Privacy Policy
Last updated: 8 July 2026
At TIBR (operated by Orleyton Ltd), we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your information when you use our platform, website, and related services (collectively, the "Service").
1. Information We Collect
We collect the following types of information when you use the Service:
- Account Information: Your name, email address, and billing details.
- Usage Data: Log files, IP address, browser type, device information, and interactions with the platform.
- Content Data: Information you upload or create through the Service (e.g., project data, quote templates, estimates).
2. How We Use Information
We use your information to:
- Provide, operate, and improve the Service.
- Process payments and manage subscriptions.
- Respond to your inquiries and provide support.
- Send service updates and communications (including marketing, if you’ve opted in).
- Ensure platform security, detect fraud, and enforce our Terms of Service.
2A. Legal Basis for Processing (EU/UK Users)
If you are located in the European Union, United Kingdom, or other similar jurisdictions, we process your personal data under the following legal bases:
- Contractual necessity – to provide and operate the Service.
- Legitimate interests – to improve the platform, prevent fraud, and maintain security.
- Consent – for marketing communications or optional features.
- Legal obligation – when required by applicable laws or court orders.
3. Sharing & Disclosure
We do not sell your personal data to third parties.
We may share information with trusted third-party service providers that help us operate the Service. These providers are bound by confidentiality and data protection agreements and only process your data as necessary. For example:
- Cloud hosting – Amazon Web Services (AWS)
- Payment processing – Stripe, PayPal
- Email communications – Mailgun, SendGrid
- Analytics – Google Analytics (if used)
We may also disclose your information:
- To comply with legal obligations, law enforcement, or government requests;
- To protect our rights, users, or the public from harm or fraud.
4. Data Storage & Security
- All data is hosted on Amazon Web Services (AWS) in secure data centers.
- We use encryption in transit (TLS 1.2+) and at rest (AES-256) to protect your data.
- Access to systems is restricted through role-based access controls and monitored for suspicious activity.
- Regular backups and disaster recovery procedures are in place.
4A. Google Calendar, Google Drive, Google Photos & Google User Data
TIBR offers optional integrations with Google Calendar (so tradespeople can schedule won jobs around their existing diary), Google Drive (so they can pull their own project files into a quote, and save finished quote and RAMS PDFs back to a job folder in their Drive), and Google Photos (so they can attach site photos to a job). This section explains exactly what Google user data we access and how we handle it. All of these integrations are entirely optional — TIBR's scheduling, file, and photo features work without them.
What we access
If you choose to connect your Google Calendar (via Google's sign-in and consent screen), TIBR requests the https://www.googleapis.com/auth/calendar.events scope ("View and edit events on all your calendars"), plus your basic profile email address so we can show you which Google account is connected. We use this access only to:
- Read events and free/busy information from your primary calendar, so that when you schedule a job we can suggest available dates and show you what you already have on around those dates.
- Create, update, and delete a calendar event for a job you book through TIBR — the event contains the job details you can see in TIBR (client name, address, phone, quote reference, value, and a link back to the job). Re-booking updates that same event; removing the booking deletes it.
Google Drive (file import and "Save to Drive")
If you choose to add Google Drive access, TIBR requests the https://www.googleapis.com/auth/drive.file scope ("See, edit, create and delete only the specific Google Drive files that you use with this app"). This is Google's narrowest per-file Drive scope: TIBR can only access the individual files you hand-pick in the Google file picker (or files and folders TIBR itself created). TIBR cannot list, browse, search, or scan your Drive. When you pick files, TIBR downloads those files and stores them in your TIBR file library, exactly as if you had uploaded them directly (Google Docs, Sheets and Slides are converted to PDF/Excel on the way in). Imported files are then governed by this privacy policy like any other file you upload.
The same scope also powers the optional Save to Drive feature: when you click "Save to Drive" on a quote or RAMS document, TIBR creates a TibrAI folder in your Drive (with a sub-folder per job) and writes the PDF there. Saving the same document again updates that same file. These folders and files belong to you, live in your Drive under your control, and are the only things in your Drive TIBR can see.
