Privacy Policy

Last updated: January 22, 2025

CalendarPA ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our scheduling platform.

This policy applies to users worldwide and includes specific provisions for residents of the European Economic Area (EEA), United Kingdom (UK), California, and other U.S. states with comprehensive privacy laws.

1. Information We Collect

When you use CalendarPA, we collect information you provide directly:

  • Account Information: Name, email address, and profile photo from your Google or Microsoft account.
  • Phone Number: If you enable SMS reminders, we collect and verify your mobile phone number.
  • Calendar Data: Calendar events, availability, and scheduling preferences to provide our core service.
  • Booking Information: Details about meetings you schedule, including attendee information, meeting notes, and custom question responses.
  • Contact Data: Names, email addresses, phone numbers, and company information of people who book meetings with you.
  • Payment Information: If you use paid features, payment details are processed securely by our payment providers (Stripe, PayPal, Square). We do not store your full payment card numbers.
  • Wellbeing Preferences: If you use our wellbeing features, we store your break schedules, focus time preferences, and meeting limits.
  • Usage Data: Information about how you interact with our service, including pages visited, features used, and error logs.
  • Device Information: Browser type, operating system, IP address, and device identifiers.
  • Referral Data: If you participate in our referral program, we track referral links, signups, and conversions attributed to you.

2. Legal Basis for Processing (EEA/UK)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our scheduling service as per our agreement with you (e.g., calendar sync, booking management, SMS reminders).
  • Legitimate Interests: Processing for our legitimate business interests, such as improving our service, preventing fraud, and ensuring security, where these interests are not overridden by your rights.
  • Consent: Where you have given explicit consent for specific processing activities (e.g., marketing communications, analytics cookies, AI-powered features).
  • Legal Obligation: Processing required to comply with applicable laws and regulations.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our scheduling services
  • Sync your calendars and prevent double-bookings
  • Send booking confirmations and reminders via email and SMS
  • Process payments for paid services
  • Provide AI-powered smart suggestions for meeting times and event descriptions
  • Manage your contacts from booking attendees
  • Facilitate shared booking types between co-hosts
  • Track and attribute referrals for our affiliate program
  • Respond to your requests and provide customer support
  • Protect against fraud and abuse
  • Analyze usage patterns to improve user experience
  • Send service-related communications (you cannot opt out of these)
  • Send marketing communications (with your consent, which you can withdraw at any time)

4. Information Sharing

We do not sell your personal information. We share information only:

  • With your consent or at your direction
  • With service providers who assist in operating our platform (hosting, email, SMS, payments, AI processing) under data processing agreements
  • With meeting attendees when you share your booking page
  • With co-hosts when you create a shared booking type (your name, email, and profile photo are visible to other hosts)
  • With our affiliate platform (Rewardful) if you participate in the referral program
  • To comply with legal obligations, court orders, or valid legal process
  • To protect our rights, privacy, safety, or property, or that of our users
  • In connection with a merger, acquisition, or sale of assets (with prior notice)

5. International Data Transfers

CalendarPA is based in the United States. If you are accessing our service from outside the U.S., please be aware that your data may be transferred to, stored, and processed in the United States and other countries.

For transfers from the EEA and UK, we rely on:

  • Standard Contractual Clauses (SCCs): EU-approved contractual terms that provide appropriate safeguards for data transfers.
  • Data Processing Agreements: Contracts with our service providers that include adequate data protection commitments.

You may request a copy of the relevant safeguards by contacting us at privacy@calendarpa.com.

6. Data Security

We implement industry-standard security measures to protect your data, including:

  • AES-256 encryption for OAuth tokens at rest
  • TLS/HTTPS for all data in transit
  • Regular security audits and vulnerability assessments
  • Access controls and authentication requirements
  • Secure cloud infrastructure with SOC 2 compliant providers

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

All Users

  • Access: Request a copy of your personal data.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your account and associated data.
  • Disconnect: Revoke calendar and integration access at any time.
  • Export: Download your contacts and booking data in CSV format.

EEA/UK Residents (GDPR)

  • Data Portability: Receive your data in a structured, commonly used format.
  • Restriction: Request restriction of processing in certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Withdraw consent at any time for consent-based processing.
  • Lodge Complaint: File a complaint with your local supervisory authority.

To exercise your rights, contact us at privacy@calendarpa.com. We will respond within 30 days (or as required by applicable law).

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights:

Categories of Personal Information Collected

In the past 12 months, we have collected:

  • Identifiers: Name, email address, phone number, IP address, account ID.
  • Commercial Information: Records of services purchased or considered.
  • Internet Activity: Browsing history, interactions with our service.
  • Geolocation Data: Approximate location based on IP address.
  • Professional Information: Calendar data, booking information, contact lists.

