Privacy Policy

1. Information We Collect

a) Business Owner Account Information. When you sign up as a business owner, you authenticate with Google Sign-In, and we receive your name, email address, and Google account identifier. We use this to create and secure your account.

b) Venue & Business Information. For each venue you run, we store the details you provide — venue name, address, timezone, currency, contact email, your services (names, durations, prices, buffers), bookable resources (such as staff, tables, or rooms), and your weekly working hours and days off.

c) Google Calendar Data. When you connect a calendar, you grant Calendra access to your Google Calendar through Google's OAuth flow. We read your busy/free times to calculate available slots and prevent double-booking, and we create and update calendar events for bookings made through Calendra. We store the OAuth access and refresh tokens needed to do this, encrypted at rest. We do not read, store, or use the content of unrelated calendar events beyond busy/free availability. See Section 3 for details.

d) Customer Booking Information. When a visitor books through a venue's widget, we collect the information they enter to complete the booking — typically their name, email address, phone number, the selected service and resource, the chosen date and time, and any notes. This information is made available to the business owner who operates that venue.

e) Usage & Technical Data. We automatically collect standard technical data such as IP address, browser type, device and operating system information, and server log data (including timestamps and the pages or endpoints accessed) to operate, secure, and improve the Service and to protect against abuse.

f) Cookies. We use strictly necessary cookies to keep business owners signed in and to maintain session security. The Service does not use advertising or third-party tracking cookies.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Authenticate business owners and manage their accounts and venues
• Read calendar availability and create or update calendar events for bookings
• Calculate open time slots and prevent overlapping or double bookings
• Process bookings made through the embedded widget and booking page
• Send transactional emails — booking confirmations with calendar invites to customers, and new-booking alerts to owners
• Improve, personalize, and expand the Service
• Detect, prevent, and respond to fraud, abuse, or security incidents
• Comply with legal obligations

3. Google Calendar Access & Limited Use

Calendra requests access to your Google Calendar solely to provide the booking features you enable. Specifically, we use this access to read your busy/free times so we can offer accurate availability, and to create, update, or cancel calendar events that correspond to bookings made through Calendra.

Calendra's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer or sell Google user data to third parties, we do not use it for advertising, and we do not use it for any purpose other than providing and improving the booking features described above. Humans do not read your Google calendar data except where required for security, to comply with applicable law, or where you have given explicit consent. You can revoke Calendra's access at any time by disconnecting the calendar in your dashboard or via your Google Account permissions.

4. Data Sharing & Third-Party Services

We do not sell, rent, or trade your personal information. We share data only with the following service providers who help us operate the Service:

• Google (Sign-In & Calendar API): Used to authenticate business owners and to read availability and manage booking events on connected calendars.
• Resend: Transactional emails — booking confirmations (with a calendar .ics invite) to customers and new-booking alerts to owners — are delivered through Resend.
• Cloud Infrastructure: Our application and PostgreSQL database run on managed cloud infrastructure. Data is stored on our own servers, not shared with these providers for their own purposes.

We may also share data when:

• Required by Law: When required by law, court order, or governmental authority.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

5. Bookings & the Business's Role

When you make a booking through a venue's widget, the business that operates that venue receives and controls your booking details (such as your name, email, phone number, and appointment) in order to provide the service you booked and to manage its calendar. That business is responsible for how it uses your information. Calendra processes this information on the business's behalf to deliver the booking and send confirmations. If you have questions about how a particular business uses your data, please contact that business directly.

6. Data Retention

• Account & venue data is retained for as long as your account is active.
• Booking records are retained for as long as the associated venue exists or as needed to provide the Service and meet legal or accounting obligations.
• Calendar OAuth tokens are stored only while a calendar is connected and are deleted when you disconnect it.
• Server logs are retained for a limited period for security and diagnostics, then deleted.
• Account deletion: You may delete your account at any time. Upon deletion, your personal data and venue data are permanently removed from our systems within 30 days, except where retention is required by law.

7. Data Security

We implement industry-standard security measures to protect your data. All traffic is transmitted over encrypted connections (TLS/SSL), calendar OAuth tokens are encrypted at rest, and application-to-database traffic stays on a private internal network that is not exposed to the public internet. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Your Rights & Choices

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data and account
• Withdraw consent, including by disconnecting your Google Calendar
• Object to or restrict certain processing activities

To exercise any of these rights, contact us at [email protected]. If you booked through a business's widget and wish to access or delete your booking data, you may also contact that business directly.

9. Children's Privacy

The Service is intended for businesses and their adult customers and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such data without appropriate consent, we will take steps to delete it promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including countries where our infrastructure and service providers are located. These countries may have different data protection laws. By using the Service, you consent to such transfers. We take appropriate safeguards to ensure your data remains protected in accordance with this Privacy Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page or by email. The "Last Updated" date at the top indicates when the latest revisions were made. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

The Four Stars
Email: [email protected]