Privacy Policy

Effective date: October 11, 2025

Controller: The Support Lab, United States

Contact: support@jeshe.co

This Privacy Policy explains how The Support Lab (“we,” “us,” “our”) handles personal information for our scheduling and operations platform (the “Service”). This is a global policy. Processing primarily occurs in the United States.

We do not sell personal information. We do not use personal information for advertising.

1. Roles and scope

When we are a controller: for account and site interactions, for example when you sign in, contact support, or manage your workspace settings.

When we are a processor: for customer content you or your company load into the Service. Your organization is the controller of that content. We process it under your instructions and our agreement.

2. Information we collect

We aim to collect only what is needed to run the Service.

Account and contact information for registered users, for example your email address and basic profile details you provide.

Service configuration you save, for example scheduling preferences and feature toggles.

Technical and support logs generated by normal operation, for example timestamps, general IP-derived location, device or browser metadata, error reports, and support messages you send us.

Customer content that your organization chooses to store in the Service, which we process on your organization’s behalf.

We do not intentionally collect sensitive categories of data unless you provide them and the law permits it.

3. How we use information

Provide, maintain, and improve the Service.

Authenticate users and operate requested features.

Secure the Service, prevent misuse, and troubleshoot.

Communicate about service changes, security notices, and support.

Comply with law and enforce terms.

4. Connected accounts and integrations

You may connect external providers to enable features. When you do, we access only what is necessary to provide the feature and only while it is enabled.

Example, Google connection: if you connect a Google account to sync schedules to a calendar you select, we may request minimal permissions to create, update, delete, and read back events we created, store an OAuth token solely to perform the sync, and keep limited linkage and configuration data needed to operate the sync. Our use and transfer of Google information complies with Google’s API Services User Data Policy, including Limited Use. You can disconnect in the app or revoke access in your provider account settings.

5. Legal bases for EEA and UK users

Where GDPR or UK GDPR applies, we rely on:

Contract to provide the Service you request.

Legitimate interests for security, service operation, and improvement.

Consent where required by law, for example optional integrations.

6. Sharing and disclosures

We share information only as needed to operate the Service, comply with law, or protect rights:

Service providers under contract, for example hosting, database, analytics limited to operations, and integration providers.

Legal, safety, and compliance requests.

Business transfers in connection with a corporate transaction, subject to protections consistent with this Policy.

We do not sell personal information and we do not share it for cross-context behavioral advertising.

7. International transfers

Primary processing occurs in the United States. Where data is transferred from the EEA or UK to countries without an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses offered by our providers.

8. Retention

We keep personal information for the shortest time needed to provide the Service and meet legal or security requirements. Typical periods are:

Account and contact information retained while the account is active, then deleted or anonymized within 12 months after closure unless the law requires a longer period.

Service configuration retained while the feature is active, then removed during regular data hygiene cycles.

Technical and security logs retained up to 12 months for reliability and abuse prevention.

Support records retained up to 24 months to resolve issues and maintain audit trails.

Connected integrations remove access tokens promptly when you disconnect. Minimal linkage metadata may remain in logs consistent with the periods above.

9. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, object, restrict, or receive a copy of your personal information. To exercise rights, email support@jeshe.co. If we process customer content for your organization, please contact your organization directly.

You can disconnect connected accounts at any time and can revoke access from the provider’s security settings.

10. State privacy notices, including California

Residents of California and certain other U.S. states may have rights to know, access, correct, delete, and opt out of sale or sharing. We do not sell personal information. To submit a request, email support@jeshe.co. If we deny a request, you may have a right to appeal. Instructions will be provided in our response.

11. Security

We use reasonable technical and organizational measures including encryption in transit, encryption at rest where supported by providers, role-based access, and limited personnel access. No system is perfectly secure. Please protect your credentials.

12. Cookies and similar technologies

We use only what is needed to operate and secure the Service. We do not use advertising cookies in the Service. Your browser controls may allow you to block or delete cookies, which may affect functionality.

13. Changes

We may update this Policy. We will post the updated version with a new effective date. Material changes may be communicated in the Service or by email when appropriate.

Contact: support@jeshe.co

Privacy Policy · The Support Lab | The Support Lab