSearchPlus's core purpose is to help you manage your meetings. To do this, we access and process:

Calendar events (title, description, start/end time, location, attendees, meeting links) from your connected calendars
Meeting notes, summaries, and action items you create or that are auto-generated by AI
Attendee email addresses and display names from your calendar events
Booking link configurations you create (availability windows, duration, custom questions)
Guest booking submissions - name, email, phone number, and responses to any custom questions you configure on your booking link

We only access calendar content to deliver your requested features. We do not sell calendar data or use it for advertising.

1.3 Calendar Provider Connections (OAuth)

You may connect the following calendar providers via OAuth 2.0. OAuth grants us access to your calendar on your behalf:

Provider	Data Accessed	Purpose
Google Calendar	Events, attendees, descriptions, meeting links	Sync events, detect meetings, create bookings
Microsoft Outlook / Teams	Events, attendees, descriptions, meeting links	Sync events, detect meetings, create bookings
Zoom Calendar	Events, attendees	Sync events and detect Zoom meetings
Apple Calendar (EventKit)	Local device calendar events, attendees	Sync local calendar alongside cloud calendars

You can disconnect any calendar integration at any time from Settings → Calendars in the App, or by revoking access directly from the provider:

Google: myaccount.google.com/permissions → find QuickSearchPlus → Remove Access.
Microsoft: account.live.com/consent/Manage → find QuickSearchPlus → remove permissions.

QuickSearchPlus's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

1.3a Google OAuth Scopes We Request

QuickSearchPlus requests the following Google OAuth 2.0 scopes depending on which features you enable. We request only the scopes necessary for the specific feature you are activating.

OAuth Scope	Feature	Why It Is Needed
`userinfo.profile` `userinfo.email`	Sign-in with Google	Read your name, email address, and profile picture to create and authenticate your QuickSearchPlus account. We do not receive your Google password.
`https://www.googleapis.com/auth/calendar.events`	Calendar Sync & Booking	Read and create calendar events so we can display your meetings, generate AI agendas and summaries, and write new events when a booking is confirmed.
`https://www.googleapis.com/auth/calendar.readonly`	Read-Only Calendar View	Used where only reading events is required (e.g., agenda display) and no event creation is needed.
`https://www.googleapis.com/auth/gmail.send`	Enterprise Email — Send-As	Allows QuickSearchPlus to send transactional emails (booking confirmations, cancellations, meeting notifications) from your connected Google Workspace or Gmail address, so recipients see your business email as the sender rather than a generic QuickSearchPlus address.
`openid` `email`	Enterprise Email — Identity	Requested alongside `gmail.send` to confirm which mailbox was connected and to display the connected sender address in your settings. We do not read email content with these scopes.

Google Limited Use Compliance: QuickSearchPlus's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Google user data is used only to provide or improve user-facing features of the Service. It is not used for serving advertising, is not transferred to data brokers, and is not used for any purpose that is unrelated to the specific feature you connected.

1.4 Location Information

We request access to your device's location ("when in use" only, not in the background) for one purpose: to display current weather conditions alongside your meetings and to include weather context in your morning digest push notification.

Location is collected as a one-time, on-demand reading - not continuously tracked.
We round the coordinates to approximately 1 km precision before use.
Location data is not shared with advertisers or sold to third parties.

You can deny or revoke location permission at any time in iOS Settings → Privacy & Security → Location Services → QuickSearchPlus. The App remains fully functional without location access; weather features will simply be unavailable.

1.5 Device & Push Notification Data

When you enable push notifications, we collect:

Your Apple Push Notification service (APNs) device token - used exclusively to deliver meeting reminders, booking confirmations, and your daily digest to your device.
Notification preferences you configure (e.g., remind me 15 minutes before meetings).

1.6 Payment & Subscription Data

Subscriptions purchased through the iOS App are processed entirely by Apple In-App Purchase (StoreKit 2). We do not receive or store your credit card number or Apple ID password. We receive a signed transaction token (JWS) from Apple confirming your subscription tier and renewal status.

For Stripe-based bookings (when a host charges guests for appointments via their booking link), payment processing is handled directly by Stripe. We store only a Stripe Customer ID to link your account to your Stripe profile. We do not store raw card details.

