Privacy Policy

1. Introduction

CalendSync ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our calendar scheduling platform and API services.

By using CalendSync, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, password, company name, and billing information
• Calendar Data: Meeting details, event titles, descriptions, attendees, dates, times, and locations
• Google Account Data: When you connect your Google account, we access calendar events and create Google Meet links with your explicit permission
• Communication Data: Support requests, feedback, and correspondence with our team

2.2 Information Collected Automatically

• Usage Data: API calls, feature usage, access times, and interaction patterns
• Device Information: IP address, browser type, operating system, and device identifiers
• Cookies and Tracking: We use cookies, pixels, and similar technologies to improve service functionality
• Log Data: Server logs including request data, timestamps, and error reports

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide, maintain, and improve our calendar scheduling and API services
• Calendar Integration: To sync with Google Calendar, create events, and generate Google Meet links
• Communication: To send service updates, security alerts, technical notices, and support responses
• Analytics: To understand usage patterns, optimize performance, and develop new features
• Security: To detect, prevent, and address fraud, abuse, and security incidents
• Legal Compliance: To comply with legal obligations and enforce our Terms of Service
• Marketing: With your consent, to send promotional materials and product updates (you can opt-out anytime)

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

• Contract: Processing necessary to perform our services under our agreement with you
• Consent: You have given clear consent for us to process your data for specific purposes
• Legitimate Interests: Processing necessary for our legitimate business interests (service improvement, fraud prevention)
• Legal Obligation: Processing required to comply with legal and regulatory requirements

5. Data Sharing and Disclosure

5.1 Third-Party Services

We share data with trusted third parties only when necessary:

• Google Services: For Calendar and Meet integration (governed by Google's privacy policies)
• Cloud Infrastructure: AWS, Google Cloud, or similar providers for hosting and storage
• Payment Processors: Stripe or similar services for billing (we do not store credit card details)
• Analytics Tools: For service improvement and usage analysis
• Communication Tools: Email service providers for transactional and marketing emails

5.2 Legal Requirements

We may disclose your information if required by law or to:

• Comply with legal processes, court orders, or government requests
• Enforce our Terms of Service and other agreements
• Protect our rights, property, or safety, and that of our users or the public
• Investigate and prevent fraud, security breaches, or illegal activities

6. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: All data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256
• Access Controls: Strict role-based access controls and multi-factor authentication for our team
• Regular Audits: We conduct regular security audits and penetration testing
• SOC 2 Compliance: Our infrastructure and practices are SOC 2 Type II certified
• Incident Response: We have established procedures for detecting and responding to security incidents

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal data for as long as necessary to:

• Provide our services to you
• Comply with legal, tax, and accounting obligations
• Resolve disputes and enforce our agreements
• Maintain business records and improve our services

Specific retention periods:

• Account Data: Retained while your account is active, plus 90 days after deletion
• Calendar Events: Retained for 2 years after the event date
• Log Data: Retained for 90 days for security and debugging purposes
• Billing Records: Retained for 7 years to comply with tax regulations

8. Your Rights (GDPR & Data Protection)

Under GDPR and other data protection laws, you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Request limitation of processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with your data protection authority

To exercise any of these rights, please contact us at privacy@calendsync.com. We will respond within 30 days.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction, including countries that may not have the same data protection laws. We ensure such transfers comply with applicable laws through:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions confirming appropriate protection levels
• Binding Corporate Rules for transfers within our corporate group
• Data Processing Agreements with all third-party processors

10. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication, security, and basic functionality
• Analytics Cookies: Help us understand how you use our service
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Track effectiveness of our marketing campaigns (with your consent)

You can control cookies through your browser settings. Note that disabling certain cookies may affect service functionality.

11. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at privacy@calendsync.com, and we will delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email notification to registered users
• Displaying a prominent notice in our application

Your continued use of our services after changes indicates acceptance of the updated policy.

13. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

14. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, and shared
• Right to delete personal information held by us
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@calendsync.com with "California Privacy Rights" in the subject line.