SitterflowSitterflow
Log inSign up

Privacy Policy

Last updated: October 22, 2025

Effective date: January 16, 2025

1. Overview & Scope

Welcome to Sitterflow. We provide a scheduling service that helps parents coordinate babysitter availability by connecting to their Google Calendar and creating calendar events that invite babysitters by email.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use Sitterflow. By using our service, you agree to the practices described in this policy.

2. Data We Collect

We collect only the information necessary to provide our scheduling service:

Account Data

When you create an account through our authentication provider (Kinde), we collect:

  • Your name
  • Your email address
  • Authentication credentials (managed securely by Kinde)

Booking Data

When you create scheduling requests, we store:

  • Requested time windows for babysitting needs
  • Chosen/confirmed times when a babysitter claims a slot
  • Babysitter names and email addresses you provide
  • Event titles and notes (if you add them)

Google OAuth Tokens

When you connect your Google Calendar, we receive and securely store:

  • Access tokens – short-lived credentials to create/edit calendar events
  • Refresh tokens – used to obtain new access tokens when they expire

We use these tokens exclusively to create and manage calendar events on your behalf. We request only the calendar.events scope, which allows us to insert events on your calendar.

3. What We Don't Collect

We do not:

  • Read your emails
  • Access your contacts (beyond babysitter emails you explicitly provide)
  • Read existing calendar events (we only create new ones)
  • Collect browsing history, device identifiers, or location data beyond what's standard for web services
  • Use your data for advertising or marketing to third parties
  • Sell or rent your personal information

4. How We Use Data

We use your information solely to operate and improve Sitterflow:

  • Create calendar events – We insert events on your Google Calendar and send email invitations to the babysitters you specify.
  • Manage bookings – We track which time slots have been claimed and update events accordingly.
  • Customer support – We may review your account data to help resolve issues or answer questions.
  • Service operation – We monitor system performance, fix bugs, and ensure security.
  • Legal compliance – We may use or disclose data as required by law or to protect our rights.

We do not use your Google Calendar data for any purpose other than providing the scheduling service you requested.

5. Google API Services User Data Policy (Limited Use)

Sitterflow's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only request the https://www.googleapis.com/auth/calendar.events scope.
  • We use Google Calendar data only to provide the user-facing features of Sitterflow (creating and managing babysitter scheduling events).
  • We do not transfer, sell, or use Google user data for serving advertisements.
  • We do not allow humans to read Google user data unless:
    • You give us explicit permission for a specific support issue, or
    • It is necessary for security purposes (e.g., investigating abuse), or
    • Required to comply with applicable law.

6. Data Sharing

We do not sell, rent, or share your personal information with third parties for their own marketing purposes.

We may share data with trusted service providers (subprocessors) who help us operate Sitterflow:

  • Hosting provider: Vercel – hosts our application infrastructure.
  • Database provider: Supabase – stores encrypted user and booking data.
  • Authentication provider: Kinde – manages user authentication and account security.
  • Email service: Used to send calendar invitations and transactional notifications (if applicable).
  • Monitoring and logging services: For security, performance monitoring, and error tracking.

These providers are contractually obligated to use your data only for the services they perform for us and to protect it appropriately.

We may also disclose information if required by law, court order, or government request, or if necessary to protect our rights, property, or safety, or that of our users or the public.

7. Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS/HTTPS.
  • Encryption at rest: Sensitive data, including OAuth tokens, is encrypted in our database.
  • Least-privilege access: Only authorized personnel and systems have access to user data, and only to the extent necessary.
  • Secrets management: API keys, tokens, and credentials are stored securely using environment variables and secret management tools.
  • Monitoring and logging: We monitor for suspicious activity and maintain audit logs for security purposes.
  • Periodic reviews: We regularly review access permissions and security practices.

While we strive to protect your information, no method of transmission or storage is 100% secure. If you have reason to believe your account has been compromised, please contact us immediately at hello@sitterflow.com.

