Privacy Policy

Last updated: April 27, 2026

Who We Are

ArborOne Scheduler("ArborOne Scheduler," "the Service," "we," "us") is an operations platform used inside allowlisted tree-care companies. The Service is operated by ArborOne ("ArborOne," "the Company").

If you are an estimator, office admin, or owner at one of the companies that uses ArborOne Scheduler, this policy explains what information we collect from you, how we use it, and how you can review or delete it. If you are a customer of one of those tree-care companies booking an appointment through a public booking link, the policy from the tree-care company you are booking with controls — ArborOne Scheduler is the back-office tool that company uses to run its schedule.

Scope of This Policy

This policy covers the ArborOne Scheduler application served at schedule.goarborone.com, platform.goarborone.com, and any subdomains that route to it. It does not cover the marketing or service websites of the individual tree-care companies that use ArborOne Scheduler.

Information We Collect

Account information

When your company invites you to ArborOne Scheduler, we record:

  • Your name and work email address
  • The company (tenant) you belong to and your role (estimator, admin, or owner)
  • The Google account you sign in with, and the Google sub identifier returned by Google's OAuth flow
  • Sign-in timestamps, the IP address that made the request, and the browser user-agent — used for security audit and account-status display

Operational data you create

As you use the Service we record the customers, appointments, time blocks, notes, and other operational records you and your colleagues create. This data belongs to your company; ArborOne Scheduler holds it on the company's behalf so the team can collaborate.

Google Calendar data (estimator role only)

If you are an estimator and you connect your Google Calendar, we receive an OAuth refresh token from Google and use it to:

  • Read your calendar's busy/free intervals so the scheduler does not double-book you on top of existing meetings or appointments.
  • Write events on your calendar for appointments customers book through the Service, so your day reads the same in Google Calendar as it does in ArborOne Scheduler.
  • Update or remove those events when an appointment is rescheduled or cancelled.

We do not read the contents of meetings or appointments that ArborOne Scheduler did not create. We do not access your other Google services (Gmail, Drive, Contacts, Photos). We do not share any Calendar data with third parties.

Google API Services User Data Policy

ArborOne Scheduler's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, the Service:

  • Uses Google user data only to provide the user-facing scheduling features described in this policy.
  • Does not transfer Google user data to third parties except as necessary to provide the Service (for example, the cloud database that stores the user's OAuth refresh token), to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to affected users.
  • Does not use Google user data for serving advertisements.
  • Does not allow humans to read Google user data unless we have the user's affirmative agreement for specific messages, doing so is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for the Service's internal operations and only when the data has been aggregated and anonymized.

How We Use Your Information

  • Provide the Service. Authenticate you, render your dashboard, schedule appointments, and write events to your calendar.
  • Operate and improve. Diagnose errors, monitor performance, and improve the Service's reliability and usability.
  • Communicate. Send service-related emails (for example, an invitation when your company adds you, or a notice when your calendar connection lapses).
  • Comply and protect. Detect abuse, enforce our Terms of Service, and comply with legal obligations.

We do not use your Google Calendar data, your operational data, or your account data to train machine learning or AI models that are exposed to anyone outside your company.

How We Share Information

We share information only as follows:

  • Within your company. Other authorized users in your company tenant can see operational records (customers, appointments, scheduling visibility) consistent with their role. Your Google Calendar refresh token is not visible to other users.
  • Service providers we use to run the Service. Cloud hosting (Vercel), the application database (Supabase), email delivery (Resend), and authentication (Google). Each is contractually obligated to protect your information and use it only to provide their service to ArborOne Scheduler.
  • Legal compliance. When required by valid legal process, or when reasonably necessary to protect the rights, property, or safety of users, the public, or the Company.
  • Business transfers. If ArborOne is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction; we will notify affected users before such a transfer.

We do not sell your information to anyone, ever.

Data Retention

We retain account information and operational data for as long as your company maintains an active subscription, plus a commercially reasonable period after termination during which the company may export its data. Google Calendar OAuth refresh tokens are retained only while you remain an active estimator with calendar access; they are deleted when you are removed from the company or when you revoke access (see below).

Application logs that may include identifying metadata (sign-in timestamps, IP addresses, request paths) are retained for up to 90 days and then deleted.

Revoking Access and Deleting Your Data

You can revoke ArborOne Scheduler's access to your Google Calendar at any time at myaccount.google.com/permissions. After you revoke, we delete the stored refresh token. Any events ArborOne Scheduler had previously written to your calendar remain on your calendar; you can delete them through Google Calendar directly.

To request deletion of your account and the operational data tied to it, email us at privacy@goarborone.com. Because much of the operational data (customers, appointments) belongs to your company rather than to you individually, deletion of records may be subject to your company's instructions.

Security

We use industry-standard practices to protect your information: encrypted transport (HTTPS) for every request, encrypted-at-rest database storage, hardened OAuth handling for Google credentials, and role-scoped access inside the application. No system is perfectly secure; if we discover a breach affecting your information we will notify you and the appropriate authorities consistent with applicable law.

Children

ArborOne Scheduler is a workplace tool intended for adult employees of tree-care companies. The Service is not directed at children under 13 and we do not knowingly collect information from children.

Your Rights

Depending on where you live, you may have the right to access, correct, delete, or port the personal information we hold about you, or to object to certain processing. You can exercise these rights by emailing privacy@goarborone.com. We will respond within the time required by applicable law.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with a new "Last updated" date. Material changes will additionally be communicated by email to active users. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

Contact Us

Questions about this policy or about how we handle your information?

ArborOne

Email: privacy@goarborone.com

See also our Terms of Service.