How We Protect Your Privacy and Privilege

Built to minimize our access

Many software services promise they won't look at your data. We went further — we designed ScheduleHound so that in most cases we cannot see your data, even if we wanted to. Here is how:

Document scanner: your PDFs never touch our servers

When you upload a PDF to the document scanner, it is sent directly from your browser to Google's Generative AI API for processing. The document content is never assembled, stored, or logged on our servers. We receive only the structured deadline data that the AI extracts — dates, titles, and descriptions — not the underlying document. Once the AI finishes processing, the document content exists nowhere in our infrastructure.

Email submissions: temporary processing, then deleted

When you forward documents by email, the process is different from the browser scanner. Your email provider delivers the message and any attachments to our email processing server (via SendGrid). The attachments are temporarily stored so our system can send them to the AI for extraction. The moment extraction succeeds, the attachments are deleted. If extraction fails for any reason, the attachments are automatically and permanently deleted within 48 hours. We do not keep archives of submitted documents.

In short: uploaded documents are never stored at all. Emailed documents are stored only for the few seconds it takes to process them, then permanently removed.

Filename anonymization

The filenames of legal documents often contain sensitive information — party names, case numbers, or case captions. To protect this information, ScheduleHound automatically replaces every filename with a one-way cryptographic hash the moment it reaches our server. The original filename is never written to our database, server logs, error tracking, or sent to the AI provider. Even if our database were compromised, an attacker would see only opaque identifiers like doc_a3f8b2c1e4d7.pdf — not the original filename.

Why we request the permissions we do

We request only the minimum permissions necessary from Microsoft and Google. Here is exactly what each permission does and why we need it:

Google permissions

• Google Calendar (Calendars.ReadWrite) — Allows ScheduleHound to create deadline events on your calendar, search your existing events when using Mass Move, and update event dates when rescheduling. We do not access calendar data for any other purpose.
• Gmail (gmail.send) — Allows ScheduleHound to send booking emails to court reporting agencies on your behalf through the Court Reporter Scheduler. We use the send-only scope — we cannot read your inbox, drafts, or any other emails.

Microsoft permissions

• Calendars.ReadWrite — Same as above: create, search, and update calendar events.
• Mail.Send — Same as above: send booking emails only. We cannot read your inbox.
• User.Read — Allows us to read your basic profile (name and email) so we can display your identity in the app and address booking emails correctly.
• offline_access — Allows ScheduleHound to refresh your access token without requiring you to re-authenticate every time. This is what enables calendar events to be created automatically when you approve a deadline, even if your browser session has expired.

We do not request access to your contacts, files, drives, or any other data beyond what is listed above. If we ever need additional permissions for a new feature, we will explain why before requesting them.

Automated approval queue — no human review of your content

MACRIPhone includes an "approval queue" where generated posts wait for your review before publishing. This queue is entirely automated and self-service. No Macrify employee reviews, reads, moderates, or approves your content at any stage. The queue exists solely so you can review what the AI generated before it goes live. Your content flows from AI generation → your approval → publishing without any human intermediary on our side.

What we store

• Uploaded images — Images you upload (for templates, carousel posts, or reference images) are stored in cloud storage (Supabase, United States) and retained for as long as your account is active.
• Generated content — AI-generated captions, post text, and rendered images (1080×1080 PNG) are stored so you can review, approve, and publish them.
• Brand voice configuration — Your tone preferences, sample posts, do's and don'ts, hashtags, and industry information are stored so the AI can generate content in your voice.
• Brand colors and logo — Custom brand colors, logo URL, and font preferences are stored to apply your branding to generated images and the dashboard.
• Custom templates — HTML templates you create (via AI generation, image upload, or manual entry) are stored in your tenant's account.
• Social media connection tokens — API keys for Zernio (our publishing partner) are stored so we can publish posts on your behalf. We do not store your social media account passwords.

How your content is processed

• AI content generation — Your text prompts and uploaded images are sent to Google's Generative AI API (Gemini) to generate platform-specific captions and template HTML. Google's API terms prohibit using this data for model training.
• Image rendering — HTML templates are rendered into PNG images using a server-side rendering engine (Puppeteer). The rendered images are uploaded to cloud storage.
• Publishing and scheduling — When you approve and publish (or schedule) a post, the content and images are sent to Zernio, which delivers them to your connected social media platforms (LinkedIn, Twitter/X, Instagram, Facebook, Threads, Google Business Profile, Bluesky). Scheduling is handled natively by Zernio — your scheduled posts live on their infrastructure until the publish time.

Our relationship with Zernio

Zernio (zernio.com) is a third-party social media publishing API that MACRIPhone uses to deliver your approved content to social media platforms. Here is what you should know about this relationship:

• What we send to Zernio — When you publish or schedule a post, we send the post text (per-platform captions), rendered images or uploaded media, and your scheduling preferences. We also send a tenant-specific API key that authorizes publishing to your connected social media accounts.
• What Zernio does not receive — Zernio does not receive your original prompts, brand voice configuration, AI-generated template data, internal post metadata, or any data from other MACRIPhone features (analytics, settings, onboarding). It only receives the final, approved content you choose to publish.
• Social media account connections — Your social media accounts (LinkedIn, Twitter/X, Instagram, Facebook, Threads) are connected through Zernio's OAuth flow. Zernio stores the access tokens for your social media accounts on their infrastructure. MACRIPhone stores only the Zernio account identifier and display name — not your social media credentials.
• Scheduled posts — When you schedule a post for future publishing, the content is held on Zernio's servers until the scheduled time. You can cancel a scheduled post at any time from MACRIPhone's queue, which deletes it from Zernio.
• Data retention on Zernio — Published and scheduled posts are retained by Zernio according to their own data practices. Canceling or deleting a post in MACRIPhone sends a deletion request to Zernio. For complete data removal, you may also contact Zernio directly.
• No AI training — Zernio is a delivery service, not an AI provider. Your content passes through Zernio only for the purpose of publishing to your social accounts.

What we do not do with your content

• We do not use your uploaded images, prompts, or generated content to train AI models.
• We do not share your content with other tenants or users.
• We do not sell your content to third parties.
• We do not review, read, or moderate your content — the approval queue is fully automated.
• We do not publish content without your explicit approval.