Security

How Buxo handles your data — written plainly, not in legalese.

Authentication & Access

We connect to Google Calendar via OAuth with four scopes: read your calendar, create events on your behalf, and read your email and profile for sign-in. Nothing more.
Calendar event data (titles and times) is fetched for slot scoring and cached in Redis for 5 minutes. After that, it's gone.
When you disconnect your calendar, cached data is deleted immediately.

Google Calendar and Zoom OAuth tokens are stored in our PostgreSQL database.
Tokens are used only to read calendar events and create meeting links on your behalf.
You can revoke access at any time from your Settings page or from your Google Account.

Invitee information (name, email, optional phone, meeting intent) is stored only to facilitate the booking.
Invitees are not tracked across hosts. No cross-host profiling.

Your scheduling rules (natural language instructions) are compiled into deterministic rules at configuration time.
An LLM (OpenAI) is called only during slot scoring. It receives calendar event titles/times and candidate time slots. It does not receive invitee names, emails, or phone numbers.
No AI runs at booking time. Slot selection is deterministic and cached for up to 24 hours.
We do not use your calendar data or scheduling rules to train AI models.

You can delete your account from Settings. This removes your profile, schedules, event types, connected accounts, OAuth tokens, and chat history.
Want it done manually? Email security@buxo.ai. We'll wipe everything within 48 hours.

We don't sell your data.
We don't share calendar data with third parties (beyond Google/Zoom APIs for calendar sync and meeting creation).
We don't use your data to train models.
We don't track invitees across different hosts.

This page is not a replacement for our Privacy Policy or Terms of Service. It's a plain-language summary of how we handle your data. Questions? Reach out at security@buxo.ai.