Privacy Policy

1. Information We Collect

CalSync collects the minimum information necessary to provide our calendar synchronization service:

• Your name, email address, and profile photo from Google Sign-In
• OAuth tokens to access your Google Calendar data
• Calendar event metadata necessary for synchronization
• Payment information processed securely through Stripe

2. How We Use Your Information

We use your information solely to:

• Authenticate your identity and manage your account
• Read and write calendar events as configured by your automations
• Process subscription payments
• Send transactional notifications about your account

3. Data Storage & Security

All OAuth tokens are encrypted at rest using AES-256-GCM encryption. We do not store the content of your calendar events beyond the metadata necessary for tracking synchronization state.

4. Data Sharing & Third-Party Services

We do not sell, trade, or transfer your personal information to third parties for purposes unrelated to providing our service. We share data only with the following service providers, solely to operate CalSync:

• Google — to read and write calendar events via the Google Calendar API as configured by your automations
• Clerk — to authenticate your identity and manage sign-in sessions
• Supabase — to securely store your account data, sync configurations, and encrypted OAuth tokens
• Stripe — to process subscription payments (CalSync does not store your credit card details)

These providers access only the data necessary to perform their specific function and are bound by their own privacy policies and data protection obligations.

5. Data Retention & Deletion

We retain your personal information for as long as your account is active or as needed to provide you with our service. Specifically:

• Account data (name, email, profile photo) is retained for the lifetime of your account
• OAuth tokens are retained while your calendar connections are active and are revoked and deleted when you disconnect a calendar or delete your account
• Sync logs are retained for 30 days for debugging purposes, then automatically deleted
• Payment records are retained as required by applicable tax and accounting laws

You can delete your account at any time from your dashboard. You may also request account deletion by emailing support@captivedemand.com. Upon deletion, all your data — including OAuth tokens, sync configurations, and account information — will be permanently removed within 30 days. Previously synced events will remain in your Google Calendars as standalone events.

6. Prohibited Uses of Google User Data

CalSync does not use Google user data for any purpose other than providing and improving the calendar synchronization features you have configured. In particular, we do not:

• Use Google user data for targeted, personalized, or interest-based advertising
• Sell Google user data to data brokers, information resellers, or any third party
• Use Google user data to train artificial intelligence or machine learning models
• Use Google user data to determine creditworthiness or for lending purposes
• Transfer Google user data to any third party for purposes unrelated to providing our service

7. Google API Services

CalSync's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

8. Contact

For questions about this privacy policy or to request deletion of your data, contact us at support@captivedemand.com.