1. Who We Are
Pick.UP is developed and operated by Pick.UP ("we," "us," or "our"). Our principal place of business is located in San Diego, California, United States.
Contact email: support@pickuphone.com
For all privacy-related inquiries, including data access, correction, or deletion requests, please contact us at the email address above.
2. Information We Collect
We collect the following categories of information:
2.1 Information You Provide
- Account information: Name and email address (provided via Google OAuth or manual signup).
- Business information: Business name, phone number, and business hours.
- Call data: Call duration, call recordings, and AI-generated call transcripts.
- Payment information: Payment details processed securely through Stripe, Inc. (we do not store raw credit card numbers).
2.2 Information From Google APIs
If you choose to connect your Google Calendar, we access data through the following Google API scopes:
- https://www.googleapis.com/auth/calendar.readonly— Read-only access to your Google Calendar. This scope allows us to view your calendar events and free/busy information to check your availability for appointment scheduling.
- https://www.googleapis.com/auth/calendar.events— Read and write access to your Google Calendar events. This scope allows us to create, update, and delete calendar events on your behalf when booking, rescheduling, or canceling appointments.
2.3 Automatically Collected Information
- Device and browser information (user agent, screen resolution).
- Usage analytics (pages visited, features used, session duration).
- IP address and approximate geographic location (city-level only).
3. How We Use Your Information
We use the information we collect for the following purposes:
- Service delivery: To provide, operate, and maintain the Pick.UP AI receptionist service, including answering calls, scheduling appointments, and sending recaps.
- Calendar integration: To read your availability and create, update, or delete calendar events as requested through the service.
- Communication: To send call summaries, appointment confirmations, and service-related notifications.
- Payments: To process subscription payments via Stripe.
- Service reliability: To monitor, maintain, and troubleshoot the reliability and security of the service.
- Security: To detect, prevent, and address fraud, abuse, and security issues.
We do notuse your information — including any data received from Google APIs — for advertising, marketing targeting, selling to third parties, or to develop, improve, or train generalized or non-personalized artificial intelligence or machine learning models. Google user data is used solely to provide and operate the user-facing features you request.
4. Google Calendar Data — Detailed Disclosure
4.1 What Data We Access
When you grant Pick.UP access to your Google Calendar, we access the following data through the Google Calendar API:
- Calendar events: Event titles, descriptions, start/end times, attendees, and locations for events on calendars you select.
- Free/busy information: Your availability status across selected calendars.
- Calendar metadata: Calendar name, time zone, and access role.
4.2 Why We Need This Data
Google Calendar data is essential to the core functionality of Pick.UP. Specifically:
- calendar.readonly: Used to check your availability when a caller requests an appointment, ensuring we only suggest times when you are free.
- calendar.events: Used to book, reschedule, or cancel appointments on your calendar directly during a call, and to send you confirmation details afterward.
4.3 How We Use This Data
Google Calendar data is used solely to provide core product functionality:
- Checking your availability to schedule caller appointments.
- Creating, updating, and deleting calendar events on your behalf.
- Generating call summaries that reference appointment details.
- Sending appointment confirmations and reminders.
We do not use Google Calendar data for advertising, to build user profiles, to train AI or machine learning models, or for any purpose unrelated to providing the Pick.UP service.
4.4 How Long We Store This Data
- Active calendar data: Accessed in real-time via the Google Calendar API. We do not maintain a persistent copy of your full calendar.
- Appointment references: Event IDs and appointment details referenced in call summaries are retained for 90 days after creation, then automatically deleted.
- After revocation: When you disconnect Google Calendar or revoke access, all cached Google Calendar data is deleted within 7 days.
4.5 Whether This Data Is Shared
Google Calendar data accessed through Google APIs is not shared with any third parties. We do not sell, rent, trade, or otherwise transfer your Google Calendar data to any outside party. Calendar data is used exclusively within Pick.UP to provide the calendar integration features you have requested.
5. Google API Services — Limited Use Compliance
Pick.UP's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- We only request the minimum scopes needed to provide our service (calendar events and free/busy availability).
- We use Google API data only to provide the features you have explicitly requested (appointment scheduling and management).
- We do not use Google API data for advertising or marketing purposes.
- We do not use Google API data to develop, improve, or train generalized or non-personalized AI or machine learning models.
- We do not sell Google API data to third parties.
- We do not share Google API data with third parties except as required to provide the service (e.g., our infrastructure hosting provider, which is bound by data processing agreements).
