Privacy Policy

Exposure Link is a crew management tool used by independent talent agents to manage production crew, bookings, clients, jobs, and connected calendars. The Service is operated by Jarred Beaton. You can reach us at jarredbeaton@gmail.com.

We only collect information that is necessary to operate the Service.

a. Account information

• Your name, email address, and profile picture, supplied either directly when you sign up or returned by your identity provider (Google or Apple) when you sign in.
• A securely hashed password if you sign up using email and password.

b. Information you enter into the Service

• Crew member, client, job, booking, and production records you create.
• Notes, statuses, dates, contact details, and other content you add to those records.

c. Data accessed through Google APIs

If you choose to connect a Google account, we request the following OAuth scopes:

• openid, profile, email — to identify your account and display your name, email, and avatar.
• https://www.googleapis.com/auth/calendar.readonly — to read your Google Calendar events so the Service can show crew availability.
• https://www.googleapis.com/auth/calendar.events — to create and update events the Service writes back to your Google Calendar (for example, when you confirm a booking).

d. Data accessed through Apple iCloud (CalDAV)

If you connect an iCloud calendar, we store the iCloud app-specific password you provide (encrypted at rest) and read your calendar events via CalDAV for the same availability purposes described above.

e. Operational data

• Sign-in timestamps, session tokens, and basic request logs used for security and to keep the Service running.
• Error reports collected via Sentry to diagnose crashes and bugs. These reports may include the URL of the page that errored and a stack trace, but are scrubbed of sensitive form input.

• To authenticate you and keep your session signed in.
• To display, search, and edit the crew, clients, jobs, and bookings you have entered.
• To synchronise calendar events between the Service and your connected Google or iCloud calendars, so your team’s availability is accurate.
• To send transactional email related to your account (for example, magic-link verification, password resets, and booking confirmations).
• To detect, investigate, and prevent abuse, fraud, or security incidents.

We do not use your information for advertising, and we do not sell your information.

Exposure Link’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

In particular:

• We use Google user data only to provide and improve the user-facing features of the Service that are visible from the Service’s interface.
• We do not transfer Google user data to third parties except as necessary to provide or improve the Service, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
• We do not use Google user data for serving advertisements, including retargeting, personalised, or interest-based advertising.
• We do not allow humans to read Google user data except (i) with your affirmative consent for specific data, (ii) where necessary for security purposes, (iii) to comply with applicable law, or (iv) where the data has been aggregated and anonymised and is used for internal operations.

• Application data is stored in a PostgreSQL database hosted on infrastructure controlled by us.
• OAuth refresh tokens, access tokens, and iCloud app-specific passwords are stored in the database and treated as sensitive fields. Connection screens never display the secret values back to the user.
• Passwords for email/password accounts are stored as scrypt hashes; we cannot recover or read your plaintext password.
• All traffic to the Service is served over HTTPS.

Your data is private to your agent account. Other users of the Service cannot see your crew, clients, jobs, bookings, or calendar data. We rely on the following sub-processors to run the Service:

• Google LLC — sign-in (Google OAuth) and Google Calendar API access, when you choose to connect a Google account.
• Apple Inc. — sign-in (Sign in with Apple) and iCloud calendar access via CalDAV, when you choose to connect.
• Resend — transactional email delivery (verification links, password resets, booking notifications).
• Sentry — error and crash reporting.

We do not sell, rent, or trade your personal information, and we do not share Google user data with third parties for advertising.

We retain your account data for as long as your account is active. Calendar events synced from Google or iCloud are refreshed on every sync and may be removed when the source event is deleted upstream.

When you disconnect a Google or iCloud calendar, the stored tokens or credentials for that connection are deleted from our database.

You can remove your data from the Service at any time:

• Use Settings → Data → Clear All Data to wipe all crew, clients, jobs, bookings, calendars, and calendar events linked to your agent account.
• Disconnect a calendar from Settings → Calendars to revoke access and delete the stored tokens for that connection.
• You can also revoke Exposure Link’s access to your Google account at any time at https://myaccount.google.com/permissions.
• To delete your entire account and all associated data, email jarredbeaton@gmail.com from the address on file. We will action the request within 30 days.

We use industry-standard practices to protect your data, including HTTPS in transit, hashed passwords, encrypted secret fields at rest, agent-scoped database access on every query, and regular dependency updates. No system is perfectly secure; if you discover a vulnerability, please report it to jarredbeaton@gmail.com.

The Service is intended for professional use by talent agents and is not directed to children under 16. We do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Material changes will be communicated through the Service or by email.

For privacy questions, data deletion requests, or any other concerns, contact:

Jarred Beaton
jarredbeaton@gmail.com