SignupSlots/Privacy Policy

Privacy Policy

Last updated: April 13, 2025

SignupSlots is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights regarding your data.

Table of Contents

  1. 1. Data We Collect
  2. 2. How We Use Data
  3. 3. Third-Party Services
  4. 4. Data Retention
  5. 5. Your Rights
  6. 6. Organizer Responsibilities
  7. 7. California Residents (CCPA)
  8. 8. European Residents (GDPR)
  9. 9. Children
  10. 10. Security
  11. 11. Changes to This Policy
  12. 12. Contact

1. Data We Collect

From organizers (account holders)

  • Name and email address
  • Password (hashed — never stored in plain text)
  • Google account info if using Google OAuth (name, email, profile picture)
  • Organization name and logo (optional)
  • Notification preferences and event settings
  • Profile avatar (optional)

From participants (people who sign up for events)

  • Name and email address
  • Phone number (optional, or required if set by the organizer)
  • Notes or comments (optional)
  • Responses to custom questions set by the organizer
  • RSVP responses (attending / maybe / not attending)

Automatically collected

  • IP address, browser type, and device info (standard web server logs)
  • We do not use cookies for tracking or advertising
  • We use essential session cookies only for authentication (Supabase session cookies)

2. How We Use Data

We use the information collected to:

  • Provide the sign-up service (creating events, managing signups, sending confirmations and reminders)
  • Send email notifications via our email provider (Resend)
  • Process AI scans of handwritten sign-up sheets (via Google Gemini API — images are processed temporarily and not stored by us after processing)
  • Authenticate users and secure accounts
  • Communicate service updates when relevant

We do not:

  • Sell personal data to third parties
  • Use data for advertising
  • Share data with advertisers

3. Third-Party Services

We share data with these services to operate SignupSlots:

SupabaseDatabase hosting — stores all event and signup data
ResendEmail delivery — receives email addresses to send confirmations and reminders
Google Gemini APIAI scanning — receives images of sign-up sheets temporarily for processing
VercelWeb hosting — standard web server logs
Google OAuthAuthentication — if user chooses Google sign-in
Upstash RedisRate limiting — receives IP addresses for abuse prevention
SanityContent management — for marketing pages only; no user data is shared

4. Data Retention

  • Account data is retained until the user deletes their account
  • Event data is retained until the organizer deletes the event or their account
  • Signup data is retained as part of the event record
  • When an account is deleted, all associated data is permanently removed within 30 days
  • Deleted data may persist in encrypted backups for up to 90 days before final deletion

5. Your Rights

You can:

  • Access your data — via account settings and event management
  • Export your data — Settings → Danger Zone → Export All Data (CSV)
  • Delete your data — delete your account in settings, or delete individual events and signups
  • Update your information at any time via account settings
  • Opt out of non-essential emails via notification preferences
  • Request corrections by contacting support@signupslots.app

6. Organizer Responsibilities for Participant Data

Important

Organizers collect data from participants through SignupSlots and are responsible for how that data is used.

  • Organizers act as data controllers for the participant data they collect
  • SignupSlots acts as a data processor on the organizer's behalf
  • Organizers are responsible for informing their participants how their data will be used
  • Organizers must not misuse participant contact information (no spam, no selling)
  • Organizers agree to use SignupSlots in compliance with applicable privacy laws

7. California Residents (CCPA)

We do not sell personal information. California residents have the right to:

  • Know what personal data we collect
  • Request deletion of their personal data
  • Opt out of any sale of personal information (which we don't do)

To exercise these rights, contact support@signupslots.app.

8. European Residents (GDPR)

You have the right to access, rectify, delete, restrict, and port your data. You can withdraw consent at any time.

  • Our legal basis for processing is legitimate interest (providing the service) and consent (marketing emails)
  • Contact support@signupslots.app for GDPR requests

9. Children

SignupSlots is not intended for children under 13. We do not knowingly collect data from children under 13. If a parent or guardian believes their child under 13 has provided us with data, please contact support@signupslots.app and we will delete it promptly.

10. Security

  • Data is encrypted in transit (HTTPS)
  • Passwords are hashed using industry-standard algorithms
  • Database access is restricted via Row Level Security policies
  • We follow industry best practices for security

No system is 100% secure, but we take reasonable precautions to protect your data.

11. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be communicated via email to active users. Continued use of SignupSlots after changes constitutes acceptance.

12. Contact

For general questions or privacy-specific inquiries:

support@signupslots.app
Terms of Service →← Back to SignupSlots