Privacy Policy

Last updated: 19 May 2026

Calendar Family ("the Service") is operated by Zoom Buzz Ltd ("we", "us", "our"). This policy explains what data we collect, why, and how we protect it.

What data we collect

When you use Calendar Family, we collect and process the following:

Account data

  • Your name and email address (from your Google or Microsoft account profile)
  • An internal user identifier

Authentication tokens

  • OAuth access tokens and refresh tokens for your connected Google and Microsoft accounts
  • These tokens are encrypted at rest and are used solely to read from and write to your calendars on your behalf at your direction

Calendar metadata

  • Calendar names, identifiers, and timezone information for calendars you choose to connect
  • We do not access calendars you have not explicitly selected

Calendar event data

  • Event data (title, location, description, attendees) passes through our servers and is only retained during the synchronisation process
  • Event metadata (time, duration) is stored to display a history of recent sync operations
  • Sync operation records are automatically expired and deleted (successful operations after 90 days, failed operations after 180 days)

What data we do not collect

  • We do not collect data from calendars you have not connected
  • We do not read email, contacts, files, or any data outside your calendar and we do not request access scopes that include other data (beyond what Google/Microsoft bundle together)
  • We do not use your data for advertising or profiling, and we run no advertising or remarketing pixels of any kind. We use optional, consent-based analytics solely to operate and improve the Service - see Cookies and analytics below

Why we collect this data

All data collection is necessary to provide the Service:

  • Account data: to identify you and manage your account
  • Authentication tokens: to access your calendars via the Google Calendar API and Microsoft Graph API on your behalf
  • Calendar metadata: to display your calendars in the app and manage connections between them
  • Calendar event data: to synchronise events between your connected calendars

How we protect your data

  • Authentication tokens are encrypted at rest using AES-256 encryption and can be revoked by you at any point
  • All data in transit is encrypted using TLS
  • Our database is hosted with encrypted storage and restricted network access
  • Access to production systems is limited to authorised personnel

Third-party services

We use the following third-party services to operate Calendar Family:

  • Google Calendar API: to read and write events in your Google calendars
  • Microsoft Graph API: to read and write events in your Microsoft/Outlook calendars
  • DigitalOcean: infrastructure hosting and managed database
  • Cloudflare: DNS, CDN, and web application firewall
  • New Relic: application monitoring and error tracking (no personal data is sent to New Relic)
  • Mixpanel: product-usage analytics, activated only with your consent. We identify you only by a random internal identifier (UUID); we do not send your email address, name, or any other directly identifying information to Mixpanel
  • Google Analytics 4: aggregate web-traffic and acquisition analytics, activated only with your consent. Data is pseudonymous; advertising and remarketing features are disabled and no advertising pixels are used

We do not sell or share your personal data with any third party.

Your rights

  • Access: you can view all your connected calendars and sync operations in the app
  • Deletion: you can remove providers and calendars at any time, which deletes all associated data. To fully delete your account, contact support
  • Portability: your calendar data remains in your Google and Microsoft accounts at all times
  • Revocation: you can revoke Calendar Family's access at any time through your Google or Microsoft account settings

Data retention

  • Account data: retained while your account is active
  • Authentication tokens: retained while a provider is connected; deleted when the provider is removed
  • Sync operation records: successful operations expired after 90 days, failed operations after 180 days
  • Calendar event data: stored only within sync operation records (see above); not retained separately

Cookies and analytics

Calendar Family uses essential cookies for session management and authentication. These are always active and required for the Service to function.

We also use optional analytics cookies and similar technologies to understand how the Service is used so we can improve it. These are activated only with your explicit consent, requested via the cookie banner on your first visit; you can decline, or change your choice at any time, and declining does not affect your use of the Service. With consent we use:

  • Mixpanel - product-usage analytics. You are identified only by a random internal identifier (UUID); we do not send your email address, name, or any other directly identifying information to Mixpanel.
  • Google Analytics 4 - aggregate web-traffic and acquisition analytics. Data is pseudonymous and advertising features are disabled.

We do not use any advertising or remarketing pixels (no Google Ads, Meta, or Reddit advertising tags). Analytics data is used solely to operate and improve the Service and is never used for advertising or profiling.

Google API Services User Data Policy

Calendar Family's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data to provide and improve the calendar synchronisation service
  • We do not use Google user data for advertising or to serve ads
  • We do not allow humans to read Google user data, except with your affirmative consent, for security purposes, to comply with applicable law, or for our internal operations (limited to aggregated, non-personally identifiable data)
  • We do not transfer Google user data to third parties, except as necessary to provide or improve the service, to comply with applicable law, or as part of a merger or acquisition with adequate data protection

Changes to this policy

We may update this policy from time to time. Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this privacy policy, please contact us at [email protected].