Privacy Policy

Privacy Policy

Effective date: August 9, 2025

This Privacy Policy explains how Payhouse Technologies, Inc., doing business as TAAARS! ("TAAARS!", "we", "us", or "our"), collects, uses, and shares information about you when you access or use our websites, products, and services (collectively, the "Service"). By using the Service, you agree to the practices described here. For terms governing your use of the Service, see our Terms of Service.

Who We Are

TAAARS! is the controller of your personal data unless otherwise stated or where we act as a processor on your behalf for data you submit to the Service. We handle personal information in accordance with applicable laws, including Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec’s Act respecting the protection of personal information in the private sector (Law 25).

Information We Collect

• Account Information: Name, email address, password (stored in hashed form), profile details, and settings.
• Billing and Payment Information: Billing name, address, and limited payment details. Full card data is processed by our payment processor and not stored by us.
• Usage and Device Data: IP address, device identifiers, browser type, pages viewed, referring/exit pages, date/time stamps, and feature usage.
• Content and Communications: Information you provide via forms, support requests, email, or in‑product messaging.
• Integrations: If you connect third‑party services (e.g., communication or productivity tools), we receive data authorized by you via the applicable scopes to provide the integration.
• Cookies and Similar Technologies: We use cookies, local storage, and similar technologies to operate and secure the Service, remember preferences, and analyze usage. See "Cookies" below.

Google OAuth Integration

If you choose to connect your Google account, we request access to the following Google API scopes:

• Gmail Send Scope (gmail.send): We use this scope to send invoices, agreements, and forms from your Gmail inbox to your clients on your behalf. This allows you to send these documents directly from your Gmail account through our Service.
• Google Calendar Scope: We use this scope to create, read, update, and delete calendar events (bookings) in your Google Calendar. This enables us to:
  • Synchronize bookings created through our Service with your Google Calendar
  • Display accurate availability on your booking pages based on your existing calendar events
  • Manage your booking schedule in real-time

What Google User Data We Collect: When you connect your Google account, we access and collect the following types of Google user data:

• Gmail data: The ability to send emails on your behalf using your Gmail account
• Calendar data: Information about your calendar events, including event titles, dates, times, and availability, to synchronize bookings and display availability

How We Use Google User Data: We only use the Google user data accessed through these Google API scopes to provide the specific functionality described above. Specifically:

• We use Gmail send functionality to send invoices, agreements, and forms to your clients from your Gmail account
• We use Calendar data to create, read, update, and delete booking events in your Google Calendar and to display accurate availability on your booking pages

We do not use Google user data for advertising purposes, marketing purposes, or any purpose other than providing or improving our Service's core functionality. We do not use Google user data to develop, train, or improve other Google services or third-party services.

With Whom We Share Google User Data: We do not sell, rent, or share your Google user data with third parties. We only share Google user data with our service providers (such as hosting providers) who are strictly necessary to provide the Service and who are bound by contractual confidentiality and data protection obligations. We do not transfer Google user data to third parties for reasons other than providing or improving our Service's functionality.

Data Protection Mechanisms: We implement industry-standard security measures to protect Google user data, including:

• Encryption in transit using TLS/SSL protocols
• Secure storage of OAuth tokens using encrypted databases
• Access controls and authentication requirements
• Regular security assessments and monitoring
• Compliance with applicable data protection laws

Data Retention and Deletion: We retain Google user data only for as long as necessary to provide the Service. Specifically:

• OAuth tokens are retained while your Google account is connected to enable the integration
• Calendar event data is retained only temporarily to synchronize bookings and display availability
• Email content is not stored; we only use the Gmail send API to send emails on your behalf

When you disconnect your Google account or delete your TAAARS! account, we will delete all associated Google user data, including OAuth tokens, within 30 days. You can also request deletion of your Google user data at any time by contacting us at help@taaars.com.

Revoking Access: You can revoke our access to your Google account at any time by:

1. Going to your Google Account settings at myaccount.google.com/permissions
2. Finding TAAARS! in the list of connected apps
3. Clicking "Remove Access"

You can also disconnect the integration directly within our Service settings. When you revoke access, we will immediately stop accessing your Google data and delete stored OAuth tokens.

How We Use Information

We use information to:

• Provide, operate, and maintain the Service
• Authenticate users and secure the Service
• Process transactions and manage subscriptions
• Provide customer support and communicate with you
• Monitor performance, fix issues, and improve features
• Personalize content and experiences
• Comply with legal obligations and enforce our agreements

Legal Bases for Processing (EEA/UK)

Where GDPR or UK GDPR applies, we process your personal data under these bases:

• Performance of a contract (to provide the Service)
• Legitimate interests (e.g., to secure and improve the Service)
• Consent (e.g., for certain cookies/marketing)
• Legal obligations (e.g., tax and accounting)

How We Share Information

We may share information with:

• Service Providers/Processors who perform services on our behalf (e.g., hosting, analytics, customer support, payment processing) under contractual confidentiality and data protection obligations.
• Third‑Party Integrations you choose to connect, as necessary to provide the integration and subject to your permissions.
• Legal and Safety: if required by law or to protect the rights, property, security, or safety of TAAARS!, our users, or the public.
• Business Transfers: in connection with a merger, sale, financing, or acquisition, subject to appropriate confidentiality measures.

We do not sell personal information or share it for cross‑context behavioral advertising as defined by applicable U.S. state privacy laws. We do not sell, rent, or share Google user data with third parties except as necessary to provide the Service through our service providers who are bound by confidentiality obligations.

International Data Transfers

We may transfer, store, and process your information in countries other than your own (including outside Quebec and Canada). Where required, we use appropriate safeguards such as Standard Contractual Clauses and conduct transfer assessments as required by Law 25 and applicable laws.

Data Retention

We retain personal data for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary based on data type and purpose. We may retain aggregated or de‑identified data for analytics.

Security

We implement technical and organizational measures designed to protect personal data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Your Rights

Depending on your location, you may have rights such as:

• Access, correction, deletion, and portability of your personal data
• Restrict or object to certain processing
• Withdraw consent where processing is based on consent

Residents of Quebec and other Canadian provinces have rights under PIPEDA and Law 25, including the right to access and rectify personal information and, in certain cases, request cessation of dissemination or de‑indexing. You can exercise rights by contacting our Privacy Officer.

Residents of certain U.S. states (e.g., CA, CO, CT, VA, UT) may have additional rights under state privacy laws, including the right to know, delete, correct, and opt out of targeted advertising or the sale of personal data (we do not sell personal data). You can exercise rights by contacting us at help@taaars.com.

You can also manage cookies and certain tracking via your browser settings and any consent tools we provide.

Cookies

We use the following types of cookies:

• Strictly necessary cookies for core functionality and security
• Functional cookies to remember preferences
• Analytics cookies to understand and improve product performance

You can control cookies through your browser settings. If required by law, we will obtain your consent for non‑essential cookies.

Children’s Privacy

The Service is not directed to children under 16 and we do not knowingly collect personal information from them. If you believe a child has provided us personal data, contact us to request deletion.

Do Not Track

Some browsers send "Do Not Track" signals. We do not currently respond to these signals.

Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify you (for example, by email or via the Service). Your continued use of the Service after the effective date constitutes acceptance.

Privacy Officer and Contact

We have designated a Privacy Officer responsible for compliance with this Policy and applicable laws. Questions or requests? Contact our Privacy Officer at help@taaars.com.