Privacy Policy
Effective: 7 May 2026
This Privacy Policy describes how the Lagshaus Booking and Email Automation
system ("the Service", operated by Femi Lags) collects, uses, and stores
information from two distinct groups of people: visitors
who use the public booking page to request a meeting, and the
operator (the single Google account whose Gmail, Drive,
and Calendar the Service is authorised to manage on the operator's behalf).
The Service is operated by a single individual for the personal and
business management of one Google Workspace account. There is no
multi-tenant database, no advertising network, no analytics tracker,
and no third-party identity provider for visitors.
1. Information collected from booking-page visitors
When a visitor submits a meeting request via the booking form, we collect:
- Full name — used to identify the requester to the operator and (on approval) to populate the calendar event title.
- Email address — used to send the calendar invitation when a request is approved, and as a unique identifier when declining duplicate requests for the same time.
- Phone number (optional) — used only by the operator if direct contact is needed about the meeting.
- Purpose of meeting — a free-text description of what the visitor wishes to discuss; reviewed by the operator only.
- Requested start/end time — the calendar window the visitor selected.
- Submission timestamp — when the request was received.
No cookies, fingerprinting, IP-address logging, or third-party analytics
are used on the booking page. We do not embed any social-media buttons,
advertising, or behavioural tracking tags.
2. Information collected from the operator's Google account
With the operator's explicit consent through Google's standard OAuth flow,
the Service is granted scoped access to the operator's Gmail, Google Drive,
and Google Calendar. The data accessed is processed locally by the
Service and used only for the automation tasks the operator requested.
No operator-account data is ever exposed on the public booking page.
Google API scopes requested
gmail.readonly — read inbox messages for AI classification.gmail.modify and gmail.labels — apply labels and archive non-priority mail per the operator's classification rules.calendar — list events to render the busy/free view, and insert new events when the operator approves a booking.drive — classify and re-file the operator's existing Drive files into a folder taxonomy. The Service never deletes Drive content.
How operator data is used
- Email subject, sender, and a 4,000-character truncated body excerpt are sent to a generative AI model (Google's Gemini family via Google AI Studio) to produce a JSON classification (label, confidence, summary). PII (account numbers, SSNs) is regex-redacted before transmission.
- Drive file content snippets (≤4,000 characters) are sent to the same model for classification into a private folder taxonomy.
- Calendar event metadata is read for the operator's daily executive briefing and for the busy/free overlay shown on the public booking page (titles, attendees, descriptions, locations are stripped before any visitor-visible rendering).
- Attachments are never sent to AI models. They are classified by filename and MIME type only.
3. How information is stored
- Visitor booking requests are stored in a local CSV file on the operator's server (
data/automation-store/booking_requests.csv). They are not replicated, exported to third parties, or sent to any analytics service.
- Operator data stays on the operator's own machine in local CSV / JSONL files. AI Studio API calls are stateless from our side; whatever Google's AI Studio retains is governed by Google's privacy policy.
- OAuth tokens are stored on the operator's server in a local JSON file with file-system permissions restricted to the operator's user account.
4. Sharing of information
The Service does not sell, rent, or share your information with any third party except:
- Google — when calendar events are created on approved bookings, the requester's email is added as an attendee and Google sends them a calendar invitation. This is the standard Google Calendar invitation flow.
- Google AI Studio (operator data only) — redacted email and Drive content excerpts are sent to Google's Gemini models for classification. No visitor booking-form data is ever sent to AI models.
5. Your rights
- Visitors may request deletion of their booking record at any time by emailing the operator (see Contact). Approved bookings will also be removed from the calendar where the operator hosts the event.
- The operator may revoke OAuth access at any time via Google Account → Security → Third-party access. After revocation, the Service can no longer read or modify the operator's Google data.
6. Data retention
- Booking requests (pending, approved, rejected) are retained for as long as the Service is operated, unless deletion is requested.
- Local audit logs are retained on the operator's server.
- OAuth tokens are retained until the operator revokes them or the Service is decommissioned.
7. Security
All data is stored on a server controlled by the operator. The booking
application requires no visitor login and stores no passwords. Admin
access to the booking dashboard is gated by a username + password stored
in environment variables (not in source code) and a session-token system.
HTTPS / TLS encryption is provided by the operator's hosting infrastructure.
8. Children's privacy
The Service is not directed to children under 13 and we do not knowingly
collect personal information from them. If you believe a child has
submitted information through the booking page, please contact us so
we can remove it.
9. Changes to this policy
We may update this Privacy Policy from time to time. The "Effective"
date at the top will reflect the most recent revision.
10. Contact
Questions or requests about this policy can be sent to:
femi.lags@gmail.com.