Welcome to Jiffie (accessible via https://jiffie.co.za). Jiffie (“we,” “us,” or “our”) is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our booking application and services, with a specific focus on our integration with Google User Data.
We comply with the Protection of Personal Information Act (POPIA) of South Africa and relevant global data protection standards, including Google’s API Services User Data Policy.
1. Information We Collect and How We Use It
To provide our core booking and automated scheduling services, Jiffie collects and processes personal information.
Google User Data (Google Calendar Integration)
Jiffie requests access to your Google Calendar via OAuth tokens.
- Scope of Access: We only request access to read, write, modify, or view calendars and calendar events.
- Purpose: This access is strictly limited to syncing booking slots, checking your real-time availability to prevent double-bookings, and inserting confirmed customer appointments directly into your or your customer’s Google Calendar.
- Data Retention: We do not store a permanent copy of your historical calendar database. We only process active appointment details essential to maintaining the live calendar synchronization.
2. Data Sharing, Transfer, and Disclosure
Google Requirement: Clearly state with whom you share, transfer, or disclose Google user data.
- No Sharing or Selling: Jiffie does not share, sell, rent, trade, or transfer your Google user data, calendar information, or personal profile data to any third-party advertisers, data brokers, or external commercial entities.
- Third-Party Service Providers: We only transfer your data to trusted cloud infrastructure providers strictly necessary to operate the Jiffie application platform (such as our database hosting provider, Google Firebase). These service providers are legally and contractually bound to maintain strict confidentiality and are prohibited from using your data for any other purpose.
- Legal Disclosures: We will only disclose personal data if required to do so by South African law or in response to valid legal processes by public authorities.
3. Data Protection and Security Mechanisms
Google Requirement: Specify data protection mechanisms for sensitive data.
We take the security of your sensitive information and Google User Data very seriously. Jiffie utilizes professional-grade hosting infrastructure provided by Google Firebase and implements the following strict data protection mechanisms:
- Encryption in Transit: All communication and data transfers between the user, the Jiffie platform, and Google APIs are secured using industry-standard Transport Layer Security (TLS/HTTPS) encryption protocols.
- Encryption at Rest: All personal information and authentication tokens stored within our Google Firebase production database are encrypted at rest using advanced encryption standards (AES-256).
- Access Control: Access to production databases and Firebase environments is strictly restricted to authorized system administrators using multi-factor authentication (MFA) and the principle of least privilege.
- Token Safeguards: Google OAuth access tokens are stored securely using encrypted environment keys and are never exposed publicly or via client-side code.
4. Google API Services User Data Policy Compliance
Jiffie’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data to serve advertisements, train AI/machine learning models, or track user behavior across external websites.
5. Your Rights and Data Retention
Under POPIA, you have the right to access, rectify, or request the deletion of your personal information held by Jiffie. You can revoke Jiffie’s access to your Google Calendar at any time via your Google Account Security Settings page or by deleting your account inside the Jiffie app. Upon account deletion, all associated OAuth tokens and synced session data will be permanently removed from our databases.
6. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us at: