Privacy Policy

1. Overview

PlanOS ("we," "our," or "us") is operated by Mood Photo & Video. This Privacy Policy describes how we collect, use, store, and protect information when you use the PlanOS platform at getplanos.com and app.getplanos.com (collectively, the "Service").

By creating an account or using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use PlanOS.

We are committed to protecting your privacy and to complying with all applicable data protection laws, including the California Consumer Privacy Act (CCPA) and, where applicable, the General Data Protection Regulation (GDPR).

2. Information We Collect

Account Information

When you register for PlanOS, we collect:

Full name and email address
Business name and contact information
Password (stored as a hashed, salted value — never in plain text)
Profile and billing information

Client & Event Data

As part of using PlanOS to manage your business, you may upload or create:

Client names, contact details, and personal information (e.g., wedding date, venue, guest count)
Event timelines, vendor contacts, and coordination notes
Documents, templates, and exported files you generate within the platform

This data belongs to you. We act as a data processor on your behalf and process it only to provide the Service.

Google OAuth Tokens

If you choose to connect your Google account to PlanOS, we collect and securely store OAuth access and refresh tokens for the following Google API scopes:

Google Calendar — to read and display your calendar events within the PlanOS dashboard
Gmail (send-only) — to send emails to your clients and vendors on your behalf from within PlanOS

Connecting your Google account is optional. You may revoke access at any time from your Google Account security settings at myaccount.google.com/permissions.

Usage Data

We automatically collect certain technical information when you use the Service, including:

IP address, browser type, and operating system
Pages visited, features used, and time spent in the app
Device type and referring URLs
Error logs and performance data

This data is used to improve the Service and diagnose technical issues.

Payment Information

PlanOS uses Stripe to process payments. We do not store your full credit card number on our servers. Stripe collects and processes all payment information in accordance with PCI-DSS standards. We receive only a payment token and basic billing details (e.g., last four digits, expiration date) for record-keeping.

3. Google API Data & User Data Policy

PlanOS's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We access Google user data only when you explicitly authorize us to do so through Google's OAuth consent flow. Our use of Google user data is governed by the following specific commitments:

Google Calendar

We access your Google Calendar data solely to read and display your existing calendar events within the PlanOS dashboard.
We do not create, modify, or delete calendar events without your explicit action within the app.
Calendar data is not shared with any third party, used for advertising, or combined with data from other services for profiling purposes.

Gmail (Send Access)

We use Gmail send access only to send emails on your behalf to your clients and vendors from within PlanOS.
We send emails only when you explicitly trigger the action in PlanOS (e.g., clicking "Send Timeline to Vendors").
We do not read, scan, or index the content of your Gmail inbox.
Gmail send access is not used for advertising, marketing to third parties, or any purpose beyond sending emails at your explicit direction.

Limited Use Disclosure

PlanOS's use of data obtained through Google APIs is limited to the following:

Providing and improving the PlanOS Service as described in this Privacy Policy
We do not use Google user data to develop, improve, or train generalized AI or machine learning models
We do not allow humans to read your Google user data unless: (a) you have given us express permission; (b) it is necessary for security purposes; or (c) we are required to do so by law
We do not sell, rent, or transfer Google user data to third parties
We do not use Google user data for advertising or remarketing

Token Storage & Security

Google OAuth tokens are encrypted at rest using AES-256 encryption and stored securely in our database (hosted on Supabase). Tokens are transmitted over HTTPS only and are never logged or exposed in application logs.

4. How We Use Your Information

We use the information we collect to:

Provide the Service — create and manage your account, process your events and timelines, and deliver core features
Sync calendar events — display Google Calendar events inside the PlanOS dashboard when you authorize this integration
Send emails on your behalf — transmit vendor coordination emails, timeline exports, and client communications that you initiate within PlanOS
Process payments — manage subscriptions and billing via Stripe
Improve the Service — analyze usage patterns to fix bugs, improve performance, and develop new features
Communicate with you — send account notifications, product updates, and support responses. You may opt out of marketing emails at any time.
Comply with legal obligations — respond to lawful requests from government authorities where required

5. Third-Party Services

We work with trusted third-party service providers to operate PlanOS. These providers have access to your data only to the extent necessary to perform their services and are contractually obligated to protect it.

