Cassis is operated by Tristan Vignola in Quebec, Canada. Cassis is a mobile application that helps small business operators send appointment reminders to their own customers, from their own phone, using their own SIM card and mobile plan.
When you create an account we collect your email address, an encrypted password, and the language you choose. When you add a business we record its name, timezone, and the customer contacts (name, phone number, notes) you enter for reminders. When you connect a calendar through OAuth (for example Google Calendar) we receive a scoped access token and the appointment information you authorise; we do not collect or store your underlying account password.
Cassis reminders are sent through your device's own SIM card and your mobile carrier — they are not routed through Cassis servers. For each reminder you schedule we record metadata (recipient phone number, send timestamp, delivery status, the template that was used) so the app can show your activity log and enforce your monthly plan limits. We do not retain message bodies after they have been sent. Charges your carrier may apply for the messages you send remain your responsibility.
On Android, Cassis requests READ_PHONE_STATE solely to detect whether an active SIM card is present so the app can display device readiness indicators. Cassis does not read your phone number, IMEI, IMSI, or your contacts list using this permission. Cassis also requests SEND_SMS to send the reminders you have scheduled; sending only happens for messages you have explicitly configured.
Subscription purchases are processed by Apple App Store and Google Play. We use RevenueCat to manage subscription state; RevenueCat receives an anonymous user identifier we generate, the products you purchase, and the resulting entitlement status. Cassis does not receive or store your payment card information.
Cassis uses Firebase Cloud Messaging to deliver in-app notifications. To do this we receive and store a push token associated with your device. You can disable push notifications at any time in your device system settings.
Cassis backend data is hosted in Canada. Data is encrypted in transit using TLS, and access to production systems is restricted to authorised operators.
Account data and the records you create are retained while your account is active. You may request deletion of your account at any time by contacting us at the address below. We will delete or anonymise your records within thirty days of a verified request, except where retention is required by law (for example, billing records).
Cassis is intended for adults operating small businesses. The service is not directed to children under 13, and we do not knowingly collect personal information from children.
You may request access to, correction of, or deletion of the personal information Cassis holds about you. Residents of Quebec (Law 25), the European Economic Area (GDPR), and California (CCPA) have additional rights under their respective laws and may exercise them by contacting us.
We may update this policy from time to time. Material changes will be communicated through the app or by email. The 'last updated' date at the top of this page reflects when the current version took effect.
For privacy questions, requests, or complaints, contact tristanvignola@gmail.com.