Next Step Forward

Next Step Forward ("NSF," "we," "us," or "our") operates the web application available at https://www.nextstepforward.app.

This Privacy Policy explains what information we collect, how we use it, how we store it, and how third-party integrations such as Google and Zoom function within the platform.

1. Information We Collect

A. Account Information

When you create an account, we collect:

Name
Email address
Authentication credentials
Subscription tier information

B. User-Provided Content

We collect information you voluntarily enter into NSF, including:

Contact records
Job applications
Notes and follow-up reminders
Scheduling preferences
Documents you upload (e.g., resumes and cover letters)
Meeting records associated with contacts

C. Google Account Data (If You Connect Google)

If you choose to connect your Google account, NSF uses Google OAuth to request access to specific Google data.

Google OAuth Scopes Requested

Scope	Purpose
https://www.googleapis.com/auth/calendar.freebusy	View availability to prevent scheduling conflicts
https://www.googleapis.com/auth/userinfo.email	Confirm your Google account email address
https://www.googleapis.com/auth/calendar.events.owned	Create, update, and delete events on calendars you own

We do not request access to Gmail, Google Drive, Google Contacts, or any other Google services.

How Google Data Is Used

When authorized, NSF may:

Retrieve calendar events (title, time, location, description)
Check availability when scheduling meetings
Create new calendar events
Update or delete calendar events when meetings are rescheduled or canceled
Compute basic meeting counts (e.g., number of meetings in a given month) for display within the user's personal dashboard

Google Calendar data is used solely to provide scheduling and meeting management functionality within the user's account.

We do not:

Sell Google user data
Share Google user data with third parties
Use Google data for advertising
Aggregate Google data across users
Use Google data to train machine learning or AI models

NSF's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

D. Zoom Account Data (If You Connect Zoom)

If you choose to connect your Zoom account, NSF uses Zoom OAuth to request access to specific meeting-related data.

Zoom Scopes Requested

Create meetings
Read meeting metadata
Update meetings
Delete meetings
Read basic user profile information
In-meeting scope required as a dependency for meeting lifecycle management

How Zoom Data Is Used

When authorized, NSF may:

Create Zoom meetings on your behalf
Retrieve meeting metadata (meeting ID, scheduled time, join URL)
Update meetings if rescheduled
Delete meetings if canceled

Meeting metadata (meeting ID, scheduled time, and join URL) is stored within your NSF account to:

Display scheduled meetings
Associate meetings with contacts
Provide join links

We do not access or store:

Meeting recordings
Chat messages
Transcripts
Cloud storage files

Zoom data is used solely to provide meeting scheduling functionality and is not shared, sold, aggregated, or used for advertising.

2. How We Use Information

We use the collected information to:

Provide core platform functionality
Enable Google Calendar synchronization
Enable Zoom meeting creation and management
Display meeting records and dashboard metrics
Send service-related communications (e.g., confirmations, reminders)
Improve platform reliability and performance

We do not use Google or Zoom data for behavioral profiling, advertising, or cross-user analytics.

3. Data Storage and Security

We implement administrative, technical, and physical safeguards to protect your information.

Data is transmitted via HTTPS encryption.
OAuth tokens are encrypted in transit and stored securely.
Production infrastructure is hosted in secure cloud environments.
Data storage is encrypted at rest.
Access to production systems is restricted using role-based access controls.
We do not store Google or Zoom account passwords.
OAuth tokens are retained only while integrations remain active.

4. Revoking Third-Party Access

You may revoke Google or Zoom access at any time by:

Navigating to Settings → Integrations
Selecting "Disconnect"

Upon disconnection:

OAuth tokens are revoked or deleted
Synchronization stops immediately
NSF no longer accesses your connected account data

You may also revoke access directly within your Google or Zoom account security settings.

5. Account Deletion and Data Removal

If you delete your NSF account:

Stored OAuth tokens are permanently deleted
Associated Google and Zoom integration data is removed
Access to connected services is terminated

Data deletion occurs within a reasonable operational timeframe consistent with backup and system processes.

6. Data Retention

We retain:

Account data while your account remains active
Integration data only while connected
Operational logs necessary for security and system integrity

If integrations are disconnected or accounts deleted, associated tokens and synchronization data are removed.

7. Sharing of Information

We do not sell, rent, or trade personal information.

Information may be disclosed only:

If required by law
To protect rights, safety, or prevent fraud
To service providers necessary for hosting and infrastructure

Google and Zoom user data is not shared except as required to provide the requested functionality.

8. Third-Party Services

NSF integrates with:

Google APIs (Calendar and OAuth services)
Zoom APIs

Use of these services is governed by their respective terms and privacy policies.

9. Your Rights

You may:

Access your account information
Update or correct your information
Disconnect integrations
Delete your account

Requests may be submitted to: support@nextstepforward.app

10. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be posted at https://www.nextstepforward.app/privacy.