Privacy Policy

Slatis ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our operations intelligence platform (the "Service").

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, company name, and other registration details
• Profile Information: Job title, department, role, and team information
• Communication Data: Messages, feedback, and support requests you send to us

1.2 Calendar Data

When you connect your calendar to Slatis, we access and process:

• Calendar Events: Event titles, descriptions, start/end times, duration, and recurrence patterns
• Event Metadata: Attendees, event status, location, and conference details
• Calendar Settings: Time zone, working hours, and calendar sharing settings

Supported Calendar Providers:

• Google Calendar: Connected via Google OAuth 2.0
• Microsoft Calendar: Connected via Microsoft OAuth 2.0 (Outlook, Office 365, Exchange)
• Apple Calendar: Connected via iCloud authentication (iCloud Calendar, CalDAV)

1.3 Automatically Collected Information

• Usage Data: Features used, pages visited, time spent, and interaction patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies and Tracking: Session cookies, authentication tokens, and analytics data

2. How We Use Your Information

2.1 Primary Service Functions

• Capacity Analysis: Calculate actual vs. calendar-based capacity to provide operations intelligence
• Workload Insights: Analyze meeting time, preparation time, and implementation time patterns
• Team Optimization: Generate recommendations for hiring, workload distribution, and process improvement
• Dashboard & Reports: Create visualizations and reports on team capacity and operational efficiency

2.2 Additional Uses

• Provide, maintain, and improve the Service
• Authenticate users and maintain account security
• Send service-related notifications and updates
• Respond to support requests and provide customer service
• Analyze usage patterns to enhance user experience
• Comply with legal obligations and enforce our Terms of Service

2.3 Limited Use of Calendar Provider Data

Slatis's use of calendar data from all providers is limited to:

• Providing or improving user-facing features that are prominent in the requesting application's user interface
• Complying with applicable laws and regulations

We do NOT:

• Transfer calendar data to third parties (except as necessary to provide the Service or as required by law)
• Use calendar data for serving advertisements
• Allow humans to read calendar data unless we have your explicit consent, for security purposes, or to comply with applicable laws
• Use calendar data for any purpose unrelated to providing operations intelligence services

Google-specific commitments: We use Google user data only to provide or improve user-facing features in Slatis. We do not use Google user data for serving ads or transferring it for advertising purposes.

Microsoft-specific commitments: We handle Microsoft Calendar data in accordance with Microsoft Graph API guidelines and do not use it for purposes beyond providing the core Service functionality.

Apple-specific commitments: We protect iCloud Calendar data in accordance with Apple's security and privacy requirements and do not use it for unauthorized purposes.

3. Data Storage and Security

3.1 Data Storage

• Database: Your data is stored securely using Supabase (PostgreSQL database with row-level security)
• Hosting: Application hosted on Vercel's secure infrastructure
• Infrastructure: We may use Railway or similar cloud infrastructure providers for additional services
• Location: Data centers are located in secure facilities with industry-standard security measures
• Retention: We retain your data for as long as your account is active or as needed to provide the Service
• Calendar Data: We process calendar data in real-time and store aggregated insights; raw event details are not permanently stored unless necessary for the Service
• Backups: Regular encrypted backups are maintained for disaster recovery purposes

3.2 Security Measures

• Industry-standard encryption for data in transit (TLS/SSL) and at rest
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Secure OAuth 2.0 implementation for Google Calendar integration
• Employee training on data protection and security best practices

4. Data Sharing and Disclosure

4.1 We Share Your Information With:

• Your Organization: If you're part of a team account, authorized administrators can view aggregated team capacity data
• Infrastructure Service Providers: We use the following trusted third-party service providers to operate our Service:
  • Supabase: Database hosting and authentication services
  • Vercel: Application hosting and deployment platform
  • Railway: Additional cloud infrastructure services (when applicable)
• Calendar Providers: We connect to Google, Microsoft, and Apple calendar services only with your explicit authorization
• Other Service Providers: Analytics, customer support, and email delivery services under strict confidentiality obligations
• Legal Requirements: When required by law, court order, or government regulation
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)

Service Provider Safeguards: All service providers are contractually obligated to:

• Use your data only for providing services to Slatis
• Implement appropriate security measures
• Comply with applicable data protection laws (GDPR, CCPA)
• Not use your data for their own purposes

4.2 We Do NOT:

• Sell your personal information to third parties
• Share your calendar data with other users without your permission
• Use your data for advertising or marketing by third parties

5. Your Rights and Choices

5.1 Access and Control

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Export: Download your data in a portable format
• Objection: Object to certain data processing activities

5.2 Calendar Access Management

You can revoke Slatis's access to your calendar at any time:

• Google Calendar: Revoke access via Google Account Permissions
• Microsoft Calendar: Revoke access via Microsoft Account App Permissions
• Apple Calendar: Revoke access via iCloud Settings → Apps Using iCloud, or through your Slatis account settings

Important:

• Revoking access will stop new data collection but may limit Service functionality
• You can request deletion of previously collected calendar data by contacting us
• Some aggregated insights may be retained for service improvement (anonymized)

5.3 Communication Preferences

• Opt-out of marketing emails (service-related emails will continue)
• Manage notification settings in your account preferences

6. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

7. Children's Privacy

Slatis is not intended for users under the age of 16. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 16, we will delete it promptly.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain user sessions and authentication
• Remember user preferences
• Analyze usage patterns and improve the Service
• Ensure security and prevent fraud

You can control cookies through your browser settings, but disabling cookies may affect Service functionality.

9. Data Protection Rights (GDPR & CCPA)

9.1 For European Users (GDPR)

If you are in the European Economic Area, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure of your data
• Restrict or object to data processing
• Data portability
• Withdraw consent at any time
• Lodge a complaint with your local supervisory authority

9.2 For California Residents (CCPA)

If you are a California resident, you have the right to:

• Know what personal information is collected
• Know if personal information is sold or disclosed and to whom
• Say no to the sale of personal information
• Access your personal information
• Request deletion of personal information
• Not be discriminated against for exercising your privacy rights

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Email notification to your registered email address
• Prominent notice on our website or Service
• Updated "Last Updated" date at the top of this policy

Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@slatis.com
• Website: slatis.com

12. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

13. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Consent: When you provide explicit consent (e.g., connecting your Google Calendar)
• Contract: To fulfill our contract with you and provide the Service
• Legitimate Interests: To improve our Service, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws and regulations