Privacy Policy

Introduction

BetterCalendar ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how our iOS and Android applications collect, use, store, and protect your information, including any information accessed through your Google Account when you choose to connect Google Calendar.

Google User Data Disclosure

BetterCalendar's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. This section describes specifically how BetterCalendar accesses, uses, stores, shares, retains, and deletes data obtained from your Google Account.

1. Data Accessed

When you choose to connect your Google Calendar inside BetterCalendar (Settings → Google Calendar → Sign In), we request your consent to a single OAuth scope:

• https://www.googleapis.com/auth/calendar.events — Read and write events on Google calendars you own or have been given access to.

With this scope granted, BetterCalendar accesses the following data from Google Calendar:

• Event titles (summary)
• Event descriptions / notes
• Event start and end times (including all-day flag)
• Event locations (address strings)
• Event recurrence rules (RRULE) and recurring-instance exception data
• Event attendee email addresses and response status
• Event color identifiers
• Event organizer email and calendar ID
• Event creation and last-modified timestamps
• Event ETag (used for conflict detection on write-back)
• Event iCalUID (used for cross-source deduplication)
• The signed-in account's email address (to display which Google account is connected)

BetterCalendar requests events for a fixed window of the past 30 days through the next 365 days from the user's primary Google calendar. We do not request, access, or store: contacts, Gmail, Drive files, Tasks, photos, location history, or any other Google product data. We do not request any scope other than calendar.events.

2. Data Usage

Data obtained from Google Calendar is used solely to provide the user-facing features of BetterCalendar:

• Display: Google Calendar events are rendered on the BetterCalendar timeline, daily, weekly, and monthly views, the map view, and the home-screen widgets, so the user can see all of their commitments in one app.
• Two-way editing: When the user edits a Google-sourced event in BetterCalendar (title, time, location, recurrence rule, attendees, etc.), the change is written back to Google Calendar using events.patch, events.delete, or events.insert, so the user's Google Calendar stays in sync.
• Cross-device synchronization: Imported event data is stored in the user's own private Google Firestore subcollection so it appears identically on every device the user signs into BetterCalendar with.
• Deduplication: Event iCalUIDs are used to detect when the same meeting has been imported through multiple sources (e.g. the user has added their Google account to iOS Calendar AND uses our Google integration), so it is shown only once.
• Conflict detection: The Google ETag is used to detect when an event was changed in Google while the user was editing it in BetterCalendar, so we can surface a conflict-resolution dialog instead of overwriting changes.

BetterCalendar does not use Google user data for advertising, profiling, training AI/ML models, or any purpose other than providing the user-facing features described above. We do not allow humans to read Google user data except (a) with the user's explicit consent for support purposes, (b) when required for security investigations, or (c) to comply with applicable law. We do not transfer Google user data to determine creditworthiness or for any other prohibited use.

3. Data Sharing

BetterCalendar does not share, sell, rent, or transfer Google user data to any third party. The only places Google user data is transmitted are:

• Google Cloud Firestore — operated by Google itself, used as our cloud storage backend, scoped per-user via Firebase Authentication UID and Firestore Security Rules so no other user can read your data. (Privacy policy: https://firebase.google.com/support/privacy)
• Google Calendar API — when we write your changes back, we send them only to Google's own API for your own calendar. We do not relay this data to any other party.

We do not share Google user data with: advertising networks, data brokers, analytics providers (beyond aggregate, non-personally-identifiable Firebase Crashlytics / Firebase Analytics signals that do not include calendar contents), social media platforms, marketing partners, or any other third party.

4. Data Storage & Protection

• OAuth tokens are stored by Google's official sign-in SDKs (GoogleSignIn-iOS and the Google Sign-In Android library) in the operating system's secure storage — iOS Keychain on iOS and Android Keystore-backed EncryptedSharedPreferences on Android. BetterCalendar never reads, exports, or transmits these tokens itself.
• Cached event data on the device is stored in the application's private sandboxed storage — a JSON file in the app's Documents directory on iOS, and a Room (SQLite) database in app-private storage on Android. Other apps cannot read this data.
• Cloud-synced event data is stored in Google Cloud Firestore at the path artifacts/bettercal-app/users/{userId}/importedGoogleCalendarEvents, scoped to the user's Firebase Authentication UID. Firestore Security Rules deny all access to any user other than the authenticated owner.
• Encryption in transit: All network traffic to Google APIs and Firestore uses TLS 1.2+.
• Encryption at rest: All data stored in Firestore is encrypted at rest using AES-256, managed by Google Cloud Key Management Service.
• Infrastructure compliance: Google Cloud Platform (the host of all our cloud storage) maintains SOC 1, SOC 2, SOC 3, ISO 27001, ISO 27017, ISO 27018, and PCI DSS certifications.
• Access control: Administrative access to BetterCalendar's Firebase project requires multi-factor authentication and is restricted to authorized engineering personnel.