Your California Rights

  • Right to Know: Request disclosure of information collected, used, and shared.
  • Right to Delete: Request deletion of your personal information.
  • Right to Correct: Request correction of inaccurate information.
  • Right to Opt-Out: We do not sell or share personal information for targeted advertising.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

Do Not Sell or Share My Personal Information

CalendarPA does not sell your personal information and has not sold personal information in the preceding 12 months. We do not share personal information for cross-context behavioral advertising.

To submit a request, email privacy@calendarpa.com with "California Privacy Request" in the subject line. We may need to verify your identity before processing your request.

9. Other U.S. State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have similar rights to California residents, including:

  • Right to access and obtain a copy of your personal data
  • Right to delete your personal data
  • Right to correct inaccurate personal data
  • Right to opt out of targeted advertising (we do not engage in targeted advertising)
  • Right to appeal our decision regarding your request

To exercise these rights or file an appeal, contact privacy@calendarpa.com.

10. Cookies and Tracking Technologies

We use the following types of cookies:

  • Essential Cookies: Required for authentication, security, and core functionality. You cannot opt out of these.
  • Analytics Cookies: We use Google Analytics to understand how you use our service. These are only enabled with your consent.
  • Referral Tracking: If you arrive via a referral link, we use cookies from Rewardful to attribute your signup to the referring user.
  • Marketing Cookies: Used to deliver relevant communications (with your consent).

You can manage your cookie preferences through the cookie consent banner or by adjusting your browser settings. Note that disabling essential cookies may prevent you from using our service.

11. Data Retention

We retain your data for as long as your account is active or as needed to provide services. When you delete your account:

  • Your profile and calendar credentials are deleted immediately
  • Booking history is anonymized within 30 days
  • Contact data is deleted within 30 days
  • Backups are purged within 90 days
  • Some data may be retained longer if required by law or for legitimate business purposes

Cached calendar data (used for availability checking) is automatically deleted when you disconnect a calendar or within 24 hours of access token expiration.

12. Google Calendar Integration

CalendarPA's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Data We Access

When you connect your Google account, we access:

  • Your Google Calendar list (to let you choose which calendars to sync)
  • Calendar events (to check your availability and prevent double-bookings)
  • Your email address and profile information (for account identification)

How We Use Google Data

We use your Google Calendar data exclusively to:

  • Display your availability to people booking meetings with you
  • Create calendar events when bookings are confirmed
  • Update or delete calendar events when bookings change
  • Sync calendar changes in real-time via Google push notifications
  • Provide AI-powered smart suggestions for optimal meeting times (with your consent)

We do not use your Google Calendar data for advertising, selling to third parties, or any purpose other than providing our scheduling service.

Revoking Access

You can disconnect your Google account at any time:

  • In CalendarPA: Go to Settings → Connected Accounts → Disconnect
  • In Google: Visit Google Account Permissions and remove CalendarPA

13. Zoom Integration

When you connect your Zoom account, CalendarPA adheres to the Zoom API Terms of Use and Marketplace Developer Agreement.

Data We Access

  • User Information: Your Zoom display name and email address for account identification.
  • Meeting Creation: We create Zoom meetings on your behalf when bookings are confirmed.

How We Use Zoom Data

We use your Zoom account exclusively to:

  • Create Zoom meeting links for scheduled appointments
  • Update or cancel meetings when bookings change
  • Include meeting links in booking confirmations

We do not access your Zoom recordings, chat messages, meeting participants, or other account data beyond what is necessary for meeting creation.

Revoking Access

You can disconnect your Zoom account at any time:

  • In CalendarPA: Go to Settings → Conferencing → Disconnect Zoom
  • In Zoom: Visit Zoom App Marketplace → Installed Apps → Remove CalendarPA

14. Microsoft Outlook & 365 Integration

When you connect your Microsoft account, CalendarPA adheres to the Microsoft API Terms of Use.

Data We Access

  • Profile Data: Your name and email address to confirm your identity.
  • Calendar Data: We read your calendar events to determine availability and write new events when meetings are booked.

How We Use Microsoft Data

We use your data solely to provide scheduling services. We do not use Microsoft calendar data for advertising or sell it to third parties.

Revoking Access

You can revoke CalendarPA's access at any time via your Microsoft Account Privacy Settings.

15. SMS and Phone Services

CalendarPA offers optional SMS reminder functionality powered by Twilio.

Data We Collect

  • Phone Number: Your mobile phone number in E.164 international format.
  • Verification Status: Whether your phone number has been verified.
  • SMS Preferences: Your opt-in/opt-out status for SMS reminders.
  • Carrier Information: Basic carrier data used for delivery optimization (provided by Twilio).

