Privacy Policy

When you sign in with Google we receive your email, name, and Google ID. When you create rounds we store the names and emails of hiring managers and candidates you invite. If a hiring manager connects their Google calendar we store an OAuth refresh token so we can create and release held events on their behalf.

We use this data exclusively to operate Heldly: send transactional email, create and remove held calendar events, and bill subscriptions. We do not sell, share, or use it for advertising.

Heldly's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use calendar.events and calendar.readonly scopes only to read free/busy windows and to write tentative events that represent held slots.

Data is stored in Supabase (Frankfurt, EU). You can delete your account from /account at any time, which removes all associated rounds, slots, calendar tokens, and personal data within 30 days.

Supabase (database), Stripe (billing), Resend (email), Vercel (hosting), Google (OAuth + Calendar API). All are used solely to operate the service.