Legal

Privacy Policy

Last updated: May 9, 2025

CalendarHub ("we", "our", or "us") is committed to protecting your personal data. This policy explains what we collect, how we use it, and your rights under applicable law including India's Digital Personal Data Protection Act (DPDPA) 2023.

Overview

CalendarHub is a scheduling and calendar management platform that enables individuals and teams to coordinate meetings, sync calendars, and streamline booking workflows. When you use CalendarHub, we collect and process personal data to deliver these services.

This Privacy Policy applies to all users of CalendarHub's website, web application, and related services. By creating an account or using our services, you agree to this policy. If you do not agree, please discontinue use of the service.

Information We Collect

Account Information

When you register, we collect your name, email address, and a hashed password. If you sign in via Google OAuth, we receive your Google profile name, email address, and profile picture as permitted by your Google account consent screen.

Calendar & Scheduling Data

To enable calendar synchronisation and conflict detection, we access your connected Google Calendar events (read and write) when you explicitly authorise this integration. We store meeting metadata such as titles, attendee email addresses, start/end times, Google Meet links, and notes.

Booking & Appointment Data

When someone books a meeting through your CalendarHub scheduling page, we collect the booker's name, email address, selected time slot, and any custom form fields you have configured. This information is stored to fulfil the booking and send confirmations.

Usage & Technical Data

We collect standard server logs including IP addresses, browser user-agent strings, referrer URLs, pages visited, and timestamps. This data is used for security monitoring, abuse prevention, and improving service reliability.

Communications

If you contact our support team, we retain records of your communications to resolve your inquiry and improve our services.

How We Use Your Information

We use personal data only for the purposes for which it was collected:

  • Providing, maintaining, and improving the CalendarHub service
  • Authenticating your identity and managing your account
  • Syncing and displaying your calendar events and availability
  • Creating Google Meet conference links for scheduled appointments
  • Sending booking confirmations, reminders, and calendar invitations via email
  • Processing meeting transcriptions and AI-generated summaries (where enabled)
  • Detecting and preventing fraud, abuse, and security incidents
  • Responding to support requests and inquiries
  • Complying with legal obligations

We do not sell your personal data to third parties or use it for targeted advertising.

Google OAuth & Calendar Integration

CalendarHub uses Google OAuth 2.0 to allow you to sign in with your Google account and optionally connect your Google Calendar. The following specific practices apply to Google-sourced data:

Scopes Requested

We request openid, email, profile for sign-in, and https://www.googleapis.com/auth/calendar for calendar access. Calendar access is only requested when you explicitly connect your Google Calendar from the Integrations settings.

Data Usage Limits

Google Calendar data is used exclusively for conflict detection, availability calculation, and meeting creation. We do not use your Google data to train AI models, serve ads, or share with third parties beyond what is strictly necessary to operate the calendar features.

Token Storage

OAuth refresh tokens are encrypted at rest in our database and are never logged or exposed through any API endpoint.

Revocation

You can disconnect Google Calendar at any time from Settings → Integrations. Doing so immediately revokes our access and removes stored tokens. You may also revoke access directly from your Google Account permissions page.

Data Sharing

We do not sell, rent, or trade your personal data. We share information only in these limited circumstances:

Service Providers

We engage trusted sub-processors — including our cloud infrastructure provider (Google Cloud Platform), transactional email provider (Resend), and analytics provider (Vercel Analytics) — who process data on our behalf under strict confidentiality obligations.

Meeting Participants

When a meeting is booked, the host's name and the confirmed time are shared with the invitee via email confirmation. This is inherent to the scheduling service.

Legal Requirements

We may disclose personal data if required by applicable law, court order, or governmental authority, or to protect the rights, property, or safety of CalendarHub, our users, or the public.

Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction. We will notify affected users before any such transfer.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy or as required by law.

Data TypeRetention Period
Account & profile dataDuration of account + 30 days after deletion request
Meeting & appointment records2 years from meeting date
Google OAuth tokensUntil calendar integration is disconnected
Email logs (booking confirmations)90 days
Security & audit logs12 months
Deleted account dataPurged within 30 days of account deletion

You may request early deletion of your data at any time (see Your Rights below). Some data may be retained longer if required by applicable law or to resolve disputes.

DPDPA Compliance

CalendarHub complies with India's Digital Personal Data Protection Act (DPDPA) 2023. As a data fiduciary, we uphold the following principles:

Lawful Processing

We process personal data only based on your explicit consent or to fulfil a contract with you.

Purpose Limitation

Data is collected and used only for the specific purposes disclosed at the time of collection.

Data Minimisation

We collect only the minimum personal data necessary to provide the requested service.

Accuracy

We take reasonable steps to keep personal data accurate and up to date.

Storage Limitation

Personal data is not retained beyond the period necessary for its stated purpose.

Security

We implement appropriate technical and organisational measures to protect personal data.

Our Data Protection Officer can be reached at dpo@calendarhub.in for any DPDPA-related inquiries or to exercise your rights under the Act.

Your Rights

As a data principal under the DPDPA (and consistent with international privacy standards), you have the following rights with respect to your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Correction: Ask us to correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data (right to be forgotten), subject to legal retention requirements.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Withdraw Consent: Withdraw consent at any time; this will not affect prior lawful processing.
  • Right to Grievance Redressal: Lodge a complaint with our Grievance Officer or with the Data Protection Board of India.

To exercise any of these rights, email privacy@calendarhub.in. We will respond within 30 days.

Data Security

We implement industry-standard technical and organisational security measures:

  • All data in transit is encrypted using TLS 1.2 or higher
  • Passwords are hashed using bcrypt with an appropriate cost factor
  • OAuth tokens are encrypted at rest
  • Database access is restricted to application-layer service accounts
  • Session tokens are short-lived and tracked for instant invalidation
  • Security events are logged in an audit trail
  • Regular security reviews and penetration testing

In the event of a personal data breach, we will notify affected users without undue delay and report to the Data Protection Board of India where required by law.

Cross-Border Data Transfers

CalendarHub is hosted on Google Cloud Platform infrastructure which may process data in data centres outside India. Where personal data is transferred internationally, we ensure appropriate safeguards are in place and such transfers comply with applicable law including DPDPA requirements. By using CalendarHub, you consent to such transfers for the purposes of service delivery.

Cookies & Tracking

We use the following types of cookies and similar technologies:

Strictly Necessary: Session authentication cookies required for login and CSRF protection. These cannot be disabled.
Analytics: Vercel Analytics collects anonymised page view data to help us understand usage patterns. No personally identifiable information is included.
Preferences: Cookies that remember your UI preferences such as cookie consent state.

Children's Privacy

CalendarHub is not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us at privacy@calendarhub.in and we will promptly delete such data.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or in-app notification. Your continued use of CalendarHub after the effective date of the updated policy constitutes your acceptance of the changes.

Contact Us

For privacy inquiries, data subject requests, or to reach our Data Protection Officer:

Privacy Team

privacy@calendarhub.in

Data Protection Officer

dpo@calendarhub.in