Last updated: 14 July 2026
Fitzsimmons Automation (Australia) provides an SMS assistant service for Australian trade businesses. Questions or requests about this policy or your data: georgefitz086@gmail.com.
To run the service we handle three kinds of information:
Connecting Google Calendar is optional. If a business owner connects it, the service requests two Google OAuth scopes and uses them for exactly the following:
What we store: an OAuth refresh token, encrypted at rest with AES-256-GCM, and the IDs of the events the assistant itself created. We do not store the contents of the owner's calendar.
What we derive: the assistant uses free/busy information only to compute which appointment windows are open. Those derived open windows (never raw calendar data or event contents) are processed by our AI provider solely to compose the booking messages the owner's customers see - that is the user-facing feature the calendar connection exists for.
Fitzsimmons Automation's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
In plain terms: Google user data is used only to provide the booking features described above. It is not sold, not used for advertising, not used to determine credit-worthiness or for lending, not used to develop, improve or train generalised artificial-intelligence or machine-learning models, and not read by humans except with the owner's explicit consent for support, or where necessary for security or to comply with law.
We use a small set of processors to run the service: Twilio (SMS and voice), Supabase (database hosting), Vercel (application hosting), Google (calendar integration, at the owner's choice) and Anthropic (the AI that composes the assistant's messages; it does not train on this data). Each receives only what it needs to perform its function.
OAuth tokens are encrypted at rest (AES-256-GCM). All traffic uses TLS. The database enforces row-level security with no public access, verified by an automated daily audit. Access to production systems is limited to the operator.
If this policy changes materially we will update this page and its date. Contact for anything in this policy, including data access or deletion requests: georgefitz086@gmail.com.