Your privacy, respected

Easycal is built with privacy as a core principle, not an afterthought. Here's exactly what we collect, how we use it, and why.

Last updated: March 1, 2026

Google user data we collect

When you sign in with Google, easycal requests access to your Google account using the calendar.readonly scope. We collect the following Google user data:

Name and email address

Collected from your Google profile to identify your account and communicate with you about the service.

OAuth access and refresh tokens

Secure tokens that allow easycal to access your Google Calendar data on your behalf. These tokens are only used to communicate with the Google Calendar API.

Calendar list

The names, IDs, and colours of your Google calendars, so you can choose which ones to check for scheduling conflicts.

Calendar event times

The start and end times of events on your selected calendars, used solely to determine your free/busy status. We do not store or display event titles, descriptions, attendees, locations, or attachments.

CalDAV and iCloud data we collect

When you connect a CalDAV server (including iCloud), easycal collects the following data:

Server URL

The CalDAV server address you provide, used to connect and sync your calendars.

Username and password

Your CalDAV credentials (or Apple ID and app-specific password for iCloud). These are stored encrypted and used solely to authenticate with your calendar server.

Calendar list

The names, IDs, and colours of your calendars, so you can choose which ones to check for scheduling conflicts.

Calendar event times

The start and end times of events on your selected calendars, used solely to determine your free/busy status. We do not store or display event titles, descriptions, attendees, locations, or attachments.

iCloud users

iCloud connections use Apple's CalDAV interface. We recommend using an app-specific password rather than your main Apple ID password for added security.

How we use your calendar data

Your calendar data — whether from Google, iCloud, or another CalDAV server — is used exclusively to provide the easycal service. Specifically:

  • To authenticate you and maintain your session.
  • To read your calendar event times and calculate your free/busy availability.
  • To display which calendars are available for conflict checking.
  • To keep your availability page up to date by periodically syncing with your connected calendars.

We do not use your calendar data for advertising, marketing, or any purpose unrelated to providing the easycal service.

Other data we store

In addition to Google user data, easycal stores information you provide directly:

Availability windows

The days and times you choose to share publicly. You set these yourself.

Public profile settings

Your chosen display name, description, theme, and accent colour for your public availability page.

Session data

A standard session cookie to keep you logged in. This is the only cookie easycal sets.

What we don't store

This is just as important as what we do store.

Your event titles or descriptions
Who you're meeting with
Event locations or attachments
Your full calendar data
Tracking or advertising cookies
Any data sold to third parties

Sharing and disclosure

We do not sell, rent, trade, or otherwise transfer your personal information or Google user data to third parties. We do not share your data with advertisers, data brokers, or information resellers.

Your Google user data is not used for serving advertisements, retargeting, personalised advertising, or interest-based advertising. It is not used for determining creditworthiness or for lending purposes.

The only circumstances in which we may disclose your information are:

  • When required by law, such as in response to a valid legal process.
  • To protect the rights, safety, or property of easycal, our users, or the public.

Data protection

We take appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • All connections to easycal are encrypted in transit using TLS/HTTPS.
  • Google OAuth tokens are stored securely in our database with access restricted to the application.
  • CalDAV and iCloud credentials are encrypted at rest using Laravel's built-in encryption before being stored in the database.
  • Access to production systems is restricted and authenticated.
  • We follow the principle of least privilege when requesting Google API permissions, using only the calendar.readonly scope.

Data retention and deletion

We retain your personal information and Google user data for as long as your account is active and as needed to provide the easycal service. Cached calendar data is automatically purged after 90 days.

If you want to remove your data from easycal, you can delete your account from the settings page. This permanently and irreversibly removes your profile, availability windows, calendar connections (including CalDAV credentials), cached calendar data, OAuth tokens, and all associated data from our systems.

You can revoke easycal's access to your Google account at any time from your Google account settings. For CalDAV and iCloud accounts, you can remove them from your easycal settings or revoke the app-specific password from your calendar provider. Once access is revoked, easycal will no longer be able to read your calendar data.

Analytics

We use Plausible for analytics. Plausible is a privacy-focused, open-source analytics tool that tells us how many people visit easycal — and that's about it.

Plausible doesn't use cookies, doesn't track individuals across sites, doesn't collect personal information, and is fully compliant with GDPR, CCPA, and PECR. There is no cross-site or cross-device tracking. All data is aggregated — we see page view counts, not people.

This means easycal works with zero tracking cookies. The only cookie we set is the session cookie that keeps you logged in.

Third-party services

Google Calendar API

Used to read free/busy data from your Google calendars. We request the minimum permissions needed (calendar.readonly) and only access event start/end times to calculate availability.

CalDAV servers (including iCloud)

When you connect a CalDAV account, easycal communicates directly with your chosen calendar server to sync free/busy data. For iCloud, this means connecting to Apple's CalDAV servers at caldav.icloud.com. Your credentials are stored encrypted and used only to authenticate with the server.

Plausible Analytics

Privacy-first, cookie-free website analytics. No personal data is collected or shared.

That's it. No ad networks, no marketing pixels, no data brokers.

Google API Services compliance

Easycal's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Changes to this policy

We may update this privacy policy from time to time. If we make material changes to how we handle your data, we will notify you by updating the date at the top of this page. We encourage you to review this policy periodically.

Questions?

If you have any questions about this privacy policy or how your data is handled, contact us at [email protected]. Transparency is the whole point.