Privacy
Your data,
treated calmly.
Plain-language privacy. No third-party tracking. No data sales. Just what we collect, why, and how to remove it.
01
What we collect
When you sign up, we collect your email and a password hash. When you complete onboarding, we add your display name, username, bio, and timezone. That's it on the account side.
When someone books with you, we collect their name, email, timezone, and any notes they include. This is the bare minimum needed to send confirmation emails.
We log standard request metadata: IP address, user agent, request path, and response time. These are kept for 30 days for debugging and abuse prevention, then deleted.
02
What we don't collect
No third-party tracking. No advertising pixels. No behavioral profiling. No cross-site analytics.
We don't sell, rent, or share your data with anyone. There is no data broker arrangement.
03
How we store it
Passwords are bcrypt-hashed before storage; we never see your plaintext password.
Database is PostgreSQL with at-rest encryption. Backups are encrypted and rotated weekly.
Sessions are httpOnly, Secure cookies with CSRF protection. Tokens are never exposed to JavaScript.
04
Calendar integrations
When you connect Google Calendar, we receive an OAuth token scoped to read and write calendar events. We use it only to detect conflicts and create booking events on your calendar.
We do not read events outside of conflict detection. We do not store the contents of your existing calendar events.
You can disconnect calendar integrations at any time from Dashboard → Settings → Calendars. Disconnection revokes the token immediately.
05
Transactional emails (booking confirmations, cancellations, reminders) are sent via Resend. They store the email address and message body for delivery purposes.
We do not send marketing emails to attendees. We do not add you or your guests to any newsletter.
06
Your rights
Export: contact us and we'll send you a JSON export of your account, event types, availability, and bookings.
Deletion: contact us and we'll permanently delete your account and all associated data within 7 days. This includes bookings made by guests, anonymized after deletion.
Correction: most fields are editable in Dashboard → Settings. For anything else, contact us.
07
Changes
If we make material changes to this policy, we'll notify you by email at least 30 days before they take effect. The current version is dated below.
Last updated: May 28, 2026. Questions? Contact us.