Privacy Policy

Summit is a booking operations platform for music booking agencies. This policy explains how Summit collects, uses, and protects information when you use booksummit.app.

When your organization connects a Gmail mailbox, Summit requests only the Google OAuth scopes needed for configured workflows, including gmail.modify and gmail.send. Summit also reads the mailbox profile email address to confirm the connected account. Summit processes Google user data only to provide requested product functionality, including contract reply intake, ticketing intake, and operational outbound sending.

For connected Gmail workflows, Summit stores encrypted OAuth access and refresh tokens for mailbox reconnection and token refresh. Summit also stores inbound email metadata and content used for processing, including subject, sender, recipient, body text/body HTML, raw .eml files, and related attachments in object storage.

Summit does not sell Google user data and does not use Google user data for advertising. Summit shares Google user data only with service providers required to operate the platform (for example infrastructure, storage, and email delivery services) and when required by law.

By default, Summit retains Gmail-ingested inbound message records (including metadata/body, raw .eml files, and attachments) for up to 90 days, then removes them through an automated retention process. Summit may retain specific records longer when required for active security investigations, legal holds, or other legal/compliance obligations. Organization admins can disconnect or remove mailbox configurations to stop future ingestion, and privacy deletion requests can be submitted to hello@booksummit.app.

We collect account details (name, email, organization role), workspace records you create in Summit (artists, venues, shows, contracts, ticketing, and payment operations), and technical usage data needed to operate and secure the service.

We use data to provide the platform, authenticate users, support team collaboration, process billing, maintain reliability, and improve workflows. We may also use service communications to share critical account and product updates.

We do not sell personal information. We share data only with service providers required to operate Summit (for example infrastructure, payments, storage, and email providers) and when required by law.

We retain customer data for as long as your account is active and as needed to meet legal, compliance, and operational requirements, except where a more specific retention window is described in this policy (including connected Gmail mailbox data). Customers can request export or deletion subject to contractual and legal obligations.

We use administrative, technical, and organizational safeguards designed to protect data in transit and at rest. No system is perfectly secure, but Summit is built with security controls aligned to SaaS operational best practices.

You may update profile details, manage organization access, and contact us regarding data rights requests. Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict certain personal data.

For privacy questions or requests, contact us at hello@booksummit.app.