Privacy Policy

Last updated: 18 March 2026

Calendar Family ("the Service") is operated by Zoom Buzz Ltd ("we", "us", "our"). This policy explains what data we collect, why, and how we protect it.

What data we collect

When you use Calendar Family, we collect and process the following:

Account data

  • Your name and email address (from your Google or Microsoft account profile)
  • An internal user identifier

Authentication tokens

  • OAuth access tokens and refresh tokens for your connected Google and Microsoft accounts
  • These tokens are encrypted at rest and are used solely to read from and write to your calendars on your behalf

Calendar metadata

  • Calendar names, identifiers, and timezone information for calendars you choose to connect
  • We do not access calendars you have not explicitly selected

Calendar event data

  • Event titles, times, durations, locations, descriptions, and attendee lists for events in your connected calendars
  • Event data passes through our servers during synchronisation and is stored temporarily in sync operation records
  • Sync operation records are automatically expired and deleted (successful operations after 90 days, failed operations after 180 days)

What data we do not collect

  • We do not collect data from calendars you have not connected
  • We do not read email, contacts, files, or any data outside your calendar
  • We do not use your data for advertising, profiling, or analytics beyond service operation

Why we collect this data

All data collection is necessary to provide the Service:

  • Account data: to identify you and manage your account
  • Authentication tokens: to access your calendars via the Google Calendar API and Microsoft Graph API on your behalf
  • Calendar metadata: to display your calendars in the app and manage connections between them
  • Calendar event data: to synchronise events between your connected calendars

How we protect your data

  • Authentication tokens are encrypted at rest using AES-256 encryption
  • All data in transit is encrypted using TLS
  • Our database is hosted with encrypted storage and restricted network access
  • Access to production systems is limited to authorised personnel

Third-party services

We use the following third-party services to operate Calendar Family:

  • Google Calendar API: to read and write events in your Google calendars
  • Microsoft Graph API: to read and write events in your Microsoft/Outlook calendars
  • DigitalOcean: infrastructure hosting and managed database
  • Cloudflare: DNS, CDN, and web application firewall
  • New Relic: application monitoring and error tracking (no personal data is sent to New Relic)

We do not sell or share your personal data with any third party.

Your rights

  • Access: you can view all your connected calendars and sync operations in the app
  • Deletion: you can remove providers and calendars at any time, which deletes all associated data. To fully delete your account, contact support
  • Portability: your calendar data remains in your Google and Microsoft accounts at all times
  • Revocation: you can revoke Calendar Family's access at any time through your Google or Microsoft account settings

Data retention

  • Account data: retained while your account is active
  • Authentication tokens: retained while a provider is connected; deleted when the provider is removed
  • Sync operation records: successful operations expired after 90 days, failed operations after 180 days
  • Calendar event data: stored only within sync operation records (see above); not retained separately

Cookies

Calendar Family uses essential cookies for session management and authentication. We do not use tracking or advertising cookies.

Google API Services User Data Policy

Calendar Family's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data to provide and improve the calendar synchronisation service
  • We do not use Google user data for advertising or to serve ads
  • We do not allow humans to read Google user data, except with your affirmative consent, for security purposes, to comply with applicable law, or for our internal operations (limited to aggregated, non-personally identifiable data)
  • We do not transfer Google user data to third parties, except as necessary to provide or improve the service, to comply with applicable law, or as part of a merger or acquisition with adequate data protection

Changes to this policy

We may update this policy from time to time. Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this privacy policy, please contact us at [email protected].