Privacy Policy

At KalSync, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our scheduling platform service.

This policy applies to information we collect through our website, application, and related services (collectively, the "Service"). Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

1. INFORMATION WE COLLECT

1.1 Information You Provide Directly

Account Information

• Name and email address
• Password (stored in encrypted format)
• Profile photo (optional)
• Time zone and language preferences
• Organization name and role (for business accounts)

Scheduling Information

• Calendar event details (title, description, duration, location)
• Availability preferences and scheduling rules
• Invitee information (names, email addresses, phone numbers if provided)
• Meeting notes and custom questions/responses
• Integration preferences with third-party calendars

Payment Information

• Billing name and address
• Payment method details (processed securely through Stripe)
• Transaction history and invoices
• Tax identification numbers (where required)

Communications

• Support tickets and correspondence
• Feedback and survey responses
• Marketing preferences

1.2 Information Collected Automatically

Usage Information

• Pages viewed and features used
• Click-through rates and interaction data
• Search queries within the Service
• Scheduling patterns and frequency
• Error logs and performance data

Device and Technical Information

• IP address and approximate location (city/country level)
• Browser type and version
• Operating system and device type
• Screen resolution and device identifiers
• Referring website or application
• Access times and dates

Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to:

• Essential Cookies: Required for Service functionality
• Performance Cookies: Help us improve Service performance
• Functional Cookies: Remember your preferences
• Analytics Cookies: Understand usage patterns
• Marketing Cookies: Deliver relevant advertisements (if applicable)

1.3 Information from Third-Party Sources

• Calendar data from integrated services (Google, Outlook, etc.)
• Contact information from integrated CRM systems
• Authentication information from single sign-on providers
• Payment verification from financial service providers
• Publicly available information for verification purposes

2. HOW WE USE YOUR INFORMATION

2.1 To Provide and Maintain the Service

• Create and manage your account
• Process and facilitate appointment scheduling
• Sync with your external calendars
• Send booking confirmations and reminders
• Process payments and manage subscriptions
• Provide customer support

2.2 To Improve and Develop the Service

• Analyze usage patterns and trends
• Develop new features and functionality
• Conduct research and testing
• Troubleshoot and fix issues
• Personalize your experience

2.3 To Communicate with You

• Send service-related notifications
• Respond to your inquiries and requests
• Send marketing communications (with your consent)
• Provide updates about new features
• Send security alerts and legal notices

2.4 For Legal and Security Purposes

• Comply with legal obligations
• Protect against fraud and abuse
• Enforce our Terms of Service
• Protect our rights and property
• Ensure the security of our users

3. LEGAL BASIS FOR PROCESSING (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, we process your personal data based on the following legal grounds:

3.1 Contract Performance

Processing necessary to fulfill our contract with you, including account creation, service delivery, and payment processing.

3.2 Legitimate Interests

Processing based on our legitimate interests, such as:

• Improving and securing our Service
• Fraud prevention and detection
• Direct marketing (where permitted)
• Network and information security

3.3 Consent

Processing based on your consent for marketing communications and non-essential cookies. You may withdraw consent at any time.

3.4 Legal Obligations

Processing necessary to comply with legal requirements, such as tax regulations or court orders.

4. HOW WE SHARE YOUR INFORMATION

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

4.1 With Your Consent

• When you explicitly agree to sharing
• When you share scheduling links publicly
• When you connect third-party integrations

4.2 Service Providers

We share information with trusted third-party service providers who assist us in:

• Payment processing (Stripe)
• Email delivery (SendGrid, Resend)
• Cloud hosting (AWS, Vercel)
• Analytics (PostHog, Vercel Analytics)
• Customer support tools
• Security and fraud prevention

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change.

4.4 Legal Requirements

We may disclose your information if required by law or if we believe such action is necessary to:

• Comply with legal obligations or court orders
• Protect and defend our rights or property
• Prevent or investigate wrongdoing
• Protect the safety of users or the public

4.5 Aggregated or Anonymized Data

We may share aggregated or anonymized data that cannot be used to identify you for research, marketing, or other purposes.

5. DATA RETENTION

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

5.1 Active Accounts

We retain your information while your account is active and as needed to provide services.

5.2 After Account Closure

• Account data: Deleted within 90 days
• Backup copies: Removed within 180 days
• Legal/tax records: Retained as required by law (typically 7 years)
• Anonymized analytics: May be retained indefinitely

5.3 Invitee Data

Information about invitees who schedule appointments is retained for the duration specified by the account holder, typically 12-24 months.

6. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

6.1 Security Measures

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Regular security audits and vulnerability assessments
• Access controls and authentication requirements
• Employee training on data protection
• Incident response procedures
• Regular backups and disaster recovery plans
• PCI DSS compliance for payment processing

6.2 Your Responsibilities

You are responsible for maintaining the confidentiality of your account credentials and for restricting access to your devices. Please notify us immediately of any unauthorized use of your account.

6.3 Data Breach Notification

In the event of a data breach that may affect your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

7. YOUR PRIVACY RIGHTS

Depending on your location, you may have certain rights regarding your personal information:

7.1 Rights Under GDPR (European Economic Area & UK)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit processing of your data
• Portability: Receive your data in a portable format
• Objection: Object to certain processing activities
• Automated Decision-Making: Not be subject to automated decisions
• Withdraw Consent: Withdraw previously given consent

7.2 Rights Under CCPA (California)

• Know: Information about data collection and sharing
• Delete: Request deletion of your personal information
• Opt-Out: Opt-out of the sale of personal information (we do not sell data)
• Non-Discrimination: Equal service regardless of privacy choices
• Authorized Agent: Designate an agent to make requests

7.3 How to Exercise Your Rights

To exercise any of these rights:

• Access your account settings for self-service options
• Contact our support team through your dashboard
• Email our privacy team at [email protected]
• Submit a request through our privacy portal

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

8. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws than your jurisdiction.

8.1 Transfer Mechanisms

For transfers from the EEA to non-adequate countries, we rely on:

• Standard Contractual Clauses approved by the European Commission
• Your explicit consent where appropriate
• Other valid transfer mechanisms under applicable law

8.2 Data Localization

Where required by local law, we store and process data within specific geographic regions. Contact us for information about data localization in your jurisdiction.

9. COOKIES AND TRACKING

9.1 Types of Cookies We Use

• Strictly Necessary: Required for basic functionality
• Performance: Help us understand how the Service is used
• Functionality: Remember your preferences and settings
• Analytics: Aggregate data about site traffic and interactions

9.2 Managing Cookies

You can control cookies through:

• Our cookie preference center (when available)
• Your browser settings
• Third-party opt-out tools

Note that disabling certain cookies may limit Service functionality.

9.3 Do Not Track

We do not currently respond to Do Not Track signals. However, you can manage your preferences through our cookie settings and privacy controls.

10. THIRD-PARTY LINKS AND INTEGRATIONS

10.1 Third-Party Websites

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies.

10.2 Calendar Integrations

When you connect third-party calendars (Google, Outlook, etc.), you grant us access to calendar data necessary for scheduling. We access only the minimum data required and in accordance with the third-party's API terms.

10.3 Payment Processing

Payment information is processed by Stripe. We do not store credit card numbers. Please review Stripe's privacy policy for information about their practices.

11. CHILDREN'S PRIVACY

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information.

If you believe we have collected information from a child under 16, please contact us immediately at [email protected].

12. MARKETING COMMUNICATIONS

12.1 Marketing Emails

With your consent, we may send you marketing emails about our products, features, and promotions. You can opt-out at any time by:

• Clicking the unsubscribe link in any marketing email
• Updating your communication preferences in account settings
• Contacting our support team

12.2 Service Communications

We may send you non-promotional communications about your account, such as security alerts, billing notices, and service updates. These are necessary for the Service and cannot be opted out of while maintaining an account.

13. REGION-SPECIFIC PROVISIONS

13.1 European Economic Area & United Kingdom

• Data Controller: KalSync is the data controller for personal data collected through the Service
• Representative: [To be designated if required]
• Supervisory Authority: You have the right to lodge a complaint with your local data protection authority

13.2 California

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). We do not sell or share personal information as defined by California law.

13.3 Nevada

Nevada residents may opt-out of the sale of personal information. We do not sell personal information, but you may register your preference by contacting us.

13.4 Brazil

Brazilian residents have rights under the Lei Geral de Proteção de Dados (LGPD) similar to those under GDPR. Contact us to exercise your rights under LGPD.

13.5 Australia

Australian residents have rights under the Privacy Act 1988 and Australian Privacy Principles. We comply with these requirements for Australian users.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes:

• We will update the "Effective Date" at the top of this policy
• We will notify you by email or through the Service
• We will provide at least 30 days notice for material changes
• We may request your consent where required by law

Continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

15. CONTACT INFORMATION

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Privacy Officer

• Email: [email protected]
• Support Portal: Through your account dashboard
• Website: kalsync.com/contact

Mailing Address

KalSync Privacy Department
[Physical address to be provided]
[City, State/Country, Postal Code]

Data Protection Officer (if applicable)

For GDPR-related inquiries: [email protected]

We aim to respond to all privacy-related requests within 30 days, or sooner if required by applicable law.