Privacy Policy
Last updated: January 10, 2026
Introduction
Z.O.D. AON ("we," "our," or "us") provides the Meeter scheduling platform that enables users ("hosts") to create booking links for visitors to schedule meetings. Meeter is a product of Z.O.D. AON. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our service at meeterapp.net (the "Service").
We are committed to data minimization. We only collect information that is strictly necessary for the Service to function, and we do not sell, rent, or share your personal information for advertising or marketing purposes.
Information We Collect
Information You Provide
Account Information (Hosts)
When you create an account, we collect:
- Email address (required for account verification and communication)
- Full name (displayed to visitors booking with you)
- Password (stored as a cryptographic hash, never in plain text)
If you sign up via Google or Microsoft OAuth, we receive your email and display name from those providers. We do not access any other profile information.
Booking Information (Visitors)
When a visitor books a meeting through a host's booking link, we collect:
- Name and email address
- Timezone
- Optional notes provided by the visitor
- Selected meeting time
Payment Information
If you purchase credits through our Service, payments are processed by Paddle. We do not store credit card numbers or payment details on our servers. We only receive confirmation of successful transactions and the credit amount purchased.
Support Communications
When you contact our support team, we store the content of your messages to provide assistance and improve our Service.
Information Collected Automatically
Authentication Tokens
We use secure, encrypted tokens to maintain your login session. These tokens are stored as cryptographic hashes in our database and as HTTP-only cookies in your browser.
Device and Usage Information
We collect limited technical information for security and service operation:
- IP address (for rate limiting and abuse prevention)
- Browser user-agent (for session management)
- Timestamps of requests
Feature Flags
We use a visitor ID stored in your browser's local storage for A/B testing and feature rollouts. This ID is randomly generated and does not contain personal information.
Information from Third-Party Integrations
When you connect calendar services, we access only the data necessary to check your availability and create calendar events:
Google Calendar
- Calendar events (times and availability status only)
- OAuth tokens to maintain the connection (stored encrypted)
Microsoft Outlook Calendar
- Calendar events (times and availability status only)
- OAuth tokens to maintain the connection (stored encrypted)
We do not read, store, or have access to the content of your calendar events, attendees, locations, or descriptions unless specifically required to display them back to you.
How We Use Your Information
We use collected information solely for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Provide and operate the scheduling Service | Contract performance |
| Send booking confirmations and reminders | Contract performance |
| Process payments for credit purchases | Contract performance |
| Verify your email address | Legitimate interest (security) |
| Prevent fraud and abuse | Legitimate interest (security) |
| Send password reset emails | Your request |
| Improve Service reliability and performance | Legitimate interest |
| Provide customer support | Contract performance |
| Comply with legal obligations | Legal requirement |
We do not:
- Sell or rent your personal information
- Use your information for third-party advertising
- Create behavioral profiles for marketing
- Share your data with data brokers
Information Sharing and Disclosure
We share information only in the following limited circumstances:
Service Providers
We use the following third-party services that process data on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Resend | Email delivery | Email address, name, booking details |
| Paddle | Payment processing | Email, transaction details (no card data) |
| Cloudflare | Bot protection (Turnstile) | IP address, browser fingerprint |
| OAuth & Calendar | Account info, calendar availability | |
| Microsoft | OAuth & Calendar | Account info, calendar availability |
Each provider is bound by their own privacy policies and data processing agreements.
Legal Requirements
We may disclose information if required by law, subpoena, or legal process, or if we believe disclosure is necessary to:
- Protect our rights, property, or safety
- Prevent fraud or abuse
- Comply with applicable law
Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change and your choices regarding your information.
Data Security
We implement industry-standard security measures:
- Encryption in Transit: All data transmitted via HTTPS/TLS
- Encryption at Rest: Calendar OAuth tokens encrypted with AES-256
- Password Security: Passwords hashed using bcrypt with strong work factors
- Token Security: Refresh tokens and sensitive tokens are hashed before storage
- Access Controls: Role-based access with principle of least privilege
- Rate Limiting: Protection against brute-force and abuse attacks
- Webhook Verification: All incoming webhooks verified via HMAC signatures
Data Retention
We retain data only as long as necessary:
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion |
| Booking records | Until deleted by host or account closure |
| Calendar tokens | Until calendar disconnection |
| Authentication tokens | 30 days (refresh), 15 minutes (access) |
| Rate limiting records | 48 hours (automatically deleted) |
| Analytics data | 2 years for events, 3 years for aggregates |
| Support tickets | Until account deletion |
Your Rights and Choices
You have the following rights regarding your personal information:
Access and Export
You can view your account information, booking history, and settings at any time through your dashboard.
Correction
You can update your name, email, and password through your account settings.
Deletion
You can delete your account through Settings. Account deletion:
- Immediately revokes all active sessions
- Removes access to your data
- Soft-deletes your data (recoverable for 30 days if you change your mind)
- After 30 days, data is permanently purged
Disconnect Integrations
You can disconnect any calendar integration at any time through Settings. This immediately removes stored OAuth tokens.
Withdraw Consent
Where processing is based on consent, you may withdraw consent at any time.
Data Portability
Contact us at [email protected] to request a copy of your data in a structured format.
Lodge a Complaint
You have the right to lodge a complaint with your local data protection authority.
Cookies and Local Storage
We use minimal browser storage:
| Name | Type | Purpose | Duration |
|---|---|---|---|
| meter_auth_token | Cookie (HttpOnly) | Authentication | 15 minutes |
| meter_refresh_token | Cookie (HttpOnly) | Session persistence | 30 days |
| meter_visitor_id | Local Storage | A/B testing | Persistent |
We do not use third-party tracking cookies, analytics services like Google Analytics, or advertising pixels.
Children's Privacy
The Service is not intended for children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
International Data Transfers
If you are accessing the Service from outside the country where our servers are located, your information may be transferred across borders. We ensure appropriate safeguards are in place for such transfers.
Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by:
- Posting the updated policy with a new "Last Updated" date
- Sending an email notification for significant changes
Your continued use of the Service after changes constitutes acceptance of the updated policy.
Contact Us
For privacy-related inquiries, requests, or complaints:
Email: [email protected]
We aim to respond to all requests within 30 days.
Summary
- We collect only what's necessary for scheduling to work
- We don't sell your data or use it for advertising
- You're in control — delete your account, disconnect integrations anytime
- Your data is protected with encryption and security best practices
- We're transparent about what we collect and why