Privacy Policy

1. Introduction

Cal Invoice ("we," "us," or "the Service") respects your privacy. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using Cal Invoice, you consent to the practices described in this policy.

2. Information We Collect

3. How We Use Your Information

We use the information we collect to provide and operate the Service, including syncing your calendar events, applying your filtering rules, generating invoices, and producing PDF exports. We also use it to maintain and improve the Service, communicate with you about your account or changes to the Service, and ensure security and prevent abuse.

4. Data Storage & Security

Your data is stored using Supabase, a cloud-hosted PostgreSQL database with encryption at rest and in transit. We enforce Row Level Security (RLS) policies on all database tables, ensuring that each user can only access their own data — no user can read, modify, or delete another user's records. Google refresh tokens are stored securely and are only used to maintain your calendar connection. While we implement commercially reasonable security measures, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

5. Third-Party Services

Cal Invoice integrates with the following third-party services, each governed by their own privacy policies:

Google APIs — for authentication and calendar data access, subject to the Google API Services User Data Policy.

Supabase — for data storage and authentication infrastructure.

Vercel — for application hosting and deployment.

Microsoft Clarity — for anonymized usage analytics and session recordings to improve the user experience.

6. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We may share data only in the following circumstances: with service providers who help us operate the Service (as listed above), if required by law, regulation, or legal process, or to protect the rights, safety, or property of Cal Invoice or its users.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you delete your account or revoke Google access, we will delete your stored data within 30 days, except where retention is required by law.

8. Your Rights & Choices

You may revoke Cal Invoice's access to your Google Calendar at any time through your Google account permissions. You can delete your account and all associated data at any time from your dashboard settings. Account deletion is immediate and permanent — all stored data including your profile, invoices, rules, and Google refresh token will be permanently removed. Depending on your jurisdiction, you may have additional rights regarding your personal data, including the right to access, correct, or delete it.

9. Cookies

Cal Invoice uses essential cookies and local storage for authentication sessions and theme preferences. Microsoft Clarity may set first-party cookies to distinguish unique users for analytics purposes. We do not use advertising or third-party tracking cookies.

10. Children's Privacy

The Service is not directed at children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

12. Contact

If you have questions or concerns about this Privacy Policy or your data, please reach out via the contact information provided on the Cal Invoice website.