Privacy Policy

What Calendar Data We Access

When you grant permission, the app accesses your calendar through either:

• Apple EventKit (iOS), or
• Google Calendar API (Android & Google Accounts).

The app retrieves only free/busy information required to calculate suitable meeting times.

What We Do Not Access

We explicitly do not access or store:

• Event titles
• Descriptions or notes
• Attendee lists
• Locations
• Reminders or attachments
• Any other event content

Purpose of Processing

We use your free/busy data solely to:

• Detect when you are available; and
• Generate meeting time suggestions for you and the people you invite.

This is strictly limited to functionality within the app.

Legal Basis

The legal basis for processing your calendar availability is your explicit consent (Art. 6(1)(a) GDPR). You may withdraw your consent at any time by revoking calendar access in your device settings or by deleting your account.

Storage of Calendar Data

We do not store sensitive calendar content on our servers. Temporary free/busy data may be processed in-memory to generate suggestions, but it is not persisted beyond what is necessary for the feature to function.

No Human Access

No member of our team can view your calendar data at any time. All processing is automated and restricted to the minimum required for the feature.

No Sharing of Calendar Data

We do not sell, rent, or share your calendar data with third parties.

Third-Party Services Used

Our app uses the following infrastructure services:

• AWS DynamoDB - stores user profiles and meeting records
• AWS Lambda - executes server-side logic
• AWS API Gateway - provides secure API endpoints
• AWS Cognito - handles authentication (OAuth + User Pool)
• Groq API - used exclusively to generate meeting recommendations and does not receive your raw calendar data
• Google Calendar API - used only when you explicitly connect your Google account
• Google OAuth 2.0 - for authentication with Google
• Firebase Core / Analytics / Crashlytics - for app analytics and crash diagnostics (no calendar data is transmitted)

All third-party services comply with security best practices and data protection requirements.

International Transfers

Some services (Google, AWS, Groq) may process data outside the EU. In such cases, we rely on:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions
• Other legally recognized safeguards

Your Rights

You have the right to:

• Access your personal data
• Request deletion
• Withdraw consent
• Object to processing
• File a complaint with your local data protection authority

To exercise these rights, contact us at: [insert email]