Privacy Policy

List-itt Customer Privacy Notice

This privacy notice tells you what to expect us to do with your personal information.

Contact Details jamie@list-itt.com

What Information we Collect, Use, and Why to provide services and goods, including delivery:

Names and contact details
Addresses
Date of birth
Payment details (including card or bank information for transfers and direct debits)
Account information

For the operation of customer accounts and guarantees:

Names and contact details
Addresses
Payment details (including card or bank information for transfers and direct debits)

For service updates or marketing purposes:

Names and contact details
Addresses
Marketing preferences
IP addresses
Website and app user journey information

To comply with legal requirements:

Name
Contact information

Lawful Bases and Data Protection Rights

Under UK data protection law, we must have a "lawful basis" for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO's website.

Which lawful basis we rely on may affect your data protection rights which are set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO's website:

Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for.
Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.
Your right to erasure - You have the right to ask us to delete your personal information.
Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information.
Your right to object to processing - You have the right to object to the processing of your personal data.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.
Your right to withdraw consent - When we use consent as our lawful basis you have the right to withdraw your consent at any time.

If you make a request, we must respond to you without undue delay and in any event within one month.
To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our Lawful Bases for Collection and Use of Your Data

For providing services and goods:

Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
Contract - we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

For operation of customer accounts and guarantees:

Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
Contract - we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

For service updates or marketing purposes:

Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
Contract - we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

For legal requirements:

Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
Contract - we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

Where We Get Personal Information From

Directly from you
Google Calendar (when you connect your Google account for calendar synchronisation)

Google Calendar Integration
List-itt offers optional integration with Google Calendar to help business owners synchronise their availability and bookings. This section explains how we handle data from Google Calendar.

What Google Data We Access
When you connect your Google Calendar, we access:

Your calendar list (to identify which calendars to sync)
Calendar events (to display your existing commitments and avoid double-booking)
Event details including title, start/end times, and availability status

How We Use Google Data
We use your Google Calendar data solely to:

Display your existing calendar events alongside List-itt bookings
Block time slots that conflict with your Google Calendar events
Create new calendar events when customers book appointments with you
Update or remove calendar events when bookings are modified or cancelled

OAuth Scopes We Request
We request only the minimum permissions necessary to provide calendar synchronisation:

https://www.googleapis.com/auth/calendar.readonly - To read your calendar list and existing events
https://www.googleapis.com/auth/calendar.events - To create, update, and delete booking events on your calendar

Revoking Google Calendar Access
You can disconnect your Google Calendar at any time from your List-itt calendar settings. When disconnected, we immediately delete your Google OAuth tokens and stop accessing your Google Calendar data. You can also revoke access directly from your Google Account permissions.

Data Sharing and Disclosure
We do not sell your personal information, including any data obtained from Google APIs, to third parties.

Who We Share Data With
We may share your information with the following categories of recipients:

Google APIs - When you connect Google Calendar, we exchange data with Google's servers to synchronise your calendar.
Payment Processors (Stripe) - To process payments securely. Stripe receives payment card details directly; we do not store full card numbers.
Email Service Providers (SendGrid) - To send booking confirmations, reminders, and other transactional emails.
Cloud Infrastructure Providers - Our hosting and database providers (Replit, Neon) process data on our behalf under strict data processing agreements.

Google User Data Sharing
We do not share, transfer, or disclose Google user data to any third parties except as required to provide our calendar synchronisation service (i.e., communicating with Google APIs). Your Google Calendar data is used exclusively within List-itt to display availability and manage bookings.
Data Protection and Security

We implement appropriate technical and organisational measures to protect your personal information, including data obtained from Google APIs.

Encryption

In Transit - All data transmitted between your browser, our servers, and third-party services is encrypted using TLS (Transport Layer Security)
At Rest - Data stored in our databases is encrypted using industry-standard encryption protocols

Access Controls

Access to personal data is restricted to authorised personnel on a need-to-know basis
We use role-based access controls to limit what data different team members can view
Administrative access requires strong authentication

Token and Credential Security

OAuth tokens for Google Calendar are stored securely in our encrypted database
Tokens are automatically refreshed and old tokens are invalidated
API keys and secrets are stored in secure environment variables, never in code

Monitoring and Incident Response

We monitor our systems for suspicious activity
In the event of a data breach affecting your personal data, we will notify you and relevant authorities as required by law

Data Retention
We retain your personal information only for as long as necessary to provide our services and fulfil the purposes described in this policy.

Account Data
Your account information is retained while your account is active. If you request account deletion, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Google Calendar Data

Google OAuth tokens are deleted immediately when you disconnect your Google Calendar
Cached calendar event data is deleted within 24 hours of disconnection
We do not retain copies of your Google Calendar data after you revoke access

Booking and Transaction Data
Booking records and payment transaction history may be retained for up to 7 years to comply with tax and accounting regulations.

How to Complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we've used your data after raising a complaint with us, you can also complain to the ICO.

The ICO's address:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Privacy Policy

List-itt Customer Privacy Notice This privacy notice tells you what to expect us to do with your personal information. Contact Details jamie@list-itt.com What Information we Collect, Use, and Why to provide services and goods, including delivery:

Names and contact details

Addresses

Date of birth

Payment details (including card or bank information for transfers and direct debits)

Account information

For the operation of customer accounts and guarantees:

Names and contact details

Addresses

Payment details (including card or bank information for transfers and direct debits)

For service updates or marketing purposes:

Names and contact details

Addresses

Marketing preferences

IP addresses

Website and app user journey information

To comply with legal requirements:

Name

Contact information

Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.

Your right to erasure - You have the right to ask us to delete your personal information.

Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information.

Your right to object to processing - You have the right to object to the processing of your personal data.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.

Your right to withdraw consent - When we use consent as our lawful basis you have the right to withdraw your consent at any time.

Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Contract - we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

For operation of customer accounts and guarantees:

Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Contract - we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

For service updates or marketing purposes:

Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Contract - we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

For legal requirements:

Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Contract - we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

Where We Get Personal Information From

Directly from you

Google Calendar (when you connect your Google account for calendar synchronisation)

Google Calendar Integration List-itt offers optional integration with Google Calendar to help business owners synchronise their availability and bookings. This section explains how we handle data from Google Calendar. What Google Data We Access When you connect your Google Calendar, we access:

Your calendar list (to identify which calendars to sync)

Calendar events (to display your existing commitments and avoid double-booking)

Event details including title, start/end times, and availability status

How We Use Google Data We use your Google Calendar data solely to:

Display your existing calendar events alongside List-itt bookings

Block time slots that conflict with your Google Calendar events

Create new calendar events when customers book appointments with you

Update or remove calendar events when bookings are modified or cancelled

OAuth Scopes We Request We request only the minimum permissions necessary to provide calendar synchronisation:

https://www.googleapis.com/auth/calendar.readonly - To read your calendar list and existing events

https://www.googleapis.com/auth/calendar.events - To create, update, and delete booking events on your calendar

Google APIs - When you connect Google Calendar, we exchange data with Google's servers to synchronise your calendar.

Payment Processors (Stripe) - To process payments securely. Stripe receives payment card details directly; we do not store full card numbers.

Email Service Providers (SendGrid) - To send booking confirmations, reminders, and other transactional emails.

Cloud Infrastructure Providers - Our hosting and database providers (Replit, Neon) process data on our behalf under strict data processing agreements.

In Transit - All data transmitted between your browser, our servers, and third-party services is encrypted using TLS (Transport Layer Security)

At Rest - Data stored in our databases is encrypted using industry-standard encryption protocols

Access Controls

Access to personal data is restricted to authorised personnel on a need-to-know basis

We use role-based access controls to limit what data different team members can view

Administrative access requires strong authentication

Token and Credential Security

OAuth tokens for Google Calendar are stored securely in our encrypted database

Tokens are automatically refreshed and old tokens are invalidated

API keys and secrets are stored in secure environment variables, never in code

Monitoring and Incident Response

We monitor our systems for suspicious activity

In the event of a data breach affecting your personal data, we will notify you and relevant authorities as required by law

Google OAuth tokens are deleted immediately when you disconnect your Google Calendar

Cached calendar event data is deleted within 24 hours of disconnection

We do not retain copies of your Google Calendar data after you revoke access

List-itt Customer Privacy Notice

This privacy notice tells you what to expect us to do with your personal information.

Contact Details jamie@list-itt.com

What Information we Collect, Use, and Why to provide services and goods, including delivery:

Google Calendar Integration
List-itt offers optional integration with Google Calendar to help business owners synchronise their availability and bookings. This section explains how we handle data from Google Calendar.

What Google Data We Access
When you connect your Google Calendar, we access:

How We Use Google Data
We use your Google Calendar data solely to:

OAuth Scopes We Request
We request only the minimum permissions necessary to provide calendar synchronisation: