Privacy Policy

Last updated: March 2026

What we collect

ShiftedCal accesses your Google Calendar data solely to display your events in the shifted workday view. We store a minimal set of event metadata (title, time, location) to render your timeline. We do not sell or share your personal data with third parties.

We collect and store:

  • Your Google account email and profile name
  • Calendar event metadata (titles, times, locations) — not event bodies or attachments
  • Your app preferences (timezone, workday settings, theme)
  • Subscription and billing information
  • Usage analytics (anonymous events such as feature usage)

Google OAuth

When you connect a Google account, we receive an OAuth refresh token which is encrypted at rest using AES-256 (Fernet). This token is used only to sync calendar data on your behalf. You can disconnect any account at any time from Settings → Accounts.

Email communications

We send transactional emails only — no marketing or promotional content. You can control which categories of email you receive from Settings → Email. Categories include:

  • Account & lifecycle — welcome, account deletion, plan changes
  • Billing — subscription confirmations, renewal reminders
  • Product — sync issues, connected account notifications
  • Security — critical account security notifications (cannot be disabled)

Emails are sent via Resend. We retain email delivery records for audit purposes.

Data deletion

You have the right to request deletion of all your personal data. You can do this directly from Settings → Account → Delete account.

When you submit a deletion request:

  • You will receive a confirmation email
  • All your data will be permanently and irreversibly deleted within 30 days
  • Deleted data includes: your account, connected accounts, calendars, events, preferences, subscription history, and email records
  • Anonymised analytics records may be retained in aggregate form with no personally identifiable information

To cancel a pending deletion request before it is processed, contact us at [email protected] as soon as possible.

Subscription cancellation

You can cancel your subscription at any time from Settings → Account → Cancel subscription. Upon cancellation:

  • Your account reverts to the Free plan at the end of your billing period
  • You retain access to your data and connected accounts up to the Free plan limits
  • No refunds are issued for the unused portion of the billing period (future paid plans)

Analytics

We use Google Analytics 4 (GA4) on the frontend to understand aggregate usage patterns (page views, feature usage). These events do not include personally identifiable information. You can opt out by using a browser extension that blocks Google Analytics.

We also send anonymous server-side analytics events to GA4 via Measurement Protocol. These events contain only a pseudonymous user identifier and event name — no personal data.

Data retention

We retain your data for as long as your account is active. If your account is inactive for more than 24 months, we may delete it after prior email notification. You can always delete your account manually at any time.

Your rights

Depending on your jurisdiction, you may have the right to:

  • Access a copy of your personal data
  • Correct inaccurate data
  • Request deletion (right to be forgotten)
  • Object to or restrict certain processing
  • Data portability

To exercise any of these rights, contact us at [email protected].

Contact

For privacy questions or data requests, email [email protected].