Google Photos (site photos)
If you choose to add Google Photos access, TIBR requests the https://www.googleapis.com/auth/photospicker.mediaitems.readonly scope ("See selected photos and videos from Google Photos") — the Google Photos Picker scope. You pick photos in a Google-hosted picker window; TIBR can only ever access the specific photos you selected in that picker session and cannot list, browse, or scan your photo library. Picked photos are downloaded and stored against your job in TIBR (as job evidence, e.g. before/after photos), exactly like photos you upload directly, and are then governed by this privacy policy like any other file.
Beyond the specific access described above, we do not access your Gmail, contacts, or any other Google data, and we do not change your calendar settings or sharing.
How we use and store it
- Google user data (Calendar, Drive, and Photos alike) is used solely to provide the in-app features described above to you, the signed-in user. It is never used for advertising, never sold, and never shared with third parties.
- Google user data is not used to train, develop, or improve any AI or machine-learning models, whether generalised or otherwise.
- Your calendar events are displayed to you transiently and are not copied into our database. The only things we store are your encrypted connection tokens, the job dates you choose, and the identifier of calendar events that TIBR itself created (so re-booking can move the right event).
- OAuth access and refresh tokens are stored encrypted at rest, per individual user, and are never exposed in logs or to other users — including other members of your own team.
- No human at TIBR reads your Google Calendar data except with your explicit permission (e.g., a support request), where necessary for security or abuse investigation, or where required by law.
Retention, disconnection, and revocation
- You can disconnect at any time in Settings → Calendar → Disconnect inside TIBR — this immediately deletes your stored Google tokens (one Google connection powers Calendar, Drive, and Photos, so disconnecting removes all of them). Files and photos you already imported remain in your TIBR library — delete them from the Files page like any upload.
- You can also revoke TIBR's access from your Google Account permissions page; TIBR detects the revocation and clears the stored connection.
- Deleting your TIBR account deletes your stored tokens along with your other account data.
- Calendar events TIBR created remain in your Google Calendar under your control unless you remove the booking in TIBR or delete them yourself.
Limited Use disclosure
TIBR's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
5. International Data Transfers
If you are located outside of Canada, your information may be transferred to and processed in countries that may not offer the same level of data protection. Where applicable (e.g., EU/UK), we use lawful safeguards such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Other appropriate mechanisms under applicable privacy laws.
6. Your Rights
Depending on your jurisdiction, you may have rights including the ability to:
- Access or request a copy of your personal data.
- Correct or update inaccurate information.
- Delete your data or restrict its processing.
- Object to certain uses (such as marketing).
- Request data portability.
- Withdraw consent at any time (where consent was the legal basis).
To exercise your rights, please contact us at privacy@tibr.ai.
7. Data Retention
We retain your data:
- For as long as your account remains active;
- As necessary to provide the Service and fulfill contractual obligations;
- To comply with legal, regulatory, and tax requirements.
You may request deletion of your account and associated data by contacting us.
8. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service or via email. The current version will always be available at tibr.ai/privacy. Continued use of the Service after changes take effect constitutes your acceptance of the updated policy.
9. Cookies and Tracking Technologies
We may use cookies or similar technologies to:
- Maintain session state and login functionality;
- Analyze traffic and usage patterns (e.g., via Google Analytics);
- Improve user experience and troubleshoot technical issues.
You can manage or block cookies via your browser settings. Where required by law, you will be prompted to consent to non-essential cookies.
10. Children’s Privacy
The Service is not intended for use by children under the age of 13 (or under 16 in jurisdictions where that is the minimum age for data consent). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at privacy@tibr.ai.
11. Contact
If you have questions or concerns about this Privacy Policy or how we handle your data, you may contact us at:
Orleyton Ltd, trading as TIBR
Email: privacy@tibr.ai