5. Data Retention & Deletion

BetterCalendar retains Google user data only as long as the user remains signed in to their Google account inside the app. Users have multiple, easily accessible methods to delete their Google user data:

• In-app sign-out: Settings → Google Calendar → Sign Out. This revokes the local session and clears the cached event data on that device.
• In-app "Clear Imported Events": Settings → Google Calendar → Clear. Removes all Google-imported event data from BetterCalendar's local storage and from the user's Firestore subcollection.
• In-app account deletion: Settings → Account → Delete Account. Permanently deletes the BetterCalendar account and every piece of data associated with it (including all Google-imported event caches) from our active database. Deleted data is removed from Firestore replicas within 30 days and purged from backups within 90 days.
• Revoke at Google: Users can revoke BetterCalendar's OAuth access at any time at https://myaccount.google.com/permissions. Once revoked, BetterCalendar can no longer access the user's Google Calendar; any cached event data on the user's device is also cleared on the next app launch when the token is detected as invalid.
• Email request: Users may also email bettercalsupport@connectitcorp.com with the subject "Google Data Deletion Request" and we will delete all Google user data associated with the account within 7 business days.

Edits the user makes to their own Google Calendar events through BetterCalendar are written back to Google Calendar via the Google Calendar API. Those edits become part of the user's Google Calendar and are subject to Google's own data retention policies for that user's Google Account. BetterCalendar does not retain a copy of edits beyond what is necessary to keep its own local cache and the user's Firestore subcollection in sync.

Information We Collect

1. Account Information

What we collect:

• Anonymous user identifier (generated automatically by Firebase Authentication)
• Device tokens for authentication
• Account creation date
• Last sign-in date

Why we collect it:

• To create and maintain your account
• To sync your data across your devices
• To secure your information

How it's stored:

• Stored in Firebase Authentication (Google Cloud Platform)
• Encrypted in transit and at rest
• Not linked to your personal identity unless you choose to add an email

2. Calendar Data

What we collect:

• Calendar events from your device's Calendar app
• Event titles, descriptions, start times, end times, durations
• Event locations and addresses
• Event recurrence patterns
• Event notes and attachments
• Event types you assign (work, personal, appointment, meeting, travel, meal, exercise, entertainment, other)
• Event colors and custom properties

Why we collect it:

• To display your events in BetterCalendar's timeline view
• To show events on the integrated map view
• To sync your events across all your devices
• To provide backup and restore functionality

How it's stored:

• Stored in Google Cloud Firestore (Google Cloud Platform)
• Encrypted in transit using TLS/SSL
• Encrypted at rest using AES-256 encryption
• Isolated per user account (other users cannot access your events)

Your control:

• You grant calendar access when first launching the app
• You can revoke access anytime in iOS Settings → Privacy & Security → Calendars → BetterCalendar, or on Android in Settings → Apps → BetterCalendar → Permissions → Calendar
• You can delete events individually or all at once
• You can delete your account to remove all data from our servers

3. Custom Places

What we collect:

• Place names and descriptions
• Geographic coordinates (latitude/longitude)
• Custom icons (SF Symbols identifiers or emoji characters)
• Place categories (home, work, gym, restaurant, store, park, school, other)
• Personal notes about places
• Creation and modification timestamps

Why we collect it:

• To display your custom places on maps
• To sync your places across devices
• To associate places with events

How it's stored:

• Stored in Google Cloud Firestore
• Encrypted in transit and at rest
• Isolated per user account

4. Contact Location Associations

What we collect:

• Associations between contact identifiers and geographic locations
• Custom icons for contact locations (home, work, other)
• Contact names (read from your device's Contacts app)
• Contact addresses (read from your device's Contacts app)

Why we collect it:

• To display contact locations on the map
• To sync contact location associations across devices

How it's stored:

• Contact associations stored in Google Cloud Firestore
• We store only the contact identifier and location data, not full contact details
• Actual contact data remains on your device; we only reference it

5. Settings and Preferences

What we collect:

• Theme selection (light, dark, system)
• Display preferences (24-hour time format)
• Map display options (show/hide contacts, show/hide custom places)
• Map style preference (standard, satellite, hybrid)
• Weekly start day preference

Why we collect it:

• To sync your preferences across devices
• To provide a consistent experience

How it's stored:

• Stored in Google Cloud Firestore
• Encrypted in transit and at rest

6. Device and Usage Information

What we automatically collect:

• Device model and iOS version
• App version
• Timestamp of last sync
• Error logs (only if app encounters sync issues)

Why we collect it:

• To troubleshoot sync issues
• To ensure compatibility across iOS versions
• To improve app stability

How it's stored:

• Stored in Google Cloud Firestore
• Associated with your anonymous user ID

7. Location Data

What we collect:

• Your current geographic location (only when map view is active)
• Location data is NOT stored on our servers

Why we collect it:

• To display your current location on the map
• To help you position custom place pins accurately
• To center the map on your location

How it's used:

• Processed locally on your device
• Used only to update the map display
• NOT transmitted to our servers or logged

Your control:

• Optional permission requested when you first use map features
• Revoke anytime in iOS Settings → Privacy & Security → Location Services → BetterCalendar, or on Android in Settings → Apps → BetterCalendar → Permissions → Location

How We Use Your Information

We use the information we collect to:

1. Provide Core Functionality

• Display and manage your calendar events
• Show custom places and contact locations on maps
• Provide timeline and calendar views

2. Sync Across Devices

• Keep your data synchronized across all your devices
• Ensure you have access to your information anywhere

3. Backup and Recovery

• Protect your data from device loss
• Allow you to restore data on new devices

4. Improve the App

• Fix bugs and crashes
• Optimize performance
• Develop new features

5. Provide Support

• Respond to your questions and issues
• Troubleshoot technical problems

Data Storage and Security

Cloud Storage Infrastructure

Google Cloud Firestore:

• Industry-leading cloud database service
• Hosted on Google Cloud Platform
• SOC 2, SOC 3, ISO 27001 certified
• GDPR and CCPA compliant infrastructure

Security Measures

Encryption:

• In Transit: All data transmitted using TLS 1.3 encryption
• At Rest: All data encrypted using AES-256 encryption
• Keys: Managed by Google Cloud Platform Key Management Service

Access Controls:

• Data isolated per user account
• Users can only access their own data
• Role-based access controls for app infrastructure
• Multi-factor authentication required for administrative access

Network Security:

• Firewalls protect database access
• DDoS protection enabled
• Regular security audits

Application Security:

• Secure authentication tokens
• Token expiration and refresh
• Protection against common vulnerabilities (SQL injection, XSS, etc.)

Data Redundancy and Backup

• Firestore automatically replicates data across multiple zones
• Regular automated backups
• Point-in-time recovery available (for disaster recovery)
• 99.999% uptime SLA from Google Cloud

Limitations

While we implement industry-standard security:

• No system is 100% secure
• We cannot protect against compromised account credentials
• We recommend using a strong, unique password
• Enable device security (passcode, Face ID, Touch ID)

Data Sharing and Disclosure

We Do NOT Share Your Data With:

• Advertisers or marketing companies
• Data brokers
• Social media platforms
• Analytics companies (beyond basic Firebase Analytics)
• Any third party for commercial purposes

We will never sell or rent your personal information.

Third-Party Services We Use

Google Firebase / Firestore

• Purpose: Cloud database, authentication, crash reporting, and analytics
• Data Shared: All data described in "Information We Collect" and "Google User Data Disclosure"
• Privacy Policy: https://firebase.google.com/support/privacy
• Compliance: GDPR, CCPA compliant

Google Calendar API

• Purpose: Read and write events on the user's own Google Calendar when the user explicitly connects their Google account in Settings
• Scope Requested: https://www.googleapis.com/auth/calendar.events
• Data Accessed: See the "Google User Data Disclosure" section above
• How Authorized: Standard Google OAuth 2.0 consent flow via the official Google Sign-In SDK; the user sees Google's consent screen listing the requested permission and may decline
• Revocation: User may revoke access in-app or at https://myaccount.google.com/permissions
• Privacy Policy: https://policies.google.com/privacy

Apple Frameworks (iOS only)

• EventKit: Access to device calendar (data synced to our servers)
• Contacts: Read-only access to contacts (only identifiers stored)
• MapKit: Map display (map tiles from Apple)
• Core Location: Location services (not stored on servers)

Android Frameworks (Android only)

• CalendarContract: Read-only access to the Android device calendar provider (data synced to our servers)
• ContactsContract: Read-only access to device contacts (only identifiers stored)
• Google Maps SDK: Map display (map tiles from Google Maps)
• FusedLocationProviderClient: Location services (not stored on servers)

When We May Disclose Information

We may disclose your information only in these circumstances:

1. Legal Compliance:
   • To comply with valid legal process (subpoena, court order, warrant)
   • To meet national security requirements
   • As required by applicable law
2. Safety and Security:
   • To protect rights, property, or safety of BetterCalendar, users, or public
   • To detect, prevent, or address fraud or security issues
   • To enforce our Terms of Service
3. Business Transfers:
   • If BetterCalendar is acquired or merged, your data may transfer to new owner
   • You will be notified and given options regarding your data
4. With Your Consent:
   • If you explicitly authorize us to share specific information

Transparency: We have received 0 legal data requests to date.

Data Retention

How Long We Keep Your Data

Active Accounts:

• Data retained as long as your account is active
• No automatic deletion while you use BetterCalendar

Inactive Accounts:

• Accounts inactive for 2-3 years may be flagged for deletion
• We'll email you (if provided) before deletion
• You can reactivate before deletion deadline

Account Deletion:

When you delete your account, we permanently delete:

• All calendar events
• All custom places
• All contact location associations
• All settings and preferences
• Authentication information

Deletion BetterCalendar:

• Immediate: Data removed from active database
• Within 30 days: Deleted from backup systems
• Within 90 days: Completely purged from all systems

Legal Retention:

• We may retain minimal data if required by law
• Anonymized analytics may be retained for app improvement

Data After App Deletion

If you delete the app:

• App and local data removed from your device
• Cloud data remains available (so you can reinstall)
• To delete cloud data, you must delete your account within the app first

Your Privacy Rights

Universal Rights

All BetterCalendar users have the right to:

• Access: View all your data within the app or request a copy
• Correct: Edit any event, place, or setting
• Delete: Remove individual items or your entire account
• Export: Download your data in machine-readable format
• Revoke Permissions: Disable calendar, contacts, or location access

Response Time:

• Simple requests: 5-7 business days
• Complex requests: Up to 30 days

California Residents (CCPA/CPRA)

Under California law, you have the right to:

1. Know: What personal information we collect
2. Access: Request copies of your personal information
3. Delete: Request deletion of your personal information
4. Correct: Fix inaccurate personal information
5. Opt-Out of Sale: We don't sell personal information (Not applicable - we never sell data)
6. Non-Discrimination: Not be discriminated against for exercising rights

European Economic Area Residents (GDPR)

Under GDPR, you have the right to:

1. Right to Access (Article 15): Request confirmation of data processing and access your personal data
2. Right to Rectification (Article 16): Correct inaccurate data
3. Right to Erasure (Article 17): "Right to be Forgotten" - Request deletion of your data
4. Right to Restrict Processing (Article 18): Limit how we use your data
5. Right to Data Portability (Article 20): Receive data in machine-readable format
6. Right to Object (Article 21): Object to data processing
7. Right to Withdraw Consent: Withdraw consent at any time
8. Right to Lodge a Complaint: File complaint with supervisory authority

Legal Basis for Processing:

• Consent: You create an account and grant permissions
• Contract: Necessary to provide BetterCalendar services
• Legitimate Interest: Improve app functionality and security

Children's Privacy (COPPA Compliance)

BetterCalendar is appropriate for users 13 years and older.

Age Restriction

• BetterCalendar requires users to be at least 13 years old
• We do not knowingly collect information from children under 13
• Account creation requires age verification

If We Discover Underage Use

• We will immediately delete the account
• We will permanently delete all associated data
• We will notify parents if contact information is available

Parental Control

• Parents should monitor children's device usage
• iOS Screen Time features can restrict app usage
• Parents can request account deletion by contacting us

Changes to This Privacy Policy

How We Update

We may update this policy when:

• We add new features
• We change data practices
• Legal requirements change
• Industry best practices evolve

How We Notify You:

1. Update "Last Updated" date at top of this policy
2. In-app notification for material changes
3. Email notification (if we have your email)
4. App Store update notes

Your Options

If you disagree with changes:

• You may stop using BetterCalendar
• You may delete your account
• Contact us with concerns

Continued use after notification constitutes acceptance of changes.

Material Changes

We will NEVER:

• Start selling your data without explicit consent
• Share data with advertisers without notice
• Reduce your privacy rights without giving you opt-out options

Compliance Certifications

BetterCalendar's privacy practices comply with:

• California Consumer Privacy Act (CCPA/CPRA)
• General Data Protection Regulation (GDPR)
• UK GDPR
• Children's Online Privacy Protection Act (COPPA) - 13+ age requirement
• Apple App Store Privacy Guidelines
• Google Cloud Platform Security Standards
• SOC 2 Type II (via Google Cloud)
• ISO 27001 (via Google Cloud)

Your Consent

By creating an account and using BetterCalendar, you:

• Acknowledge you have read this Privacy Policy
• Understand how we collect, use, and store your data
• Consent to data processing as described
• Consent to cloud storage of your data on Google Cloud Platform
• Understand you can withdraw consent by deleting your account
• Confirm you are at least 13 years old

Without consent, we cannot provide BetterCalendar's services.