Privacy Policy

When you use chosencal, we store:

• Account identifiers — your name and email address from the OAuth provider you sign in with (Google or Microsoft).
• OAuth tokens — access and refresh tokens for each calendar account you connect, stored encrypted at rest in our database.
• Calendar metadata — event titles, times, attendees, and recurrence rules from connected calendars, cached locally to power the sync engine.
• Sync configuration — your chosen sync directions, calendar mappings, and scheduling preferences.

• Sell, rent, or share your data with third parties.
• Use your calendar data for advertising or profiling.
• Train AI models on your personal information.
• Access calendars you haven't explicitly connected.
• Retain your data after you delete your account.

chosencal polls your connected calendar providers every 20 seconds using the OAuth tokens you granted. Event data is cached in our database to detect changes and propagate them across your calendars. We only read and write events — we never modify calendar settings, contacts, or any data outside the calendar scope.

We protect your sensitive data — OAuth access/refresh tokens and cached calendar metadata — with the following mechanisms:

• Encryption at rest — OAuth access tokens and refresh tokens are encrypted with AES-256-GCM before being written to the database. The encryption key is held only in the server environment and is never committed to source control or exposed to the client.
• Encryption in transit — All traffic to and from chosencal is served over HTTPS (TLS 1.2+)with certificates issued and renewed automatically by Let's Encrypt. Calls to Google and Microsoft APIs use the providers' own TLS-protected endpoints.
• Access control — All API routes that touch your data require a valid authenticated session (NextAuth session cookie for the web, short-lived bearer JWT for mobile). Each request verifies that the resource being touched (calendar connection, event, scheduler) belongs to the authenticated user before any read or write.
• Isolation — Data for every user is scoped by userId foreign keys. There are no multi-tenant shared queries. If you self-host, your data never leaves your own machine.
• Hardened infrastructure — The hosted service runs in an isolated container on a virtual machine with SSH hardened (key-only login), a single public TLS port, and automatic OS security updates. The SQLite database lives on an encrypted persistent volume and is not network-reachable.
• Minimal retention — We cache only the fields required for sync (event id, start/end, title, attendees, recurrence rule). We do not keep analytics, telemetry, or behavioral logs. When you disconnect a calendar or delete your account, the associated tokens and cached events are deleted (see §8).

The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.

chosencal integrates with the following providers. We request only the minimum scopes required for the sync and scheduling features you see in the product:

• Google Calendar API — we request:
  • https://www.googleapis.com/auth/userinfo.email and https://www.googleapis.com/auth/userinfo.profile (both non-sensitive) — to identify you and show your name and email in the app.
  • https://www.googleapis.com/auth/calendar (sensitive) — to read events from your Google calendars and write “Busy” blocks back to them so your other calendars stay in sync. This is the only sensitive scope we request from Google, and it is used exclusively for the calendar-sync and scheduling features described in §3.
  • openid (authentication, not data access) — used for Google Sign-In as an OIDC authentication primitive; it does not grant access to any user data.

  chosencal's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer, sell, or use Google user data for advertising, and we do not allow humans to read it except (a) with your explicit consent, (b) to comply with applicable law, or (c) for security purposes such as investigating abuse. Subject also to Google's Privacy Policy.

• Microsoft Graph API — we request:
  • openid, email, profile, offline_access — to identify you and refresh your session.
  • Calendars.ReadWrite— to read events from your Outlook/Microsoft 365 calendars and write “Busy” blocks back to them, mirroring the Google flow above.

  Subject to Microsoft's Privacy Statement.

• CalDAV servers — direct protocol connections to Fastmail, Titan, Apple iCloud, or any CalDAV-compatible server you configure with your own credentials. No third-party intermediary.
• Lemon Squeezy — payment processor for paid plans. We send only your email and plan choice at checkout. We never receive or store card numbers. Subject to Lemon Squeezy's Privacy Policy.

chosencal does not use artificial intelligence or machine learning services in the processing of your Google or Microsoft user data. Specifically:

• We do not send your calendar events, attendees, titles, or any other Google or Microsoft user data to OpenAI, Anthropic, Google Gemini, or any other third-party AI provider.
• We do nottrain, fine-tune, or otherwise improve any AI model — our own or anyone else's — using your data.
• Our “preference detection” feature uses deterministic statistics (frequency counts and histograms over your own event history, computed locally on our server) to suggest working-hour windows. This is not machine learning; it is arithmetic, and the results are visible only to you.
• If we ever add a feature that does use a third-party AI service, we will update this policy, disclose the provider, and give you an opt-in before any of your data is sent.

We use a single session cookie to keep you signed in. We do not use analytics trackers, advertising pixels, or fingerprinting. There is no cookie banner because there is nothing to consent to beyond the session cookie required for the app to function.

You can disconnect any calendar at any time from the Calendars page. To delete your account entirely, contact us at hello@chosencal.com. We will delete all your data — OAuth tokens, cached events, sync configuration — within 48 hours.

If we change this policy, we'll update the date at the top. For material changes, we'll notify you via the email on your account. The current version always lives at chosencal.com/privacy.

Questions? Email hello@chosencal.com.