Privacy Policy

Print Icon

Last updated: April 2026

Introduction

This Privacy Policy explains how Oximarin Ventures LP ("we", "us") collects, uses, and protects personal data when you use Talksched (the "Service") — an online meeting scheduling platform. We comply with the UK GDPR and the Data Protection Act 2018.

Who we are

The data controller is:

Oximarin Ventures LP
39/5 Granton Crescent
Edinburgh, EH5 1BN
United Kingdom
Email: support@talksched.app

What we collect

  • Account data — email address, chosen username, name, password (stored as a salted bcrypt hash), time zone, preferred language.
  • Calendar and booking data — event types you create, bookings made with you or by you, invitee names and emails, notes, booking questions and answers.
  • Third-party connection tokens — if you connect Google Calendar, Microsoft Outlook, Apple Calendar, Zoom, Google Meet, Microsoft Teams or similar providers, we store OAuth access and refresh tokens needed to read your availability and create meetings on your behalf. Tokens are encrypted at rest.
  • Billing data — when you subscribe to a paid plan, billing is handled by our payment processor Stripe, Inc. We store your Stripe customer ID, subscription status, billing email, country, the last four digits and brand of your card, and a history of invoice and payment events. We never see or store the full card number, CVV, or expiry date — those are collected directly by Stripe in a PCI-DSS Level 1 compliant environment.
  • Technical data — IP address, browser user-agent, device type, approximate location derived from IP, timestamps of requests, error logs.
  • Support data — messages you send us when contacting support.

How we use it

  • To provide and operate the Service (create accounts, display availability, send booking confirmations, send meeting reminders).
  • To process subscription payments, issue invoices and receipts, and manage renewals and cancellations.
  • To communicate with you about account events, security alerts, billing, and service announcements.
  • To protect the Service against abuse, fraud, and unauthorised access.
  • To debug issues and improve performance.
  • To comply with legal obligations, including tax and accounting record-keeping.

Legal bases (UK GDPR)

  • Contract — processing needed to deliver the Service and fulfil your subscription.
  • Legitimate interests — keeping the Service secure, preventing fraud, improving the product.
  • Consent — where you explicitly connect a third-party calendar or conferencing integration.
  • Legal obligation — where we must retain or disclose data to comply with tax, accounting, or other legal requirements.

Sharing with third parties

We share personal data only with service providers who process it on our behalf:

  • Stripe, Inc. — payment processing and subscription management. Data shared: billing email, name, country, payment method. See the Stripe Privacy Policy.
  • Hosting infrastructure (Hostinger, European data centres).
  • Email delivery providers — transactional email for booking confirmations, reminders, password resets, and receipts.
  • Calendar, video-conferencing and other integration providers you explicitly connect.

We do not sell personal data. We do not use personal data for third-party advertising.

International transfers

Data is primarily stored and processed within the European Economic Area. Stripe operates globally and may transfer billing data to the United States under Standard Contractual Clauses and equivalent safeguards. Where you connect a US-based integration (for example, Zoom or Google), data flows to that provider under their own safeguards.

Retention

Account and calendar data are retained for as long as your account is active. When you delete your account, personal data is removed from our production database within 30 days. Encrypted backups are rotated out within 90 days. Billing records (invoices, payment history) are retained for six years to meet UK tax and accounting requirements, as allowed under UK GDPR.

Security

We protect data with TLS in transit, encryption at rest for sensitive fields (including integration tokens), bcrypt password hashing, least-privilege access controls, and regular security updates to our infrastructure. Card data is never handled by our servers — Stripe Checkout collects it directly in an iframe served from Stripe's domain.

Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data (also known as "the right to be forgotten"), subject to the billing-records retention described above.
  • Restrict or object to processing.
  • Receive a copy of your data in a portable format.
  • Withdraw consent at any time for integrations you connected.
  • Lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, email support@talksched.app. We respond within one month.

Children

The Service is intended for users aged 16 and older. We do not knowingly collect personal data from children under 16.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by email and by a prominent notice on the platform at least 14 days before they take effect.



Oximarin Ventures LP
39/5 Granton Crescent
Edinburgh
EH5 1BN
UNITED KINGDOM
support@talksched.app

This Privacy Policy is governed by the laws of Scotland, United Kingdom.