1.7 Audio Session Monitoring

The App passively monitors your device's audio session state (whether an audio session is active) to detect when you may have entered a meeting. This monitors audio session status events from iOS - it does not record or transmit any audio content. This enables automatic activation of the Live Meeting view when a meeting starts.

1.8 Uploaded Content

You may upload files (documents, images, videos) to your QuickSearchPlus collections. This content is stored on our servers and associated with your account. We do not use your uploaded content for any purpose other than storing it and making it available to you.

1.9 Usage & Activity Data

We maintain aggregated counts of feature usage (e.g., number of AI summaries generated this month, number of bookmarks created) to enforce plan limits and monitor service health. This data is tied to your account and is not sold or shared with third parties for advertising.

1.10 Enterprise Email Integration (Gmail Send-As)

Enterprise plan users can connect a Google Workspace or Gmail account as a dedicated email sender. When this feature is enabled, QuickSearchPlus uses the Google gmail.send API scope to dispatch emails on your behalf.

Data Accessed

When you connect a Google account for Enterprise Email, we access:

Sender identity — your Google account email address and display name, retrieved via the openid and email scopes, so we can show you which account is connected and label outgoing emails with the correct From address.
Send permission — the gmail.send scope grants us the ability to compose and send emails through your Gmail or Google Workspace account. We do not use this scope to read, search, delete, or modify any existing emails or mailbox data.
OAuth refresh token — stored encrypted so we can send emails in the background (e.g., when a guest books an appointment) without requiring you to re-authenticate each time.

We do not read, store, index, or process any email content from your Gmail or Google Workspace inbox. The gmail.send scope is used exclusively to dispatch outbound transactional emails that you or your booking guests trigger.

Data Usage

The Gmail send access is used solely for the following purposes, all directly requested by you or your guests:

Booking confirmations — emailing guests when an appointment is booked, rescheduled, or cancelled through your QuickSearchPlus booking link.
Meeting notifications — sending reminder or update emails related to calendar events managed within QuickSearchPlus.
Test emails — sending a verification email at your explicit request from the Settings page to confirm the connection is working.

We do not use the Gmail send capability for marketing, advertising, or any purpose not listed above.

Data Sharing

Google (Gmail API) — each outbound email is transmitted to Google's servers via the Gmail API over encrypted HTTPS.
Email recipients — recipients receive the email content and see your connected email address as the sender.
Transactional email provider (fallback) — if the Gmail send call fails, we may use our transactional email provider as a backup. Your configured sender name is used but our provider's infrastructure sends the message.

Your Gmail OAuth access token and refresh token are never shared with third parties, data brokers, or advertisers.

Data Storage & Protection

OAuth tokens — encrypted at rest using AES-256 encryption before being stored in our database. Only the QuickSearchPlus backend service can decrypt them.
Connected email address & display name — stored so you can see which account is connected in Settings.
Email message content — we do not store the body or subject of sent emails. Email content exists only transiently in memory during the send call.

Revoking Gmail Access

You can disconnect the Enterprise Email integration at any time from Settings → Enterprise Email → Disconnect, or revoke access directly from Google:

Visit myaccount.google.com/permissions.
Find QuickSearchPlus in the list and click Remove Access.

Revoking access at Google immediately invalidates our stored tokens so we can no longer send emails through your account. Also disconnect the integration in Settings to remove the stored email address from our database.

2. How We Use Your Information

Purpose	Legal Basis (GDPR)
Provide and personalise the App's features (calendar sync, meeting summaries, agenda management, booking links)	Performance of contract
Authenticate your identity and secure your account	Performance of contract
Process subscription payments through Apple IAP or Stripe	Performance of contract
Generate AI meeting summaries, detect follow-ups, and suggest action items	Performance of contract / Legitimate interest
Operate the AI Voice Booking Agent on your behalf to schedule appointments	Performance of contract
Send push notifications - meeting reminders, booking alerts, daily digest	Consent (you can opt out at any time)
Fetch weather data for your location to enrich meeting and notification context	Consent (location permission)
Enforce plan limits and protect against abuse	Legitimate interest
Send transactional emails (booking confirmations, subscription receipts, password reset)	Performance of contract
Comply with legal obligations and respond to lawful requests	Legal obligation

We do not use your personal information or calendar and meeting content to train or improve AI or machine-learning models.

