Provider Privacy Policy

Introduction

This Provider Privacy Policy explains how Callie ("we," "our," or "us") accesses, uses, and protects your Google Calendar data when you connect your Google account to our platform as a healthcare provider. This policy is specific to our use of the Google Calendar API and complements our main Privacy Policy.

Google Calendar Data We Access

When you connect your Google account to Callie, we request access to your Google Calendar to provide scheduling and appointment management services. Specifically, we access:

Calendar Events - Read Access

• What we read: We read existing events from your Google Calendar to understand your availability and prevent scheduling conflicts.
• Why we need this: This allows us to intelligently schedule patient appointments during your available time slots and avoid double-booking.
• What we see: Event titles, dates, times, durations, and whether time slots are busy or available.

Calendar Events - Write Access

• What we write: We create new calendar events for patient appointments scheduled through Callie.
• Why we need this: This ensures your Google Calendar stays synchronized with appointments booked through our platform, providing you with a unified view of your schedule.
• What we create: Appointment events containing patient names (or anonymized identifiers based on your settings), appointment times, and relevant appointment details.

Calendar Events - Delete Access

• What we delete: We can delete calendar events, but only those created by Callie.
• Why we need this: This allows us to remove appointments from your calendar when they are cancelled or rescheduled through our platform.
• Important limitation: We will never delete calendar events that were not created by Callie. Your personal appointments and other calendar entries remain completely under your control.

Google API Permissions and Scopes

To provide our scheduling and appointment management services, we request the following specific Google API permissions (OAuth scopes):

How We Use Your Google Calendar Data

We use your Google Calendar data exclusively for the following purposes:

• Appointment Scheduling: To display your availability and schedule patient appointments.
• Conflict Prevention: To prevent double-booking by checking for existing events during proposed appointment times.
• Calendar Synchronization: To keep your Google Calendar in sync with appointments managed through Callie.
• Appointment Management: To update or remove Callie-created appointments when you reschedule or cancel them.
• Availability Display: To show patients your available time slots when they are booking appointments.

How We Store Your Google Calendar Data

We prioritize minimal data retention for your Google Calendar information:

• Temporary Access: We query your Google Calendar in real-time when scheduling information is needed. We do not permanently store complete copies of your calendar.
• Appointment Records: We store records of appointments created through Callie (including their Google Calendar event IDs) to enable proper synchronization, updates, and deletion.
• Availability Data: We may temporarily cache availability information to improve performance, but this data is refreshed regularly and is not permanently stored.
• Access Tokens: We securely store your Google Calendar access tokens (encrypted) to maintain the connection between Callie and your Google account.

How We Share Your Google Calendar Data

We are committed to protecting your calendar privacy:

• No Third-Party Sharing: We do not sell, rent, or share your Google Calendar data with third parties for marketing or advertising purposes.
• Limited Patient Visibility: Patients can only see your availability (free/busy status) and confirmed appointment times—they cannot see the details of your other calendar events.
• Service Providers: We may share data with trusted service providers who help us operate our platform (such as cloud hosting providers), but only under strict confidentiality agreements and data protection requirements.
• Legal Requirements: We may disclose information if required by law, legal process, or government request.

We never use your Google Calendar data for serving advertisements or for any purpose unrelated to providing you with scheduling and appointment management services.

Data Security

We implement robust security measures to protect your Google Calendar data:

• Encryption: All data transmitted between Callie, your browser, and Google is encrypted using industry-standard TLS/SSL protocols.
• Secure Token Storage: Your Google Calendar access tokens are encrypted at rest and stored securely.
• Access Controls: Access to your calendar data within our systems is restricted to only those components and personnel that absolutely need it.
• Regular Security Audits: We conduct regular security assessments and updates to protect against vulnerabilities.
• Compliance: We maintain HIPAA-compliant security practices for all protected health information.

Your Rights and Controls

You have complete control over your Google Calendar connection:

Revoke Access

You can revoke Callie's access to your Google Calendar at any time through:

• Callie Settings: Disconnect your Google Calendar in your Callie account settings.
• Google Account: Remove Callie's access through your Google Account permissions page.

Note: Revoking access will prevent Callie from syncing future appointments to your calendar, but previously created events will remain in your Google Calendar unless you manually delete them.

Data Deletion

You can request deletion of your data by contacting us. Upon your request or account termination:

• We will delete your Google Calendar access tokens.
• We will delete cached availability data.
• Appointment records may be retained as required for legal, regulatory, or healthcare recordkeeping purposes.
• Events in your Google Calendar will remain unless you delete them manually.

Access and Correction

You can view, modify, or delete events in your Google Calendar directly through Google Calendar at any time.

Google API Services User Data Policy Compliance

Our use of Google Calendar APIs complies with all requirements of the Google API Services User Data Policy, including:

• Limited Use: We use Google Calendar data only to provide or improve user-facing features that are prominent in our application's user interface.
• No Human Review: Google Calendar data is processed by automated systems only, with no human review except when necessary for security purposes, to comply with applicable law, or with your explicit consent.
• No Transfer to Third Parties: We do not transfer Google Calendar data to third parties except as necessary to provide the scheduling service, comply with applicable law, or as part of a merger or acquisition (with notice to users).
• No Use for Advertising: We do not use Google Calendar data to serve advertisements.

Children's Privacy

Callie is designed for use by healthcare providers who are adults. We do not knowingly collect Google Calendar data from individuals under the age of 13.

Changes to This Policy

We may update this Provider Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last updated" date.
• Sending you an email notification if the changes materially affect how we use your Google Calendar data.
• Requesting your re-consent if required by Google API Services User Data Policy.

Related Policies

• Callie Privacy Policy - Our general privacy practices
• Terms of Service - Terms governing use of Callie