Privacy Policy

Last updated 2026-05-22

This policy describes how Familycalendar handles your personal data under the GDPR. We keep it as short and concrete as possible.

Data controller

Familycalendar, contact: privacy@familycalendar.club. We are the data controller for everything you submit through the service.

Data we collect

• Email address — to identify the calendar owner and send sign-in links.
• Phone number (optional) — to route incoming WhatsApp messages to the right family.
• Calendar name, family member names, and the events you create.
• PIN code (stored as a one-way hash, never in plain text).
• Technical logs (IP, user agent, timestamp) for abuse prevention — retained max 30 days.

How we use it

Data is used solely to provide the calendar service — storing your calendar, sharing it with family, WhatsApp control, and CalDAV sync. We never use data for marketing, profiling, or advertising.

Sharing with third parties

We never sell or share your personal data with third parties. We use the following technical sub-processors who handle data on our behalf under strict contracts and the GDPR:

• Anthropic, PBC (Claude AI, United States) — when you use AI-assisted event input or lookup, we send your message, family-member names, and ±90 days of event context to Anthropic's Claude model. Anthropic retains API requests for up to 30 days for abuse review and deletes them afterwards. Inputs are NOT used to train the model. More: privacy.anthropic.com.
• Postmark (ActiveCampaign Inc., United States) — to deliver transactional emails (verification code, calendar created, invitations, PIN attempt alerts).
• DigitalOcean (United States) — for server hosting. Calendar and user data are stored on a server in the EU region (Frankfurt).

International data transfers

Some of our sub-processors (Anthropic, Postmark) operate in the United States. Transfers of personal data outside the EU are made under the EU Commission’s approved Standard Contractual Clauses (SCC). We use EU-region services wherever possible.

Retention

Calendar data is kept on our server while the calendar is active. You can delete your calendar at any time from settings — all data is wiped immediately. Technical logs: max 30 days. Anthropic LLM request logs: max 30 days (Anthropic’s own retention). Postmark email logs: max 45 days.

Your rights

Under the GDPR you have the right to access, correct and erase your personal data. Contact us at privacy@familycalendar.club or use the in-app settings:

• Access: you can export your calendar data in ICS format.
• Correction: name, email and phone number are editable from settings.
• Erasure: "Delete calendar" in settings wipes everything immediately.
• Right to object and to lodge a complaint with the data protection authority in your country.

Security

All traffic uses HTTPS. PIN codes and DAV secrets are stored hashed. Servers are in the EU and monitored automatically.

Changes

We may update this policy. Material changes will be announced on the calendar's home page. The dated version is always shown above.

Contact

Privacy questions: privacy@familycalendar.club