Your privacy is important to us. It is Koalendar’s policy to respect your privacy regarding any information we may collect from you across our website, https://koalendar.com, and other sites we own and operate.
Koalendar strictly implements the GDPR regulation, that aims at protecting user data and providing a right to modify and delete such data, as well as to consent to data collection.
You can find our full GDPR-oriented privacy policy on our What’s Koalendar EU GDPR compliance status? article (which applies to all our users, regardless of their location worldwide). This article lists the data we collect on our users, as well as their rights.
We only ask for personal information when we truly need it to provide a service to you. We collect it by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used.
We only retain collected information for as long as necessary to provide you with your requested service. What data we store, we’ll protect within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification.
We don’t share any personally identifying information publicly or with third-parties, except when required to by law.
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies.
You are free to refuse our request for your personal information, with the understanding that we may be unable to provide you with some of your desired services.
Your continued use of our website will be regarded as acceptance of our practices around privacy and personal information. If you have any questions about how we handle user data and personal information, feel free to contact us.
Google User Data Access and Usage
Our application accesses Google user data only with your explicit consent through OAuth scopes, and only for the purposes necessary to provide our scheduling services. We comply with the Google API Services User Data Policy, including its Limited Use requirements.
What Google User Data We Access
We request access to the following Google user data via these optional services and scopes:
- Gmail: Access to send emails (scope: https://www.googleapis.com/auth/gmail.send). This does not include reading your inbox or message contents.
- Google Calendar: Access to calendar availability and events (scopes: https://www.googleapis.com/auth/calendar.readonly, https://www.googleapis.com/auth/calendar.events). This includes free/busy information and event details for bookings made via Koalendar.
- Google Drive: Access to files in a dedicated folder (scope: https://www.googleapis.com/auth/drive.file). This includes file IDs and metadata for storing form uploads or attachments.
- Google Sign-In: Access to basic profile information (scopes: openid, email, profile). This includes your name, email address, and profile picture for authentication.
No other Google user data is accessed, and you can use Koalendar without granting these permissions.
How We Use Google User Data
We use the accessed Google user data solely to enable the following features in our application:
- Gmail: To send booking-related emails (e.g., confirmations, reminders, reschedules, or cancellations) on your behalf.
- Google Calendar: To check availability (free/busy) to prevent double-bookings and to create, update, or delete events booked through Koalendar.
- Google Drive: To store and manage form uploads or attachments in your own Drive folder, ensuring you retain ownership.
- Google Sign-In: To authenticate your account and pre-fill your profile information for a seamless login experience.
We do not use Google user data for any other purposes, such as advertising, analytics, or sharing with third parties (except as required by law). Data is encrypted in transit and at rest, and access can be revoked at any time via your Google Account settings or Koalendar’s integrations page.
Storage & retention
| Data element | Stored? | Retention policy |
|---|---|---|
| Gmail – message bodies | No | n/a |
| Gmail – message ID, recipients, subject | Yes | 30 days (delivery logs) |
| Google Calendar – event IDs & metadata | Yes | Until the event or your account is deleted |
| Google Drive – file IDs & metadata | Yes | Until you delete the file or your account |
| OAuth refresh tokens (all services) | Encrypted at rest | Deleted instantly when you disconnect or close your account |
| Google Sign-In – basic profile (name, email, picture) | Yes | Until you delete your Koalendar account |
Your controls
- Disconnect / revoke at any time → Google Account ▸ Security ▸ “Third-party apps” or Koalendar ▸ Integrations ▸ My Apps
- Delete all data → Koalendar ▸ Settings ▸ Delete Account
Security Measures
- All data in transit is encrypted with TLS 1.2+.
- OAuth tokens, event metadata and file IDs are encrypted at rest using AES‑256.
- Access to production systems is protected by enforced multi‑factor authentication and is role‑based.
Other Third‑Party Integrations
Koalendar also lets you connect to non‑Google services (e.g. Microsoft Outlook, Apple Calendar, Zoom, Microsoft Teams). Each integration is optional and governed by the same principles: minimal access, purpose limitation, encryption and user‑controlled revocation. Details for each integration are available in their respective subsections in our full privacy policy.
