← Back to home

Privacy Policy

Effective date: May 12, 2026

Calmy ("Calmy", "we", "us") provides a self-service appointment booking tool that integrates with Google Calendar. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

By using Calmy you agree to this policy. If you do not agree, please do not use the service.

1. Who we are

Calmy is operated by the Calmy team. For any privacy questions, contact us at hello@calmy.life.

2. Information we collect

  • Account information. Email address, name, timezone, and your public booking-page settings (slug, title, intro, brand color).
  • Google account information. When you connect a Google Calendar, we receive your Google email address, an OAuth access token, and a refresh token from Google.
  • Google Calendar data. Busy/free intervals from the calendars you connect (used at request time to prevent double-booking) and events we create on your behalf when a guest books a meeting.
  • Booking data. Guest name, guest email, selected time, duration, and notes provided by guests on your booking page.
  • Technical data. Standard server logs (IP, user agent, timestamps) used to operate and secure the service.

3. How we use Google user data

Calmy's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

  • calendar.readonly — to read busy/free time on your connected calendars so guests can only book free slots.
  • calendar.events — to create a single calendar event (with a Google Meet link) on your primary calendar when a guest confirms a booking.

We do not use Google user data to train AI models. We do not sell or share Google user data with third parties for advertising. We do not allow humans to read Google user data except (a) with your explicit consent, (b) for security investigations, or (c) when required by law.

4. How we store and protect data

Data is stored on managed cloud infrastructure (Lovable Cloud, powered by Supabase) with encryption at rest and in transit. Access is restricted using row-level security so you can only access your own account data. OAuth tokens are stored server-side and are never exposed to client browsers.

5. Data sharing

We do not sell your data. We share data only with infrastructure sub-processors required to run the service (hosting, database, email delivery) and with Google (to read calendar availability and create events on your behalf). We may disclose data if required by law.

6. Data retention

Account, booking, and OAuth-token data is retained while your account is active. You can disconnect a Google Calendar at any time, which deletes the associated tokens. You can request deletion of your account and all associated data by emailing us.

7. Your rights

Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to withdraw consent. Contact us at hello@calmy.life to exercise these rights.

You can also revoke Calmy's access to your Google account at any time from your Google Account permissions page.

8. Children

Calmy is not directed to children under 13 (or the equivalent minimum age in your jurisdiction) and we do not knowingly collect their data.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by updating the effective date above and, where appropriate, by email.

10. Contact

Questions? Email hello@calmy.life.