Supabase

We use Supabase for database hosting and storage. Your account data, event data, and encrypted Google OAuth tokens are stored on Supabase infrastructure. Supabase operates on AWS and complies with SOC 2 Type II and ISO 27001 standards.

Netlify

Our marketing website is hosted on Netlify. Netlify may log visitor IP addresses and browser information as part of its standard web hosting operations.

Stripe

Payment processing is handled by Stripe, Inc. Stripe collects and processes payment card data under PCI-DSS compliance. You can review Stripe's privacy practices at stripe.com/privacy.

Google LLC

When you connect your Google account, you are subject to Google's Privacy Policy in addition to ours. PlanOS's use of Google API data is subject to the Google API Services User Data Policy as stated in Section 3 above.

6. Data Sharing

We do not sell your personal information. We do not share your data with third parties for advertising purposes.

We may share your information in the following limited circumstances:

Service providers — as described in Section 5, to the extent necessary to operate the Service
Legal compliance — if required by law, court order, or a valid governmental request
Business transfers — in connection with a merger, acquisition, or sale of assets, where user data may be transferred as part of the transaction. We will notify you before your data is subject to a materially different privacy policy.
With your consent — in any other circumstances, only with your explicit consent

We do not share Google user data with third parties except as required to provide the PlanOS Service (i.e., to Supabase for storage). We never share Google user data for advertising or marketing purposes.

7. Data Retention & Deletion

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

Account data — retained for the lifetime of your account plus 30 days after deletion to allow for recovery
Event and client data — retained while your account is active; deleted upon account deletion
Google OAuth tokens — deleted from our systems immediately upon disconnecting your Google account or deleting your PlanOS account
Payment records — retained for 7 years to comply with tax and accounting regulations
Usage logs — retained for up to 12 months for security and performance analysis

Account Deletion

You may delete your account at any time by emailing support@getplanos.com or through the account settings in the app. Upon deletion, all your personal data, event data, client data, and Google tokens will be permanently removed from our active systems within 30 days. Anonymized or aggregated data that does not identify you may be retained for analytics purposes.

8. Security

We implement industry-standard security measures to protect your data, including:

HTTPS encryption for all data in transit (TLS 1.2+)
AES-256 encryption at rest for sensitive data, including OAuth tokens
Role-based access controls limiting which employees can access user data
Regular security reviews and vulnerability assessments
Secure password hashing using bcrypt

No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at support@getplanos.com.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Access — request a copy of the personal data we hold about you
Correction — request correction of inaccurate or incomplete data
Deletion — request deletion of your personal data (subject to legal retention requirements)
Portability — request a machine-readable export of your data
Restriction — request that we limit how we use your data
Objection — object to certain processing of your data, including direct marketing
Withdraw consent — where processing is based on consent, you may withdraw it at any time (including revoking Google OAuth access)

California residents have additional rights under the CCPA, including the right to know what personal information is collected, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising these rights.

To exercise any of these rights, contact us at support@getplanos.com. We will respond within 30 days.

10. Children's Privacy

PlanOS is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete such information immediately. If you believe we have collected information from a child under 13, please contact us at support@getplanos.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

Update the "Effective Date" at the top of this page
Send an email notification to registered users
Display a prominent notice within the PlanOS app

Your continued use of PlanOS after changes become effective constitutes your acceptance of the updated Privacy Policy. We encourage you to review this page periodically.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have a concern about how we handle your data, please contact us:

PlanOS (operated by Mood Photo & Video)
Email: support@getplanos.com
Website: getplanos.com

We take privacy concerns seriously and will respond to all inquiries within 30 days.