GudCalGudCal

Privacy Policy

GudCal Privacy Policy — how we collect, use, and protect your data.

Last updated: February 2026

This Privacy Policy describes how GudCal ("we", "us", or "our") collects, uses, and shares information when you use our scheduling platform.

Information We Collect

Account Information

When you create an account, we collect your name, email address, and profile information provided through your authentication provider (e.g., Google OAuth).

Scheduling Data

We collect information related to your use of the platform, including event types you create, availability schedules, booking details (guest names, emails, times, notes), and calendar connection data.

Calendar Data

When you connect a calendar (e.g., Google Calendar), we access your calendar events solely to check for scheduling conflicts and create new events for confirmed bookings. We do not store the content of your existing calendar events.

Usage Data

We collect standard usage data including page views, feature usage, browser type, and IP address to improve the platform.

How We Use Your Information

  • Provide the service — scheduling, booking management, calendar sync, and notifications
  • Send notifications — booking confirmations, reminders, and cancellation notices
  • Process payments — subscription billing through Stripe (we do not store credit card numbers)
  • Improve the platform — analytics and usage patterns to guide development
  • Prevent abuse — rate limiting and fraud detection

Third-Party Services

We use the following third-party services that may process your data:

  • Stripe — payment processing
  • Google — OAuth authentication and calendar integration
  • Resend — transactional email delivery
  • Neon — database hosting (cloud version)
  • Vercel — application hosting and analytics (cloud version)
  • Microsoft Clarity — session replay and heatmap analytics to understand how users interact with the platform. Clarity may collect anonymized interaction data such as clicks, scroll behavior, and page navigation. For more information, see Microsoft Clarity's privacy policy

Data Retention

We retain your account and scheduling data for as long as your account is active. When you delete your account, we remove your personal data within 30 days. Booking records may be retained in anonymized form for analytics.

Data Security

We encrypt calendar tokens at rest using AES-256-GCM. Authentication sessions are managed with HTTP-only cookies. API keys are hashed before storage.

Your Rights

You may request access to, correction of, or deletion of your personal data by contacting us at support@gudcal.com. You can delete your account at any time from the Dashboard Settings page.

Self-Hosted Instances

If you self-host GudCal, you are responsible for your own data handling and privacy compliance. This privacy policy applies only to the cloud-hosted version at gudcal.com.

Changes

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the platform.

Contact

For privacy-related questions, contact us at support@gudcal.com.