Privacy Policy

Learn how Text2Cal protects your privacy and handles your data.

Last updated: August 11, 2025

Last Updated: August 11, 2025

Your Privacy Matters. This Privacy Policy explains how Text2Cal (“we,” “us,” or “our”) collects, uses, discloses, and protects your personal information when you use our mobile application and related services (the “App”). We are committed to safeguarding your data and being transparent about our practices. By using Text2Cal, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the App.

Note: Text2Cal provides an AI-driven service that processes user-provided text to create calendar events. Because our service involves personal data (like your account info and potentially event details), we are required by law in many jurisdictions to maintain this Privacy Policy . We also adhere to platform rules (Apple App Store and Google Play) that mandate having a clear Privacy Policy accessible to users .

1. Information We Collect

We collect several types of information to operate and improve Text2Cal. This includes:

a. Information You Provide Directly:

  • Account Data: When you register or sign in via our authentication provider (Clerk), you provide personal identifiers such as your email address and password. We may also receive your name or other profile details if you choose to provide them. (Note: Passwords are stored in hashed form by our authentication service; we do not see your plaintext password.)
  • User Inputs (Calendar Data): The text you enter for conversion to events is transmitted to our servers (and AI engine) to generate structured calendar events. The resulting event details (title, date, time, location, notes) may be saved in the app’s local storage or our database to facilitate syncing with your linked calendar. Important: The content you provide might include personal or sensitive details (e.g., an event about a medical appointment or a contact’s address). We treat these inputs as confidential and use them only to provide the service.
  • Calendar Integration Data: If you choose to connect the App to an external calendar service (such as Google Calendar, Apple Calendar, Outlook), we may collect data necessary to facilitate that connection: e.g., your calendar account email or an authentication token granted by the calendar provider. We do not download your entire calendar; we only insert or update events you have chosen to create via Text2Cal. However, metadata (like calendar IDs or names of calendars you select) might be stored to allow event syncing.
  • Contact & Support Data: If you contact us for support or feedback (e.g., via email at support@text2cal.app), you may provide contact information and a description of your issue. We will collect whatever information you choose to provide in such communications (such as screenshots or logs you send us). This will be used solely to assist you and improve our services.

b. Information Collected Automatically:

When you use Text2Cal, certain data is collected automatically by the App or our third-party service providers:

  • Usage Data: We log usage metrics such as the number of event extractions you perform, features you use, screens you view, and interactions (e.g., button clicks). For example, we may record that a user created 5 events in a week, or that you accessed a tutorial page. This information helps us understand engagement and improve functionality.
  • Device and App Info: We collect information about your device and app configuration, including: device model, operating system version (iOS or Android), unique device identifiers (e.g., device ID or Advertising ID), App version, and device language/region settings. We also collect the time and date of your activities and other diagnostic data in case of errors or crashes (crash reports).
  • Authentication and Subscription Status: Our App checks with Clerk (authentication service) to verify your login status, and with RevenueCat (subscription management service) to check your subscription tier (free or premium). In doing so, we may automatically receive confirmations like “user X is logged in with email Y” and “subscription status: active (premium)” or similar. RevenueCat provides us with non-sensitive identifiers to link your app user ID with purchase records (for example, a generated subscriber ID, purchase receipts, and subscription expiry date).
  • Analytics Data: We use analytics tools to gather aggregated data about user behavior. (Currently, we have integrated PostHog for analytics, but it may be disabled or not actively sending data as of the last update. If enabled, PostHog would collect event data about how you use the app – e.g., which features are popular – but we would ensure any analytics data is either non-personal or anonymized.) In the future, we will ensure to update this Privacy Policy if our analytics practices change. You will have the option to opt-out of analytics that are not essential.

c. Information from Third Parties:

We utilize third-party services for authentication and subscriptions. These services may share certain information with us:

  • Clerk (Authentication Provider): Clerk manages your sign-in and may provide us with your basic profile information and a unique user ID. Clerk also stores your authentication tokens. We rely on Clerk to securely handle login credentials, multi-factor authentication, etc. Clerk may also log your IP address and device info during authentication for security purposes.
  • RevenueCat (Subscription Manager): RevenueCat provides us purchase details like your subscription type (monthly, annual, etc.), start and end dates, and whether a transaction is in a trial period, canceled, or renewed. RevenueCat may also use device identifiers or App Store/Play Store receipts to track purchases. We do not directly see your full payment information (such as credit card numbers); those are handled by Apple or Google.
  • Calendar Providers: If you link a calendar, the calendar service (e.g., Google) might share minimal info with us as part of the integration (for example, confirming that an event was added successfully, or returning a unique event ID). We only receive what’s necessary to sync your events.

We do not buy or enrich our user data with information from data brokers or social networks at this time. If that ever changes, we will update this policy and obtain necessary consents.

2. How We Use Your Information

We use the collected information for various purposes in line with the principle of data minimization (we only use what we need). The main uses include:

  • To Provide and Maintain the Service: We process your input text to create calendar events – this is the core functionality of Text2Cal. That involves using your data (text inputs, account info, etc.) to run the AI extraction and communicate with calendar APIs. We also maintain your account and subscription status so you can access the features you’re entitled to.
  • To Improve and Personalize the App: Usage and device data help us understand how users interact with Text2Cal. For example, knowing which features are used most (or where users encounter errors) allows us to focus on improvements. We may use aggregate analytics to inform new features or UI changes. Personalization might include remembering your preferences (like a preferred calendar or default reminder time for events).
  • To Communicate with You: We may use your email or in-app notifications to send you service-related messages: e.g., verification codes, password reset emails, subscription confirmations, receipts, or important announcements (such as changes to these terms or privacy policy). If you opt-in to receive marketing communications or newsletters in the future, we might send those as well – but only with your consent and you can opt-out anytime.
  • To Provide Customer Support: If you reach out with questions or issues, we will use your information (like contact info and support history) to assist you and resolve problems.
  • To Enforce Terms and Protect the Service: We monitor for potential misuse of Text2Cal and may use data (such as logs of unusual activity or abuse flags) to prevent fraud, enforce our Terms of Use, and protect the security and integrity of our application. For example, if an account is suspected of violating the rules (e.g., making excessive requests or using the service for spam), we might review logs associated with that account.
  • For Legal Compliance: We may process and retain certain information as required by law or to respond to lawful requests by public authorities (e.g., law enforcement). For instance, if required to retain transaction records for tax or accounting purposes, or to comply with a subpoena, we will use and disclose data as necessary under those obligations.

Legal Bases (for EU users): If you are in the European Economic Area (EEA) or United Kingdom, we must have a legal basis for processing your data. We generally rely on the following bases: (i) Contract – processing is necessary to provide the service you requested (e.g., we must use your email to create an account or use your input text to generate the event as per your request); (ii) Legitimate Interests – for uses like improving the app, preventing fraud, or sending you service updates, we consider these interests necessary for our business and not overriding your privacy rights. We will always weigh our interests against your rights and expectations; (iii) Consent – for any case where we ask your consent, such as sending marketing emails or using certain analytics cookies, you have the right to withdraw consent at any time; (iv) Legal Obligation – if we need to keep data or disclose data to comply with a law or regulation.

3. How We Share Your Information

We do not sell your personal information to third parties. However, we do share certain information in the following circumstances:

  • Service Providers (Processors): We use trusted third-party companies to perform services on our behalf, under contract and only as necessary to provide the App’s functionality. These include:
  • Clerk – for authentication and user management. Clerk will have access to your login credentials and profile info to manage sign-ups and sign-ins. They are obligated to secure that data.
  • RevenueCat – for handling subscriptions and purchases. RevenueCat processes purchase receipts and subscription status, and it may store identifiers needed to link your device or account to the subscription.
  • Cloud Hosting and Database – Our backend (API server and database) likely runs on cloud infrastructure (for example, AWS or similar). Thus, your data (account info, event data) may be stored on servers operated by our cloud provider. We ensure any such provider has appropriate security measures and, if data is transferred internationally, that legal safeguards (like Standard Contractual Clauses for EU data) are in place .
  • AI/ML Service Providers: If our AI text processing uses a third-party machine learning API (for instance, an NLP service to interpret your text), we might send the text input to that provider’s servers to get the result. We will choose providers that commit to not using your data beyond providing the result. (We would disclose in this policy which AI API is used, once finalized. For now, just be aware that your text may be processed by an AI engine in the cloud – possibly OpenAI, Google AI, or a similar service – solely to generate the calendar parsing output.)
  • Analytics/Crash Reporting Tools: If we use PostHog or any analytics, those tools will process certain usage or crash data. We configure them to avoid collecting any directly identifying info like your name or email in analytics events. These tools help us troubleshoot issues and understand usage patterns. Each of these providers is only given the information necessary for their function and is contractually prohibited from using your data for other purposes. We have Data Processing Agreements in place where appropriate to ensure they comply with privacy laws (like GDPR).
  • Calendar Services: When you link a calendar and choose to save an event to it, we share the event details with the respective calendar provider’s API (e.g., Google’s Calendar API or Apple’s Calendar API) to create the event on your calendar. This means that the information in that event (title, date/time, location, attendees if any) will be transmitted to that third-party service under your account with them. Once in their system, that data is managed by the third party under their privacy policy. We do not share more than necessary – only the info required to create/update the calendar entry. We recommend you review the privacy settings of your chosen calendar provider for how events are stored and who can see them (for instance, if you share your calendar with others, they may see events added via Text2Cal).
  • Legal Compliance and Protection: We may disclose your information if required to do so by law or in response to valid requests by government authorities (e.g., a court order, subpoena, or law enforcement demand). We may also disclose data if we believe it is necessary to: investigate or enforce our Terms of Use; respond to claims that any content violates the rights of third parties; or protect the rights, property, or personal safety of Text2Cal, our users, or the public. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction, as permitted by law.
  • Business Transfers: If Text2Cal (or the company/individual that operates Text2Cal) is involved in a merger, acquisition, asset sale, financing, or bankruptcy, your information may be transferred to a successor or affiliate as part of that transaction. We will ensure the new owner continues to honor the privacy commitments we have made in this Policy, or we will notify you and give you an opportunity to delete your data if they will use it differently.
  • With Your Consent: In cases where you have explicitly given us consent to share your information, we will do so as described at the time of consent. For example, if in the future we run a promotion with a partner and you opt-in to share info with that partner, we would only share as consented.

4. International Data Transfers

Text2Cal is a global service. The data we collect from you may be transferred to, and stored at, servers and facilities located in countries outside of your home country. Specifically, our primary operations are in the United States (where many of our third-party providers are based) and possibly other locations. If you are located in the European Union (EU) or other regions with laws governing data collection and use that may differ from U.S. law, please note that we may transfer information to countries which may not have the same data protection laws as your jurisdiction.

However, when we transfer personal data internationally, we take steps to protect it:

  • We rely on legal transfer mechanisms such as the European Commission’s Standard Contractual Clauses (SCCs)  for data exported from the EEA/UK to the U.S. or other countries. These clauses contractually oblige recipients to protect the data to EU standards.
  • Our service providers are vetted for strong security and privacy practices. For example, Clerk and RevenueCat both state compliance with GDPR and other privacy frameworks, and incorporate SCCs or equivalent measures for EU data transfers.
  • By using Text2Cal, you understand that your information may be transferred to our facilities and those third parties with whom we share it as described in this policy, even if they are in other countries. We will strive to ensure any international transfers comply with applicable data protection laws.

5. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. For example:

  • Account information (email, profile details) is kept until you delete your account, and thereafter we may retain it for a short period in backups or archives before complete deletion. If you delete your account, we aim to remove personal data within [30 days] from active systems, unless legal obligations require otherwise.
  • Subscription purchase records are retained as long as you are a subscriber and for a certain period after (to maintain proof of transactions for accounting/tax and to facilitate resuming a subscription if you come back). Typically, financial transaction records might be kept for up to 7 years as required by law, but these will be limited to what is necessary (e.g., receipt and transaction ID, not your full payment details which we don’t have).
  • AI input data (the text you submit) may be stored transiently on our servers for processing. We do not store your raw text inputs long-term beyond what is needed to generate the event, unless it’s attached to an event saved in the app or your calendar. If we keep logs of AI requests for debugging, we will anonymize them. Any personal identifiers in such logs would be removed or generalized.
  • Event data (the calendar events created) might be stored locally on your device and possibly in our cloud database to sync across your devices. We will retain those events as long as you use the service or until you delete them. If you disconnect a calendar or delete an event via Text2Cal, we will remove our stored copy of that event if any.
  • Analytics data is generally aggregated and not tied strongly to personal identifiers. We might retain analytics logs for internal analysis for a few months, and aggregated statistics indefinitely (since they contain no personal info).
  • If you contacted support, we might retain that correspondence for future reference (to understand past issues) unless you request deletion.
  • We also retain information as needed to comply with legal obligations, resolve disputes, and enforce our agreements. For instance, if we suspend or terminate an account for abuse, we might retain certain info to prevent that user from re-registering or for evidence in case of legal claims.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it. If deletion is not immediately feasible (e.g., because data is in backups), we will securely store it and isolate it from further processing until deletion is possible.

6. Data Security

We take the security of your data seriously. We implement a variety of technical and organizational measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These include:

  • Encryption: All network communication between the app, our servers, and third-party services is encrypted via HTTPS/TLS. This ensures that data (like your login credentials or event details) is protected in transit. Additionally, sensitive data at rest (such as tokens or keys) is encrypted or hashed where applicable.
  • Secure Storage: On your device, we store authentication tokens and certain preferences using secure storage mechanisms (such as encrypted storage via MMKV on React Native). On our backend, data is stored in secure databases with access controls. We restrict access to production databases to authorized personnel only, and use techniques like firewalling and network segmentation.
  • Access Controls: Our team and any service providers only access personal data on a need-to-know basis. For example, our developers or support personnel will only access your account data if required to troubleshoot an issue and with proper authorization. Clerk and RevenueCat restrict our access to only the info we need via their APIs.
  • Monitoring and Auditing: We monitor for potential security vulnerabilities and attacks. Our systems log access and events to provide an audit trail. We periodically review our practices and improve them. We may also conduct security assessments or code reviews to catch vulnerabilities.
  • Breach Notification: While we strive to protect your data, no system can be 100% secure. In the event of a data breach that affects your personal information, we will notify you and the appropriate authorities as required by law within 72 hours of discovering the breach, if feasible . We will also take all reasonable steps to mitigate any potential harm and prevent future incidents.

Please note that you also play a role in keeping your data secure. Choose a strong, unique password for your Text2Cal account and do not share it. Log out of the app when using a shared device. If you suspect any unauthorized access to your account, inform us immediately.

7. Your Rights and Choices

You have certain rights and choices regarding your personal information. We have outlined key rights here; these may vary based on your jurisdiction:

