Privacy Policy

Heffl Ventures - LLC (we, our, or us) operates heffl.com website (the Service).

This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

Personal Data: While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (Personal Data). Personal Data may include, but is not limited to:

Email address
First name and last name
Phone number
Address, State, Province, ZIP/Postal code, City
Cookies and Usage Data
Business information
Payment and transaction data
Google User Data: When you authorize our Service to access your Google account via Google Workspace APIs, we collect and process certain data from your Google account, such as emails, calendar events, contacts, or files, depending on the features you use and the permissions you grant. This data is used solely for the purpose of providing our Service to you, as described in this privacy policy.
We do not use Google user data to develop, improve, or train generalized artificial intelligence (AI) or machine learning (ML) models.
Our use of Google user data is subject to Google's API Services User Data Policy, and we comply with all applicable requirements.

Use of Data

We use the collected data for various purposes, including:

To provide and maintain our Service
To notify you about changes to our Service
To provide customer support
To gather analysis or valuable information so that we can improve our Service
To monitor the usage of our Service
To detect, prevent, and address technical issues
To access and use Google Workspace APIs on your behalf, with your consent, to provide the features of our Service

Disclosure of Data

We share your personal data, including Google user data, only in the following circumstances:

With Google LLC, as necessary to access and use the Google Workspace APIs.
With third-party service providers who assist us in operating our Service, such as hosting providers, analytics services, or customer support tools. These providers are contractually obligated to protect your data and only use it for the purposes we specify.
When required by law or to protect our legal rights.

We do not sell, rent, or otherwise disclose your personal data, including Google user data, to third parties for their own marketing or other purposes.

Data Security and Protection

The security of your data is of utmost importance to us. We implement and maintain comprehensive technical, physical, and administrative safeguards to protect your personal data, including sensitive data obtained from Google Calendar and other Google Workspace APIs.

Technical Security Measures:

Encryption: All data transmitted between your device and our servers is encrypted using industry-standard TLS (Transport Layer Security) protocols. Sensitive data, including Google Calendar events and user information, is encrypted both in transit and at rest using AES-256 encryption.
Secure Data Storage: Your Google Calendar data and other sensitive information are stored in secure, access-controlled databases with encryption at rest. We use reputable cloud service providers with SOC 2 Type II certification.
Access Controls: We implement strict access controls and authentication mechanisms. Only authorized personnel with a legitimate business need have access to user data, and all access is logged and monitored.
API Token Security: OAuth tokens used to access your Google account are stored securely with encryption and are never exposed in client-side code or logs. Tokens are automatically refreshed and rotated following security best practices.

Organizational Security Measures:

Principle of Least Privilege: Our systems and personnel operate on the principle of least privilege, ensuring that access to sensitive data is granted only when necessary for specific job functions.
Employee Training: All employees and contractors with access to user data undergo security training and are bound by confidentiality agreements.
Regular Security Audits: We conduct regular security audits and vulnerability assessments to identify and address potential security risks.
Incident Response: We maintain an incident response plan to quickly detect, respond to, and mitigate any security incidents involving user data.

Google Calendar Specific Protections:

Your Google Calendar data is accessed only when you explicitly authorize our application and only for the specific purposes you consent to.
We implement scope-limited access, requesting only the minimum necessary permissions required to provide the calendar integration features.
Calendar data is processed in real-time when needed and is not unnecessarily stored or retained beyond what is required to provide the service.
You can revoke access to your Google Calendar at any time through your Google Account settings, which will immediately terminate our access to your calendar data.

While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We continuously work to improve our security practices and promptly address any identified vulnerabilities. If you discover any security concerns, please contact us immediately at [email protected].

Data Retention and Deletion

We retain your personal data, including Google user data, only for as long as necessary to provide the Service to you or as required by applicable laws and regulations. When you delete your account or request deletion of your data, we will delete your personal data from our systems within a reasonable timeframe, typically within 30 days, unless we are required to retain it for legal or regulatory reasons.

You can request deletion of your data by contacting us at [email protected].

Additionally, you can revoke our access to your Google account at any time by visiting your Google account settings and removing the permissions granted to our Service.