Last updated: March 2026
CalendarMate is a one-person side project, not a company. I built it for myself and opened it up to others who might find it useful. I take privacy seriously and the app only collects what it genuinely needs to work. But be aware - this is a passion project and is not a business, organisation, professional endeavour, nor commercial operation. Donations are there to help cover hosting fees and I'll do my best to fix errors, but can't promise the app will be interruption-free and bug-free.
Rob Smith. You can reach me via the contact form on this site. For data protection purposes, I am the data controller for account data and a data processor for visitor booking data.
Your account - your name, email address, and a bcrypt-hashed password. Your name and email are stored as plain text; your password is hashed using bcrypt (one-way - it cannot be reversed). Your email is used to log you in, send booking notifications, and to get in touch if needed. It is never sold or shared with third parties.
Your settings - your calendar feeds, availability preferences, and booking page configuration. This is stored AES-256 encrypted in the database. Only you can read it.
Booking records - when someone books a slot through your page, the app stores their name, email, and the slot time to track whether CalendarMate is actually useful. Their name and email are stored encrypted. The booking record is deleted when your account is deleted.
Support messages - if you use the contact form, your message and email are sent via Resend and not stored anywhere in the app database.
Donations - handled entirely by Stripe. The app never sees or stores card details. Stripe records a customer ID against your account when you support the project.
The database runs on Neon (PostgreSQL) in the EU (Frankfurt, Germany). The app is hosted on Netlify (US-based CDN with EU edge nodes). Both are reputable services with their own privacy and security programmes.
Account data and booking history are kept until you request deletion, or until the project is shut down - whichever comes first. If CalendarMate ever closes, reasonable notice will be given before anything is deleted.
You have the right to:
To exercise any of these rights, just get in touch and it will be dealt with promptly.
CalendarMate does not use analytics, advertising cookies, or any third-party tracking. The only localStorage entries are small flags to remember whether you've dismissed the support nudge - no personal data involved.
Passwords are hashed with bcrypt (cost 12). Calendar settings are encrypted at rest with AES-256-GCM. Visitor names and emails in booking records are also encrypted. All traffic is over HTTPS. If you spot a vulnerability please get in touch directly.
Any meaningful changes will be reflected with an updated date at the top. Nothing here is legalese designed to obscure - if something's unclear just ask.