  • Access and Portability: You have the right to request a copy of the personal data we hold about you . We can provide this in a common electronic format. For example, you can request an export of your account info and any event data associated with your account. (Note: Much of your data is also directly accessible in the app – e.g., you can see events, profile info, etc.)
  • Rectification: If any personal data we have is inaccurate or incomplete, you have the right to ask us to correct it. For instance, if you change email addresses, you can update it in your profile or ask support to assist.
  • Erasure: You have the right to request deletion of your personal data (“Right to be Forgotten”). You can achieve most of this by deleting your Text2Cal account in the app’s settings, which will remove your personal info from our active systems. If you want us to delete any residual data (like support emails you sent or backup logs), please contact us with your request. We will honor deletion requests unless we are legally required to keep specific data (e.g., transaction records for tax) or have other lawful basis to retain it.
  • Restriction of Processing: You can ask us to restrict processing of your data in certain circumstances – for example, if you contest the accuracy of your data, or if you object to our processing based on legitimate interests. We will then only store your data and not actively process it until the issue is resolved.
  • Objection to Processing: You have the right to object to certain processing activities. For example, you can object to processing for direct marketing or to any processing based on a legitimate interest. If you do so, we will comply unless we have compelling legitimate grounds to continue (in which case we will explain those to you). With regard to marketing emails – we currently do not send marketing emails, but if we ever do, every message will include an “unsubscribe” link to opt out easily.
  • Data Portability: In addition to access, you may have the right to receive your data in a structured, commonly used, and machine-readable format (and to request we transmit it to another controller where technically feasible). This mostly overlaps with the access/export function. For example, you might get a JSON or CSV file of your events or account data to import into another service.
  • Withdrawal of Consent: In cases where we rely on your consent (e.g., if you opted in to analytics or promotional notifications), you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal. In practice, you can toggle off certain app permissions (like location or notifications in your device settings) or contact us to adjust your preferences.
  • Right to Not Be Subject to Automated Decisions: Our service does not make any legally significant decisions about you solely by automated means. The AI provides suggestions for event details, but you ultimately confirm and save events. If in future we implement automated decision-making that significantly affects users, we will ensure compliance with applicable laws and provide appropriate information/rights.

To exercise any of these rights, please contact us at privacy@text2cal.app (or support@text2cal.app). We will verify your identity (to protect your privacy) before fulfilling the request. We aim to respond to requests within 30 days or the timeframe required by your local law.

California Residents (CCPA/CPRA): If you are a California resident, you have specific privacy rights under the California Consumer Privacy Act (as amended by the CPRA). These include the right to know what personal information we collect, the right to delete personal information (with exceptions), the right to opt-out of the sale or sharing of personal info, the right to correct inaccurate info, and the right to non-discrimination for exercising these rights  . In summary, California users can:

  • Request a report detailing the categories and specific pieces of personal info we have collected about you, the sources of that info, the purposes for collection, and any third parties with whom we shared it (this is your “Right to Know”) .
  • Request deletion of your personal information from our records (and we will direct our service providers to do the same), unless an exception applies (e.g., we need certain data for security, legal compliance, or because you continue to use our service) .
  • Opt-out of the “sale or sharing” of personal information. Note: We do not sell personal data in the traditional sense (exchange for money). We also do not share personal info for cross-context behavioral advertising. If that ever changes, we will provide a “Do Not Sell or Share” link.
  • Request correction of any inaccurate personal information we have about you  .
  • Be free from discrimination or retaliation for exercising your privacy rights. We will not deny you our services or provide different quality of service because you exercised your rights (except as allowed by law, e.g., if you request deletion of data necessary for the service, we may not be able to provide that service).

California residents can exercise these rights by emailing us at privacy@text2cal.app with the subject “CCPA Request” and specifying which right you seek to exercise. We will need to verify your identity (and authority, if you are an authorized agent making the request on behalf of someone else) before fulfilling CCPA requests. We will respond within the time frame required by law (generally within 45 days, with an extension if necessary).

8. Cookies and Tracking Technologies

Text2Cal is a mobile app, and as such it does not use traditional website cookies. However, it may use analogous tracking technologies for purposes like maintaining your session or analyzing usage. For example:

  • We might use a local storage mechanism (similar to a cookie) on the app to remember your logged-in status so you don’t have to re-login every time.
  • If we implement analytics, those might assign a random identifier to your device to distinguish unique users (like how cookies work in browsers). This could be done through the device’s Advertising ID or an SDK.
  • Push notification tokens: when you enable push notifications, we generate a unique token provided by Apple or Google for your device, which acts like an ID to send you notifications. This token doesn’t contain personal info, but it is used to route notifications to you.

You have control over certain tracking: you can reset your device’s advertising identifier, turn off ad personalization in device settings, or opt-out of analytics by using any opt-out features we provide. If in the future our app integrates with any advertising or advanced tracking, we will update this section and ask for any necessary opt-in consent (e.g., App Tracking Transparency on iOS, which would prompt you for permission to track across apps).