How We Use Phone Data

  • Send booking confirmation SMS messages
  • Send reminder SMS messages (24 hours and 1 hour before meetings)
  • Send cancellation and rescheduling notifications
  • Verify phone number ownership via SMS code

Opting Out

You can disable SMS reminders at any time:

  • In CalendarPA: Go to Settings → Notifications → Disable SMS Reminders
  • Reply STOP to any SMS message from CalendarPA

When you opt out, we retain your phone number but mark it as unsubscribed. You can delete your phone number entirely from your account settings.

16. AI-Powered Features

CalendarPA uses artificial intelligence to enhance your scheduling experience. These features are powered by Google Gemini.

AI Features We Offer

  • Smart Suggestions: AI-powered recommendations for optimal meeting times based on your calendar patterns.
  • Event Enhancement: Suggestions for improving event titles and descriptions.
  • Error Analysis: AI-assisted diagnosis of scheduling issues and conflicts.

Data Sent for AI Processing

When you use AI features, the following data may be sent to Google Gemini:

  • Event titles and descriptions (for enhancement suggestions)
  • Calendar availability patterns (for smart suggestions)
  • Error messages and context (for troubleshooting assistance)

AI Data Handling

  • AI processing is performed on-demand and data is not retained by the AI provider beyond the request
  • We do not use your data to train AI models
  • AI features are subject to usage limits based on your subscription tier
  • You can avoid AI processing by not using AI-labeled features

17. Referral Program

CalendarPA offers a referral program that allows you to earn rewards for referring new users. This program is managed through Rewardful.

Data We Collect

  • Referral Links: Unique tracking links associated with your account.
  • Referral Activity: Profile views, signups, and purchases attributed to your referral link.
  • Commission Data: Earned commissions, payout status, and payment method preferences.

How Referral Tracking Works

  • When someone clicks your referral link, a tracking cookie is placed in their browser
  • If they sign up within the cookie's lifetime, the signup is attributed to you
  • Purchases made by referred users may generate commissions for you

Third-Party Sharing

Referral data is shared with Rewardful, our affiliate management platform, to track referrals and process commission payouts. Rewardful's privacy policy governs their handling of this data.

18. Shared Booking Types and Co-Hosts

CalendarPA allows you to create shared booking types where multiple hosts can receive bookings.

Data Shared Between Co-Hosts

When you join or create a shared booking type, the following information is visible to all co-hosts:

  • Your name and email address
  • Your profile photo
  • Your availability for the shared booking type
  • Booking details for meetings assigned to you
  • Your display order in the host list

Booking Data

All co-hosts on a shared booking type can see booking details including attendee names, emails, and responses to custom questions. If revenue splitting is enabled, payment information may also be visible to co-hosts.

Leaving a Shared Booking Type

You can remove yourself from a shared booking type at any time. Your historical booking data remains with the booking type owner.

19. Contact Management

CalendarPA automatically creates contact records from your booking attendees to help you manage your relationships.

Data We Store

  • Attendee names and email addresses
  • Phone numbers (if provided during booking)
  • Company information (if provided)
  • Booking history and frequency
  • Notes you add to contacts

Data Export

You can export your contacts and booking history in CSV format at any time from your dashboard. This supports your right to data portability under GDPR and similar regulations.

20. Wellbeing Features

CalendarPA offers optional wellbeing features to help you maintain a healthy meeting schedule.

Data We Store

  • Maximum meeting minutes per day preferences
  • Required break durations between meetings
  • Protected meal break times (breakfast, lunch, dinner)
  • Focus time block schedules
  • Maker schedule preferences (morning protection)

This data is used solely to enforce your scheduling preferences and is not shared with third parties.

21. Service Providers

We use the following service providers who may process your data:

  • Vercel (USA): Application hosting and performance monitoring
  • Neon (USA): Database hosting
  • Upstash (USA): Caching and rate limiting
  • Inngest (USA): Background job processing
  • Stripe/PayPal/Square (USA): Payment processing
  • Resend (USA): Email delivery
  • Twilio (USA): SMS messaging and phone verification
  • Google Gemini (USA): AI-powered features
  • Google Analytics (USA): Website analytics (with consent)
  • Rewardful (USA): Affiliate and referral tracking
  • Gleap (Austria): User feedback and support

These providers only access data necessary to perform their services and are contractually obligated to protect your information. For EEA/UK users, appropriate safeguards are in place for international transfers.

22. Children's Privacy

CalendarPA is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately at privacy@calendarpa.com and we will delete it.

23. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users and relevant supervisory authorities in accordance with applicable laws (within 72 hours for GDPR, as required). Notification will include the nature of the breach, likely consequences, and measures taken or proposed.

24. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page, updating the "Last updated" date, and sending you an email notification for significant changes. Your continued use of the service after such modifications constitutes acceptance of the updated policy.

25. Contact Us

If you have questions about this privacy policy or our data practices, please contact us:

For EEA/UK residents: You have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your concerns.