Privacy
Your data is yours.
Last updated May 3, 2026
We built Calendoer the way we'd want a calendar to be built: quietly. This page explains, in plain language, what we collect, what we don't, and why. Plain English first; the legal foundations sit underneath. If anything is unclear, write to privacy@calendoer.ai.
The short version: We keep what's needed to run your calendar and nothing more. Voice and flyer images stay on your device. We don't run third-party analytics. We don't sell or share your data with anyone you haven't connected yourself.
Who we are
Calendoer is a small team building a calendar for the browser, iPhone, and Apple Watch. The controller of your personal data is Calendoer (the company operating calendoer.ai). Reach the privacy lead at privacy@calendoer.ai.
What we collect
Account information
When you sign in with Apple or Google, we receive your email address, a display name, and (if you provide one) an avatar URL. These come from Apple's or Google's identity service. We store them in our backend (Supabase) so we can recognize you when you return.
Your content
Events, tasks, notes, and reminders that you create or import into Calendoer are stored in our backend so they can be available across launches, browser sessions, iPhone, Apple Watch, and widgets. This includes the title, time, location text, notes, and any tags you add.
Integration data
When you connect a third-party service we support (Google Calendar, Outlook, Notion, Linear, Todoist, and Obsidian), we receive an OAuth access token from that service. We store it server-side, encrypted at rest, and use it only to sync the specific calendars or databases you select. We also store the identifiers of those calendars/databases (so we know which ones to read and write).
Device data
To send you reminder notifications, we store the Apple Push Notification Service token your device generates, plus your time zone and locale. The token is a random identifier from Apple - not meaningful on its own.
What we do not collect
- Audio. Voice capture is transcribed on your device using platform speech tools where available. Raw audio is not stored by Calendoer.
- Photos and camera images. Flyer scanning runs on-device through Apple's Vision framework on iPhone. The image bytes stay on your device; only the text the OCR extracts (and only after you choose to save the resulting event or task) ever reaches our servers.
- Advertising identifiers. We do not collect IDFA, do not request App Tracking Transparency, and do not run ad SDKs.
- Third-party analytics. No Google Analytics, Firebase, Mixpanel, Amplitude, or similar SDKs run inside the app.
- Location. Calendoer does not request your location and does not collect GPS data.
- Contacts. We do not read your contacts.
- Crash analytics or behavioral data. Calendoer ships without any crash-reporting SDK. If we add one, we will update this page first and tell you what changed.
How we use your data
We use the data above for one purpose: to operate Calendoer for you. Concretely: to authenticate you, to display your calendar and tasks, to keep them in sync with the services you connected, to send the notifications you've asked for, and to provide support if you write to us. We do not use your data to train AI models. We do not sell your data to anyone.
Who we share data with
We use a small set of sub-processors to operate the service. We share only what each one needs to do its job.
| Processor | What they receive | Why |
|---|---|---|
| Supabase | Account info, your content, integration tokens | Database, authentication, file storage backend |
| Apple (APNs) | Push notification token, notification payloads | Delivering reminder notifications to your device |
| OAuth token + selected calendar IDs | Reading and writing the Google Calendar events you opted in to - only if you connect Google | |
| Notion | OAuth token + selected database IDs | Reading and writing the Notion items you opted in to - only if you connect Notion |
| Microsoft (Outlook) | OAuth token + selected calendar IDs | Reading and writing the Outlook events you opted in to - only if you connect Outlook |
That's the whole list. If we add a sub-processor, we'll update this table.
How long we keep it
We keep your data while your account exists. When you delete your account from Settings → Privacy & data → Delete account, we remove your data from production systems within 30 days. Encrypted backups expire within 90 days. After that, your data is gone from our systems.
Your rights
You can:
- Delete your account and all your data from the Settings screen in the app, anytime.
- Disconnect any integration from Settings → Integrations. We delete the OAuth token and stop reading from that service immediately.
- Turn off push notifications from iOS Settings → Notifications → Calendoer.
- Request a copy of the data we hold about you by emailing privacy@calendoer.ai. We'll respond within 30 days.
Children
Calendoer is not directed to children under 13 in the United States or under 16 in the EEA, and we don't knowingly collect personal information from them. If you believe a child has used the app, write to us and we'll remove their data.
International transfers
Our backend runs on Supabase in the United States. If you use Calendoer from outside the US, your data is transferred to and processed in the US. We rely on Standard Contractual Clauses where required.
California (CCPA / CPRA)
If you live in California, you have the right to know what categories of personal information we collect and why, the right to access the specific information we hold, the right to delete it, and the right to non-discrimination for exercising any of these rights. This page describes the categories we collect (account info, user content, identifiers); the contact for requests is privacy@calendoer.ai. We do not sell personal information, and we do not share it for cross-context behavioral advertising.
EU and UK (GDPR)
If you're in the EEA, the UK, or Switzerland, our legal bases for processing are: contract (we need your data to provide the service you signed up for), consent (for each integration you choose to connect), and legitimate interest (keeping the service secure and operational). You have the right to access, correct, port, restrict, or erase your data; to object to processing; and to lodge a complaint with your local supervisory authority. To exercise any of these rights, email privacy@calendoer.ai.
Security
Data in transit is protected with TLS 1.2+. Data at rest is encrypted by Supabase. OAuth tokens are stored server-side only and never sent back to the client. We follow least-privilege access for all production systems and rotate credentials regularly.
Changes to this policy
If we make a material change - adding analytics, changing what data leaves your device, expanding the integration list - we'll notify you in the app before the change takes effect. Minor edits (clarifications, typo fixes) we'll just publish here.
Contact
Questions, requests, or just want to talk to a person? Email privacy@calendoer.ai. A real human will read it.