Our Privacy Policy will be updated accordingly if we begin using any cookies or similar technologies beyond what is described. For now, we use minimal tracking focused on functionality and performance, and not for advertising purposes.

9. Push Notifications and Device Permissions

With your consent, Text2Cal may send push notifications to your mobile device to alert you about successfully created events, reminders, or important service updates. If you decide to enable notifications, you can always opt out later by changing the notification preferences in your device settings for Text2Cal. We only send notifications to provide value (like confirming an event was added to your calendar or informing you of new features if you’ve opted in). We will not spam you with irrelevant messages.

The App may request certain device permissions to function properly – for example, access to your calendar (to insert events) or internet access. We will only request permissions when needed, and you have the choice to grant or deny them. If you deny a required permission (like calendar access), certain features may not work.

Our App may contain links to external websites or services that are not operated by us – for instance, a help center link, a link to our social media page, or integrations that lead you to third-party sign-in pages (like Google’s OAuth screen for calendar linking). This Privacy Policy does not apply to those external sites or services. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

We encourage you to review the privacy policies of any third-party services you interact with through our App. For example, if you connect your Google Calendar, you should review Google’s Privacy Policy to understand how they handle your calendar data. If you make a purchase via Apple or Google, their privacy notices regarding payment info apply.

11. Children’s Privacy

As noted in the Terms of Use, Text2Cal is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13 years old. If you are under 13, please do not use the App or submit any personal data. If you are a minor over 13, you should review this Policy with a parent or guardian and get their consent for your use of the App, especially if you are under the age of digital consent in your region (which is 16 in some EU countries).

If we become aware that we have inadvertently collected personal information from a child under 13 (or under 16 in certain jurisdictions) without parental consent, we will take steps to delete that information promptly. Parents or guardians who believe their child may have provided us personal data without consent can contact us at privacy@text2cal.app, and we will work to remove the data and terminate the child’s account if applicable.

12. Platform Privacy Requirements

We comply with additional privacy requirements imposed by platform providers:

  • Apple App Store: Apple requires us to provide a “privacy nutrition label” detailing our data collection practices. We have disclosed all categories of data we collect in that App Store privacy section. We also respect iOS App Tracking Transparency (ATT) rules; currently, we do not track users across apps for advertising purposes, so we do not prompt an ATT consent. If that changes, we will seek your permission first. Our App also provides a link to this Privacy Policy and a way to request deletion of data, in accordance with App Store guidelines.
  • Google Play: We have filled out Google Play’s Data Safety section to honestly represent our data practices (what data is collected, for what purposes, whether it’s shared, etc.). Our practices align with what is described here. We also adhere to any relevant Google Play policies regarding user data (for example, if classified as a “Kid Safe” app or similar – though our app is general audience).
  • Global Users: For all users, we aim to meet the privacy expectations of major regulations like the EU GDPR, UK GDPR, Canada’s PIPEDA, Australia’s Privacy Act, etc. If any provision of this Policy contradicts a legal requirement for a specific user group, we will adjust our practices for that group to comply with the law. This Privacy Policy is designed to be globally applicable.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we update it, we will change the “Last Updated” date at the top. If the changes are significant, we will provide a more prominent notice (for example, by placing a notice within the app or sending you an email notification).

We encourage you to review this Policy periodically  for the latest information on our privacy practices. Continued use of Text2Cal after any modifications to this Policy will constitute your acknowledgment of the changes and your consent to abide and be bound by the updated Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

  • Email: privacy@text2cal.app
  • Postal Mail: [Insert mailing address of Text2Cal’s operator, if applicable – e.g., the company or developer’s address]
  • App Support: You may also reach out through the in-app support or feedback feature if available.

We will do our best to address your inquiry promptly and thoroughly. If you are not satisfied with our response, and you are in the EU/UK, you have the right to lodge a complaint with your local Data Protection Authority. For example, in the UK you can contact the ICO, and in the EU you can reach out to the supervisory authority in your country.

Thank you for trusting Text2Cal with your scheduling needs. We value your privacy and are dedicated to protecting it.