3. AI Features and Third-Party AI Processing

3.1 Meeting Summaries & Action Items

When you request an AI-generated meeting summary or action-item extraction, the relevant meeting content (title, description, notes, and transcript if available) is sent to our backend server for processing. Our backend may transmit this data to a third-party AI provider solely to generate the requested output. Content is transmitted over encrypted connections and is not retained by the AI provider beyond the request-response cycle.

3.2 AI Voice Booking Agent (Cameron)

Users on eligible plans are assigned a dedicated phone number powered by Vapi, an AI voice platform. When a caller dials your agent number, the voice conversation is processed by Vapi to understand booking intent and schedule appointments using your availability settings. Call data processed by Vapi is subject to Vapi's Privacy Policy.

3.3 AI Smart Agenda Generation

This feature uses your upcoming calendar events to generate a structured agenda. Only event metadata (title, time, attendees) is used - meeting descriptions and notes are not included unless you explicitly include them.

4. Information Sharing and Disclosure

We do not sell your personal information. We share information only in the following circumstances:

4.1 Service Providers

Provider	Purpose	Data Shared
Google (Gmail API)	Enterprise Email — Send-As	Outbound email content (subject, body) transmitted per send call. OAuth tokens stored only on our servers.
Google (Calendar API)	Calendar sync and booking	Calendar event data read and written via your OAuth grant.
Microsoft (Graph API)	Outlook / Teams calendar sync and email send (if connected)	Calendar event data and, if Enterprise Email is connected, outbound email content.
Apple (App Store / IAP)	In-App Purchase subscription management	Subscription transaction tokens
Stripe	Payment processing for paid booking links	Stripe Customer ID (card details handled directly by Stripe)
Vapi	AI Voice Booking Agent	Availability settings; caller voice audio processed in-call per Vapi's Privacy Policy.
Apple WeatherKit	Weather data for meeting context	Approximate location (rounded coordinates)
Transactional Email Provider	Booking confirmations, subscription receipts, password reset emails	Email address, name, and relevant event details for email content
Cloud Hosting (Heroku / PostgreSQL)	Application hosting and database	All account and app data stored on our servers
Cloudinary	Profile picture and media file storage	Images and files you upload

All service providers are contractually required to process your data only on our instructions and to protect it to the same standard we do.

4.2 Enterprise Workspaces

If your account is part of an Enterprise workspace, your workspace owner and designated admins may be able to view usage data for seats under their plan.

4.3 Booking Guests

When a guest books an appointment through your public booking link, the information they provide (name, email, phone number, and responses to custom questions) is shared with you as the host and used to create the calendar event.

4.4 Legal Requirements

We may disclose information if required by law, regulation, or legal process, or if we believe disclosure is necessary to prevent harm, fraud, or illegal activity, or to protect the rights and safety of QuickSearchPlus, our users, or the public.

4.5 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, user information may be transferred as a business asset. We will notify you before your personal data is transferred and subjected to a materially different privacy policy.

5. Data Storage and Security

Our servers are hosted on Heroku with a PostgreSQL database. All data is encrypted in transit (TLS 1.2+) and at rest. We implement the following security measures:

JSON Web Token (JWT) authentication with automatic expiry and secure token refresh
Passwords stored as bcrypt hashes - we cannot recover your plain-text password
Access tokens and refresh tokens stored in the iOS Keychain (hardware-backed encryption)
OAuth tokens for calendar and email connections encrypted at rest using AES-256 encryption
HTTPS enforced for all API communications - no plain HTTP endpoints
Role-based access controls - you can only access your own data

No method of transmission or storage is 100% secure. While we implement industry-standard protections, we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at support@quicksearchplus.com.

