Privacy Policy

1. Information We Collect

We collect information to provide our AI calendar services:

• Account Information: Email address, name, profile picture from Google OAuth
• Calendar Data: Event titles, descriptions, times, locations, attendees, and meeting links from your connected Google Calendar
• AI Interactions: Your messages to our AI assistant and the context needed to provide assistance
• Contact Information: Email addresses and names of attendees extracted from calendar events for contact management
• Usage Data: Service interactions, features used, and error logs for improving our service

2. How We Use Your Information

We use the information we collect to:

• Provide AI-powered calendar management and scheduling assistance
• Generate semantic embeddings of your events for intelligent search and recommendations
• Sync calendar data in real-time via webhooks when changes occur
• Process natural language queries to find and manage your events
• Send you technical notices, updates, and support messages
• Track credit usage for AI operations and manage subscription services
• Improve our AI models using anonymized and aggregated data

3. Information Sharing

We do not sell, trade, or otherwise transfer your personal information to third parties. We may share your information only:

• With your explicit consent
• With these service providers under strict confidentiality:
  • Supabase: Database hosting and authentication
  • Anthropic Claude API: AI assistant functionality
  • OpenAI: Event embeddings for semantic search
  • Google Calendar API: Calendar synchronization
  • Stripe: Payment processing (payment data only)
  • Vercel: Application hosting
• To comply with legal obligations
• To protect our rights and prevent fraud

4. Data Security

We implement comprehensive security measures:

• All data encrypted in transit (TLS/SSL) and at rest
• Row Level Security (RLS) policies ensure users can only access their own data
• OAuth 2.0 for secure Google Calendar authentication
• Automatic token refresh to maintain secure connections
• Service role keys stored securely and never exposed to clients
• Real-time webhook validation to prevent unauthorized access
• Regular security audits and updates

5. Calendar Data Processing

Your calendar data is processed with these specific practices:

• Data Storage: Calendar events stored in Supabase PostgreSQL with full encryption
• Real-time Sync: Google Calendar webhooks update your data instantly when changes occur
• Semantic Processing: Event titles and descriptions converted to embeddings for intelligent search
• Attendee Extraction: Contact information from events stored separately for contact management
• Data Retention: Events synced from 4 years past to 4 years future, updated incrementally
• Deletion: When you disconnect, all calendar data and embeddings are permanently deleted
• AI Processing: Only event metadata sent to AI models, never shared with other users

6. Google API Data Usage

CalenAI's use and transfer of information received from Google APIs adheres to theGoogle API Services User Data Policy, including the Limited Use requirements:

• Limited Use: Google Calendar data is used solely to provide CalenAI's calendar management features
• No Sale: We never sell your Google Calendar data to third parties
• No Advertising: Your calendar data is not used for advertising purposes
• Human Review: Google Calendar data is not reviewed by humans unless required for security or compliance
• AI Processing: Calendar data processed by AI models (Claude, OpenAI) only to provide intelligent features
• Data Portability: You can export your calendar data at any time

7. Data Retention

We retain your data according to these policies:

• Active Accounts: Calendar data retained while your account is active
• Account Deletion: All data deleted within 30 days of account closure
• Backup Deletion: Backups and cached data removed within 90 days
• Google Disconnection: Calendar data deleted within 30 days if you revoke Google access
• Webhook Channels: Auto-renewed every 28 days while active

8. Your Rights

You have the right to:

• Access: View all your stored data through the dashboard
• Update: Modify your profile and preferences in settings
• Delete: Remove your account and all associated data permanently
• Export: Download your calendar data in standard formats
• Disconnect: Revoke Google Calendar access at any time through CalenAI settings or Google Account Settings
• Opt-out: Unsubscribe from marketing communications
• Complain: File a complaint with data protection authorities

9. Cookies and Tracking

We use minimal tracking for essential functionality:

• Authentication Cookies: Required for login sessions via Supabase
• Preference Storage: Local storage for UI preferences and settings
• Analytics: Basic usage metrics (no personal data)
• No Third-Party Tracking: We don't use advertising or tracking cookies

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new privacy policy on this page and updating the "Last updated" date.

11. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us at: