Privacy Policy
Studio AZ · Last updated: July 15, 2026
Studio AZ ("we," "us") operates a private scheduling and business-management
application (the "App") used by the staff of our tattoo studio and barbershop in
Minneapolis, Minnesota, and by clients who book appointments with us. This policy
explains what information the App handles and how we protect it.
Information we collect
- Client booking information — name, contact details, and
appointment details submitted when booking or inquiring with our studio.
- Staff account information — name, email, and role, used to
operate staff accounts inside the App.
- Google Calendar data — only for staff members who choose to
connect a Google account, as described below.
Google Calendar integration (Google user data)
Staff members may optionally connect a personal Google Calendar to the App.
When a staff member grants access, the App uses Google's Calendar API with the
calendar.events scope and the connected account's email address to:
- Read events on the connected calendar so personal commitments
appear as unavailable ("busy") time in our internal scheduling system and cannot
be double-booked;
- Create and update events on the connected calendar so work
appointments booked at our studio appear on the staff member's own calendar;
- Update events at the staff member's request when they edit one
of their own calendar events from inside the App.
Limited Use disclosure. Studio AZ's use and transfer of
information received from Google APIs adheres to the
Google
API Services User Data Policy, including the Limited Use requirements.
- We never sell Google user data, use it for advertising, or
share it with third parties.
- Event details (titles and descriptions) are visible only to the staff member
who connected the calendar and to studio management. Other staff see only that
the time is unavailable.
- Human access to Google user data is limited to the connecting staff member and
studio management within the App; no other human review occurs except with the
user's consent, for security purposes, or as required by law.
- Google user data is not used to train any machine-learning or
AI models.
How we store and protect data
Data is stored in access-controlled databases (hosted by Supabase) and processed
on our own backend servers. OAuth tokens and calendar data are readable only by our
backend service — never directly by client apps or other staff. Data is encrypted in
transit (TLS) and at rest by our hosting providers.
Data retention and deletion
- A staff member may disconnect their Google Calendar at any time inside the App.
Disconnecting revokes our access with Google and deletes the stored tokens and
synced calendar data from our systems.
- Access can also be revoked from your
Google Account security
settings, which immediately invalidates our access.
- You may request deletion of any personal data we hold by contacting us at the
address below.
Sharing
We do not sell personal information. We share data only with the service
providers that operate the App's infrastructure (hosting, database, messaging, and
payment processing), only as needed to run the App, and as required by law.
Changes
We may update this policy from time to time. Material changes will be reflected
by the "Last updated" date above.
Contact
Studio AZ · Minneapolis, MN
Email: support@studioaz.us