Privacy Policy for CalendarFlow

1. Introduction
CalendarFlow (“we”, “us”, “our”) operates https://calendarflow.dev and provides a live voice agent that edits your Google Calendar in real time (“Service”). By using the Service, you agree to this Privacy Policy.
CalendarFlow includes a free plan with a usage limit (12 voice sessions per 7-day period) and a Pro subscription with unlimited sessions.

2. Information We Collect
- Personal Information: name and email (for account creation and login).
- Subscription / Payment Information: purchases are processed by Apple, and we use RevenueCat to manage subscription status and entitlement information to unlock Pro features. We do not receive or store your payment card details.
- Google User Data: Google OAuth access token, refresh token, and expiry timestamp stored to access Google Calendar at your direction. Disconnecting Google Calendar removes the stored tokens.
- Usage Data: operational and usage telemetry such as voice session counts, session durations, tool call counts, token usage totals, and related metrics used to operate the Service, enforce free-tier limits, and improve reliability.
- OpenAI API Keys (BYOK): if you provide your own key, we store it encrypted; see Section 4. You can remove it in Settings.
- What We Do NOT Collect: we do not store conversation audio recordings or transcripts on our servers by default. Audio may be processed in real time to provide the Service.

3. How We Use Information
- Provide and operate voice agent sessions.
- Authenticate to Google Calendar and (if provided) your OpenAI account.
- Determine subscription status/entitlements and enforce plan limits.
- Communicate about account or policy updates.
- Maintain and improve reliability and security.
We do not sell your data or use it for unrelated purposes.

4. BYOK (OpenAI API Keys)
- Encryption: keys are stored encrypted and only decrypted when needed to fulfill your requests.
- Responsibility: you are responsible for charges incurred with your OpenAI account and for safeguarding your key.
- Deletion: you can remove your key in Settings at any time; encrypted key material is then deleted.

5. Data Sharing
We do not sell or trade your data. We share only with service providers as needed to operate the Service or to comply with law. Providers may use data solely to perform services for us. These providers may include authentication (Clerk), billing/entitlements (RevenueCat and Apple), AI processing (OpenAI), Google APIs (Google), and hosting/infrastructure (e.g., Railway/Convex).

6. Retention and Deletion
- Google tokens are kept only while you keep CalendarFlow connected; disconnecting Google Calendar removes the stored tokens. You can also revoke access in your Google account settings.
- OpenAI keys (if provided) are kept only while you choose to store them; deleting the key removes all encrypted components.
- Usage and operational metrics may be retained to operate the Service, enforce plan limits, and improve reliability.
- The app currently does not offer in-app account deletion. You can sign out, disconnect Google Calendar, and delete your BYOK key in Settings. If you want to request deletion of your account and associated personal data we hold on our systems (subject to legal requirements), contact us at rosty.build@gmail.com.

7. Children’s Privacy
The Service is not directed to children, and we do not knowingly collect data from children.

8. Security
We use reasonable technical and organizational measures to protect data, but no system is perfectly secure.

9. Changes to This Policy
We may update this policy. We will update the “Last updated” date. Continued use after updates means you accept the changes.

10. Contact
Questions? Contact rosty.build@gmail.com.