6. Third-Party Sharing
We do not sell, rent, or trade your personal information to any third party. We share data only in the following limited circumstances:
- Service providers: We use third-party services that process data on our behalf to operate the platform:
- Stripe, Inc. — Processes subscription payments. Stripe receives only payment-related information and is governed by its own privacy policy.
- Google LLC — Provides Calendar API access and OAuth authentication, governed by Google's Privacy Policy.
- Supabase — Provides database hosting and authentication infrastructure, bound by data processing agreements.
- Vercel Inc. — Provides application hosting and CDN services.
- Legal requirements: We may disclose information when required by law, subpoena, or other legal process.
- Safety: We may disclose information to protect the safety of our users or the public, or to investigate fraud or security issues.
Google data specifically: Data received from Google APIs is never shared with third parties for any purpose beyond providing the core Pick.UP service features you have requested.
7. Data Retention
We retain your data for the following periods:
- Account information: Retained until you delete your account, or until we delete it per your request.
- Call recordings and transcripts: Retained for 30 days after the call date, then automatically deleted, unless you request earlier deletion.
- Google Calendar data: Accessed in real-time; event references retained for 90 days, then automatically deleted. Upon revocation of Google access, all cached calendar data is deleted within 7 days.
- Payment records: Retained for 7 years as required by tax and financial regulations, though payment card details are not stored (handled by Stripe).
- Usage analytics: Retained for 12 months, then anonymized or deleted.
- Security logs: Retained for 90 days, then automatically deleted.
Upon account deletion, all personal data will be permanently removed from our production systems within 30 days, and from backups within 90 days.
8. Security Measures
We implement the following security measures to protect your data:
- Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS).
- Encryption at rest: Database storage is encrypted using AES-256 encryption.
- Row-Level Security (RLS): Our database enforces Row-Level Security policies, ensuring each user can only access their own data. No user can query or access another user's records.
- Access controls: Internal access to production data is restricted to authorized personnel on a least-privilege basis. All access is logged and audited.
- Authentication: We use secure OAuth 2.0 authentication via Google and Supabase Auth. Passwords (where applicable) are hashed using bcrypt.
- Infrastructure security: Our application is hosted on Vercel's SOC 2 Type II compliant infrastructure. Our database is hosted on Supabase's platform with built-in security controls.
- Monitoring: We employ continuous monitoring and alerting for unauthorized access attempts and security anomalies.
9. Your Rights
You have the following rights regarding your personal data:
- Access: You may request a copy of the personal data we hold about you.
- Correction: You may request correction of any inaccurate personal data.
- Deletion: You may request deletion of your personal data. See Section 10 for details on how to delete your data.
- Portability: You may request an export of your data in a structured, machine-readable format.
- Objection: You may object to the processing of your data for specific purposes.
- Revocation of consent: You may revoke Google Calendar access at any time through your Google Account permissions settings at myaccount.google.com/permissions.
To exercise any of these rights, please contact us at support@pickuphone.com. We will respond to your request within 30 days.
10. Data Deletion
You can delete your data and account through the following methods:
10.1 Self-Service Deletion
- Log in to your Pick.UP account.
- Navigate to Settings.
- Scroll to the "Danger Zone" section.
- Click "Delete Account."
- Confirm your decision.
Your account will be deactivated immediately and permanently deleted within 30 days.
10.2 Email Request
If you cannot access your account, send an email to support@pickuphone.com with the subject line "Account Deletion Request," including your full name and the email address associated with your account. We will verify your identity and process the request within 5–7 business days.
10.3 Google Data Deletion
To stop Pick.UP's access to your Google Calendar data:
- Go to your Google Account permissions.
- Find "Pick.UP" in the list of connected apps.
- Click "Remove Access."
After revocation, all cached Google Calendar data will be deleted from our systems within 7 days.
For full details, please visit our Data Deletion page.
11. Children's Privacy
Pick.UP is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at support@pickuphone.com.
12. International Users
Pick.UP is operated from the United States. If you use our service from outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States. By using our service, you consent to this transfer. We take appropriate safeguards to protect your data in accordance with this privacy policy.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page and, for material changes, notify you by email or through a notice within the application. We encourage you to review this policy periodically. Your continued use of Pick.UP after any changes constitutes your acceptance of the updated policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Effective Date: June 14, 2026 · Last Updated: June 14, 2026