6. Data Retention

Data Type	Retention Period
Account profile (name, email)	Until account deletion
Calendar OAuth tokens	Until you disconnect the calendar or delete your account
Calendar event data	Until calendar disconnection or account deletion
Gmail send OAuth tokens (Enterprise Email)	Deleted immediately when you disconnect Enterprise Email or delete your account
Enterprise connected email address & name	Deleted when integration is disconnected or account is deleted
Sent email message content	Not stored — exists only transiently during transmission
Meeting summaries and notes	Until you delete them or your account is deleted
Booking records	Up to 2 years after the booking date for legal compliance
Payment transaction records	Up to 7 years for financial record-keeping obligations
Push notification tokens	Deleted immediately upon logout or account deletion
Uploaded files (documents, images, videos)	Until you delete them or your account is deleted
Server access logs	Up to 90 days for security monitoring

7. Account Deletion

You have the right to permanently delete your QuickSearchPlus account and all associated personal data at any time. You can do this in two ways:

In-App: Go to Settings → Profile, scroll to the bottom, and tap "Delete Account." A confirmation dialog will ask you to confirm before proceeding.
By Email: Send a deletion request to support@quicksearchplus.com from the email address associated with your account with the subject "Delete Account."

Upon deletion, we permanently anonymise all personally identifiable information associated with your account - including your name, email address, profile picture, calendar connections, meeting data, notes, bookmarks, and uploaded files. Some data may be retained for the minimum period required by law (e.g., financial transaction records required for tax compliance).

If you have an active Apple subscription, deleting your account in the App does not automatically cancel your subscription billing. To stop future charges, go to App Store → Apple ID → Subscriptions → QuickSearchPlus → Cancel Subscription before or after deleting your account.

8. Your Rights and Choices

8.1 Access

You can request a copy of the personal data we hold about you.

8.2 Correction

You can update your name, email, profile picture, and preferences directly within the App at any time.

8.3 Deletion

See Section 7. You can delete your account in-app or by contacting us.

8.4 Data Portability

You can request an export of your personal data in a machine-readable format by emailing privacy@quicksearchplus.com.

8.5 Withdraw Consent

Location: Disable in iOS Settings → Privacy & Security → Location Services → QuickSearchPlus
Push Notifications: Disable in iOS Settings → Notifications → QuickSearchPlus, or within Settings → Notifications in the App
Calendar Access: Disconnect individual calendars in Settings → Calendars, or revoke App access in iOS Settings → Privacy & Security → Calendars
Marketing Emails: Use the unsubscribe link in any marketing email, or contact us to opt out

8.6 EU / UK / California Residents

If you are a resident of the European Union, United Kingdom, or California, you have additional rights under the GDPR, UK GDPR, or CCPA respectively - including the right to object to or restrict processing, and to lodge a complaint with your local data protection supervisory authority. To exercise any of these rights, contact us at privacy@quicksearchplus.com.

9. Children's Privacy

QuickSearchPlus is not directed at children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at support@quicksearchplus.com and we will delete the information promptly.

10. Third-Party Services and Links

The App integrates with third-party services (Google, Microsoft, Zoom, Stripe, Vapi, Apple WeatherKit). We are not responsible for the privacy practices of those services. We encourage you to review their respective privacy policies:

11. International Data Transfers

Our servers are located in the United States. If you access QuickSearchPlus from outside the United States, your personal information will be transferred to and processed in the United States. We rely on standard contractual clauses and equivalent transfer mechanisms to lawfully transfer personal data from the European Economic Area, UK, and Switzerland.

12. Cookies and Tracking Technologies

The QuickSearchPlus iOS App does not use cookies. Our web application at quicksearchplus.com uses session cookies for authentication purposes only. We do not use advertising cookies, behavioural tracking pixels, or third-party analytics cookies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, send you an email notification or an in-app alert. Your continued use of the App after the effective date of any changes constitutes your acceptance of the updated policy.

14. Contact Us

For questions, concerns, or data requests regarding this Privacy Policy or your personal data, please contact us:

Method	Details
General Support	support@quicksearchplus.com
Privacy Requests	privacy@quicksearchplus.com
Website	quicksearchplus.com/contact

By using QuickSearchPlus you acknowledge that you have read and understood this Privacy Policy.