Privacy Policy

Last updated: December 7, 2025

Overview

Caldar ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share information when you use our calendar availability sharing service at caldar.app.

Google User Data

This section specifically describes how Caldar accesses, uses, stores, and shares Google user data, in compliance with the Google API Services User Data Policy.

Data Accessed

When you connect your Google account to Caldar, we request access to the following Google user data:

  • Google Calendar Events: We access your calendar event data (including event titles, times, and busy/free status) through the Google Calendar API. This access is limited to the calendars you authorize.
  • Basic Profile Information: We access your Google account email address and account identifier for authentication purposes.

How We Use Google User Data

Caldar uses your Google user data solely for the following purposes:

  1. Displaying Availability: Your calendar data is used exclusively to calculate and display your free/busy availability to people you share your Caldar link with. We do not display event titles or details—only time slots when you are available or unavailable.
  2. Authentication: Your Google account identifier and email are used to authenticate you and link your availability URLs to your account.

Caldar's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Data Storage Practices

We do not permanently store your calendar event data. Here is exactly what happens with your data:

Data TypeStorage DurationPurpose
Calendar eventsNot stored (fetched in real-time)Your calendar data is retrieved directly from Google's servers each time someone views your availability link. Once the page session ends, no calendar data is retained.
Google account IDStored while account is activeLinks your availability URLs to your account
OAuth refresh tokensStored while account is active (encrypted)Allows Caldar to access your calendar on your behalf without requiring you to re-authenticate
Availability link settingsStored while account is activeYour preferences for each availability link you create

Data Sharing

We do not sell, rent, trade, or transfer your Google user data to any third parties.

Your calendar availability information is only displayed to people who access the specific availability links that you create and choose to share. You control who receives these links.

We do not share your data with:

  • Advertisers
  • Data brokers
  • Analytics companies
  • Any other third parties

Data Retention and Deletion

  • Calendar data: Not retained—fetched in real-time and discarded after each session
  • Account data: Retained until you delete your account or revoke access
  • Upon account deletion: All stored data (account identifiers, tokens, and availability link configurations) is permanently deleted within 30 days

Information Collection and Use

Information You Provide

  • Account registration information (via Google OAuth)
  • Availability link configurations and preferences

Information Collected Automatically

When you use Caldar, we may automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Usage analytics to improve our service

This automatically collected information is used solely for service operation and improvement, and is not combined with your Google user data.

Data Security

We implement industry-standard security measures to protect your information:

  • All data transmission is encrypted using HTTPS/TLS
  • OAuth tokens are stored using encryption at rest
  • We follow security best practices for authentication and data handling
  • Regular security reviews and updates

Third-Party Services

Google

We use Google OAuth 2.0 for authentication and the Google Calendar API to access your calendar data. Google's privacy policy applies to data processed by Google: https://policies.google.com/privacy

Infrastructure Providers

We use trusted cloud infrastructure providers to host our service. These providers are contractually obligated to protect your data and only process it on our behalf.

Your Rights and Controls

You have the following rights regarding your data:

  • Revoke Access: You can revoke Caldar's access to your Google account at any time through your Google Account permissions. This immediately stops Caldar from accessing your calendar data.
  • Delete Availability Links: You can delete any availability links you've created at any time from within Caldar.
  • Delete Your Account: You can request complete deletion of your account and all associated data by contacting us at privacy@caldar.app.
  • Data Export: You can request a copy of your stored data by contacting us.

Children's Privacy

Caldar is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:

  • Posting the updated policy on this page
  • Updating the "Last updated" date
  • Sending an email notification for significant changes (if we have your email)

Your continued use of Caldar after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Compliance

This privacy policy is designed to comply with:

  • Google API Services User Data Policy
  • Google APIs Terms of Service
  • General Data Protection Regulation (GDPR) where applicable
  • California Consumer Privacy Act (CCPA) where applicable