Privacy Policy

Who we are

CheddarCheck is a session scheduling and billing tool for personal trainers, available at cheddarcheck.com. This policy explains what data we collect, how we use it, and your rights.

What we collect from Google

When you sign in with Google, we request the following Google API scopes. We use the minimum scopes required to deliver the features you opt into:

• openid, userinfo.email, userinfo.profile— used to create and identify your CheddarCheck account. We store your Google account ID, email address, name, and profile picture URL.
• https://www.googleapis.com/auth/calendar.events— only requested if you explicitly connect Google Calendar in Settings. We use it to create, update, and delete calendar events that correspond to training sessions you book in CheddarCheck. We do not read events that CheddarCheck did not create, and we do not access any other calendar data.

What we collect from you

Sessions you book, clients you add, payment amounts and balances, session notes you write, and preferences you set. This is the data CheddarCheck needs to track your training schedule and billing.

How we use your data

Your data is used solely to provide CheddarCheck features: session tracking, client management, payment tracking, and Google Calendar synchronization. We do not sell your data, share it with advertisers, or use it to train any AI or machine learning model.

Google API Services User Data Policy

CheddarCheck's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features that are prominent in CheddarCheck's user interface, and we do not use Google user data for serving advertisements or for any purpose unrelated to the features the user has opted into.

Data storage and security

Your data is hosted on Vercel and stored in a managed PostgreSQL database. Google OAuth refresh tokens are encrypted at rest using AES-256-GCM before being written to the database. All traffic is served over HTTPS.

Third-party services

We use Google OAuth for sign-in and Google Calendar API for calendar synchronization. We do not share your data with any other third-party service for analytics, advertising, or any other purpose.

Data retention and deletion

We retain your data for as long as your CheddarCheck account is active. You can disconnect Google Calendar at any time from Settings, which immediately deletes the stored Google refresh token. To delete your entire account and all associated data, email us at slavaai2025@gmail.com and we will process the request within 7 days.

Contact

Questions about this policy or your data? Email us at slavaai2025@gmail.com.