Privacy Policy

Version 5.1 | Last Updated: 21st December 2025

Introduction

Nusmark Ltd ("Nusmark", "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use our services via our website, web application, chat-based interfaces (including but not limited to WhatsApp Business, Slack, and Microsoft Teams), calendar and productivity integrations (including Google Workspace and Microsoft Outlook), booking links, and related features (collectively, the “Services”).

By using our Services, you agree to the practices described in this Privacy Policy, which is designed to comply with applicable data protection laws, including the UK GDPR, EU GDPR, and the Data Protection Act 2018.

1. Information We Collect

1.1 Personal Data

When you use the Services, we may collect and process personal data including, but not limited to:

• Name, email address, and phone number
• Account identifiers and authentication details
• Workspace, organisation, or team information where applicable
• Referral, invitation, or booking-related information

This information may be provided directly by you, by users you interact with, or via accounts and integrations you authorise.

1.2 Usage and Content Data

To provide scheduling, booking, and automation functionality, we collect and process:

• Message content submitted through chat-based interfaces
• Calendar event data, including titles, descriptions, times, organisers, and attendees
• Availability and free or busy information for users and members of linked Google or Microsoft workspaces
• Logs, metadata, and records of actions taken within the Services
• Device, browser, IP address, and interaction data

This data is processed solely to operate, secure, and improve the Services.

1.3 Third-Party Integrations

When you connect third-party services such as Google Workspace, Microsoft Outlook, Slack, Microsoft Teams, or CRM platforms, we may collect:

• Calendar metadata and availability information
• Workspace-level information made available through granted permissions
• Authentication credentials and access tokens, which are stored securely and encrypted

We collect and process only the data necessary to deliver the features you enable.

2. Children's Data

The Services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children without appropriate parental consent where required by law. If we become aware that personal data from a minor has been collected unlawfully, we will delete it promptly.

3. Lawful Basis for Processing

We process personal data under one or more of the following lawful bases:

• Your consent, where required
• Performance of a contract, to provide the Services you request
• Legitimate interests, including operating, maintaining, securing, and improving the Services, where such interests are not overridden by your rights

4. How We Use Your Data

We use personal data to:

• Create, edit, manage, and reschedule calendar items and bookings
• Generate, host, and operate booking links and availability workflows
• Synchronise data across connected services and user interfaces
• Execute user-configured rules, automation, and agent-assisted actions
• Send confirmations, reminders, notifications, and service-related communications
• Provide onboarding, support, and account administration
• Maintain platform security, prevent misuse, and ensure reliability

AI-assisted features operate on customer-provided data and instructions and are designed to assist users. Outputs may be probabilistic and should be reviewed by users.

5. Google and Microsoft User Data

5.1 Use and Sharing

Data accessed via Google Workspace or Microsoft integrations is used strictly to provide Nusmark's scheduling, booking, availability, and automation functionality. We do not use this data for advertising or unrelated purposes.

We may share such data only:

• With your explicit authorisation
• To deliver requested features and integrations
• With vetted service providers acting under contractual confidentiality, security, and data protection obligations

5.2 Compliance

We comply with:

• Google API Services User Data Policy, including Limited Use requirements
• Microsoft Graph API and platform terms

6. Your Rights Under GDPR

Subject to applicable law, you have the right to:

• Access your personal data
• Rectify inaccurate or incomplete data
• Request erasure or restriction of processing
• Request data portability
• Object to certain processing activities
• Withdraw consent where processing is based on consent
• Lodge a complaint with a supervisory authority

Requests may be submitted by contacting legal@nusmark.com.

7. Third-Party Booking and Review Partners

To support bookings, reservations, or referrals, Nusmark may integrate with third-party platforms such as Mozrest or TripAdvisor.

These partners operate independently. Nusmark is not responsible for their services, privacy practices, availability, data handling, or contractual obligations. This includes booking errors, cancellations, disputes, outages, or misuse of data by those platforms.

Where personal data is shared with a third party, this occurs only to enable a user-requested integration and with appropriate consent. Each third-party provider acts as an independent data controller, governed by its own terms and privacy policies.

8. International Data Transfers

Where personal data is transferred outside the United Kingdom or European Economic Area, we implement appropriate safeguards, including standard contractual clauses or reliance on adequacy decisions, in accordance with applicable law.

9. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy:

• Account data is deleted or anonymised within a reasonable period following account termination, unless longer retention is required by law
• Booking, scheduling, and availability data is retained while relevant to active services or user access
• Audit, security, and referral-related data may be retained for compliance, fraud prevention, and legitimate business purposes

You may request deletion of your data, subject to legal or contractual requirements.

10. Data Security

We implement administrative, technical, and organisational measures designed to protect personal data, including encryption, access controls, logging, and regular security reviews. While we take reasonable steps to protect data, no system can guarantee absolute security.

11. Consent and Withdrawal

Where processing relies on consent, you may withdraw that consent at any time by contacting legal@nusmark.com. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

12. Supervisory Authorities

You may lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO).

13. Changes to This Policy

We may update this Privacy Policy to reflect legal, regulatory, operational, or product changes. Where required, we will notify you via email, in-app notice, or other appropriate communication channels.

14. Contact Us

Nusmark Ltd