Privacy Policy

Last updated: 16 June 2026

This Privacy Policy explains how Joust (“we”, “us”) collects, uses, and protects personal information when you use withjoust.com and our Service. We are the data controller for the information described here.

1. Information we collect

  • Account information — your name, email address, and a securely hashed password.
  • Profile information — your handle, headline, timezone, and booking-page settings.
  • Booking information — details you and your invitees provide, such as invitee names, email addresses, notes, and the times booked.
  • Google account data — if you connect Google Calendar, we read your free/busy times and create events on your behalf, and we store access and refresh tokens to do so. We request only the calendar scopes needed to provide sync.
  • Payment information — subscriptions are processed by Stripe. We store customer and subscription identifiers and status, but not your full card details.
  • Usage and device data — log data such as IP address, browser type, and pages viewed, collected via cookies and similar technologies.

2. Cookies and analytics

We use:

  • Essential cookies — required for sign-in and security (your session). The Service does not work without these.
  • Analytics cookies — we use Google Analytics (measurement ID G-VMS17YHB3Q) to understand how the Service is used so we can improve it. These cookies are only set if you accept them in our cookie banner. Google Analytics collects information such as your IP address (which we ask Google to anonymise), device, and the pages you visit; this information is processed by Google in line with Google’s privacy policy. You can change your choice at any time via Cookie settings in the site footer, using the Google Analytics opt-out browser add-on, or your browser’s cookie controls.
  • Cookie preferences — we store your analytics choice in your browser’s local storage so we remember it on future visits.

3. How we use your information

  • to provide and operate the Service, including bookings and calendar sync;
  • to send transactional email (verification, password resets, booking confirmations, reminders, and billing notices);
  • to process payments and manage subscriptions;
  • to secure the Service, prevent abuse, and debug;
  • to analyse usage and improve our products;
  • to comply with legal obligations.

4. Legal bases (UK/EEA)

Where applicable, we rely on: performance of our contract with you (to provide the Service); your consent (for example, connecting Google, and analytics where consent is required); our legitimate interests (to secure and improve the Service); and compliance with legal obligations.

5. How we share information

We do not sell your personal information. We share it with service providers who process it on our behalf, including:

  • Google — calendar sync;
  • Stripe — payment processing;
  • Resend — sending transactional email;
  • Supabase — database hosting;
  • Vercel — application hosting;
  • Google Analytics — usage analytics.

We may also disclose information to comply with the law or to protect our rights, and in connection with a merger, acquisition, or sale of assets.

6. Data retention

We keep your information for as long as your account is active. When you delete your account, we delete or anonymise your personal data, except where we must retain certain records (for example, for billing, tax, or legal compliance).

7. Security

We protect your data with encryption in transit, hashed passwords, access controls, and — where enabled — encryption of third-party tokens at rest. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

8. Your rights

Depending on where you live, you may have the right to access, correct, delete, or export your personal data, to object to or restrict certain processing, and to withdraw consent. You can delete your account and data at any time from your settings, or contact us to exercise other rights. If you are in the UK or EEA, you also have the right to complain to your data-protection authority (in the UK, the ICO).

9. International transfers

Your information may be processed in countries other than your own, including by the providers listed above. Where required, we rely on appropriate safeguards for such transfers.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal data.

11. Changes to this policy

We may update this policy from time to time. We will update the “last updated” date above and, for material changes, take reasonable steps to notify you.

12. Contact

For privacy questions or requests, email privacy@withjoust.com.