Privacy Policy

1. Information We Collect

We collect information you provide when creating an account, including your name, email address, and Google account profile information obtained through OAuth sign-in.

We also collect usage data such as booking events created, slots selected, and interaction logs to improve the service.

2. Google Calendar Data

Easycal accesses Google Calendar data through the Google Calendar FreeBusy API. We query only free/busy status for the time ranges relevant to your booking events — we do not read event titles, descriptions, attendees, or other calendar details.

When you connect your Google account, we store an OAuth refresh token to make calendar queries on your behalf. This token is stored securely in our database and is used solely to check availability and create calendar events when a booking is confirmed.

Team members whose availability is checked do not need to sign up. Their free/busy data is queried through standard Google Calendar permissions granted by the organizer's connected account.

3. Authentication

We use Supabase as our authentication provider. You sign in via Google OAuth, and Supabase manages your session tokens. We do not store your Google password. Your authentication session is maintained through secure, HTTP-only cookies.

4. Billing & Payments

Payment processing is handled entirely by Stripe. When you subscribe to a paid plan, your payment details are collected and stored by Stripe — we never see or store your full credit card number. We receive only a confirmation of your subscription status, plan details, and billing history from Stripe.

5. Cookies & Local Storage

We use essential cookies to maintain your authentication session. We also store your theme preference (light/dark mode) in your browser's localStorage.

We do not use third-party tracking cookies or advertising cookies.

6. Third-Party Services

We share data with the following third-party services, each for a specific purpose:

• Google — Calendar API for availability checks and event creation • Supabase — Authentication and database hosting • Stripe — Payment processing and subscription management • Resend — Transactional emails (booking confirmations, reminders, follow-ups)

Each provider processes data according to their own privacy policy. We only share the minimum data necessary for each service to function.

7. Data Retention

We retain your account data for as long as your account is active. Booking event data is retained for 12 months after the event date, then automatically deleted. If you delete your account, we remove your personal data within 30 days, except where retention is required by law.

8. Your Rights

You have the right to access, correct, or delete your personal data at any time. You can disconnect your Google account from Easycal, which revokes our access to your calendar data and deletes your stored refresh token.

To exercise these rights, contact us at legal@easycal.io or use the account settings in the application.

9. Children's Privacy

Easycal is not intended for use by children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. Continued use of Easycal after changes constitutes acceptance of the revised policy.

11. Contact Us

For privacy-related inquiries, contact us at legal@easycal.io or write to:

Easycal Inc. Email: legal@easycal.io