8. Data Retention

We retain your data only as long as necessary to provide our service and comply with legal obligations:

  • Google OAuth tokens and booking records: We keep these until you disconnect your Google account, delete your Sitterflow account, or after 24 months of account inactivity.
  • Account data: Retained while your account is active and for a reasonable period afterward to allow reactivation or address disputes.
  • Logs and analytics: System logs may be retained for up to 30 days for security and debugging purposes.

After these periods, we will delete or anonymize your data so it can no longer identify you.

9. Data Deletion / Disconnect

You have full control over your data and can disconnect or delete it at any time:

Revoke Google Calendar Access

You can revoke Sitterflow's access to your Google Calendar at any time by visiting: https://myaccount.google.com/permissions

This will immediately prevent us from creating new events, though previously created events will remain on your calendar until you delete them.

Request Data Deletion

To request deletion of your Sitterflow account and associated data:

  • Visit our Data Deletion page
  • Or email us at hello@sitterflow.com with your account email and "Delete My Data" in the subject line

We will process your request within 30 days and permanently delete your Google OAuth tokens, booking data, and account information, except where we must retain certain records for legal compliance (e.g., financial records, fraud prevention).

10. International Transfers

Sitterflow operates globally, and our subprocessors (hosting, database, etc.) may be located in various countries. By using our service, you acknowledge that your data may be transferred to, stored, and processed in countries other than your own.

We ensure that such transfers comply with applicable data protection laws, including using standard contractual clauses or relying on adequacy decisions where appropriate.

11. Children's Privacy

COPPA Compliance (Under 13)

Sitterflow complies with the Children's Online Privacy Protection Act (COPPA). Our service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13.

If we learn that we have collected information from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us immediately at hello@sitterflow.com.

Minors Aged 13-17 (With Parental Consent)

Sitterflow permits users aged 13 to 17 to use the Service with verifiable parental or legal guardian consent, as outlined in our Terms of Service.

When a minor aged 13-17 uses our Service:

  • The parent or legal guardian is responsible for all data provided by the minor
  • The parent or legal guardian has the right to review, request deletion of, or refuse further collection of the minor's personal information
  • We collect the same types of data as for adult users (name, email, booking data, Google OAuth tokens)
  • We use and protect the minor's data in the same manner as adult user data, as described in this Privacy Policy
  • Parents/guardians may contact us at hello@sitterflow.com to exercise their rights regarding their child's data

We may request verification of parental consent at any time. Parents and guardians should review this Privacy Policy and our Terms of Service with their children before allowing them to use the Service.

12. Your Rights

Depending on your location, you may have certain rights regarding your personal data:

GDPR Rights (European Economic Area, UK)

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure ("Right to be Forgotten"): Request deletion of your data in certain circumstances.
  • Data portability: Receive your data in a structured, commonly used format.
  • Object to processing: Object to certain types of processing, such as direct marketing.
  • Restrict processing: Request that we limit how we use your data.
  • Withdraw consent: Where processing is based on consent, you can withdraw it at any time.

CCPA/CPRA Rights (California)

  • Know: Request disclosure of the categories and specific pieces of personal information we've collected.
  • Delete: Request deletion of your personal information.
  • Opt-out of sale/sharing: We do not sell or share personal information for cross-context behavioral advertising.
  • Non-discrimination: We will not discriminate against you for exercising your privacy rights.

How to Exercise Your Rights

To exercise any of these rights, please contact us at hello@sitterflow.com. We will respond to your request within the timeframes required by applicable law (typically 30-45 days). We may need to verify your identity before fulfilling your request.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify you via email (if you have an account) or a prominent notice on our website

Your continued use of Sitterflow after such changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

14. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Chance Park LLC

Email: hello@sitterflow.com

Address: 228 Park Ave S PMB 17227, New York, New York 10003-1502 US

Return to HomeTerms of ServiceData Deletion