Back to Home

Privacy Policy

Last updated: 2026-06-02

1. Data Controller

CalSyncPro (“we”, “us”, “our”) is operated by C-ICAS Sp. z o.o., NIP: 1182226755, Poland (“Data Controller”). Contact: privacy@calsyncpro.com.

2. What Data We Process

  • Account data: Microsoft 365 account identifiers (tenant ID, user ID), Google account identifiers (Google user ID), and email address — provided during sign-in via Azure AD or Google OAuth 2.0.
  • Sync configuration: Calendar sync pair settings, sync rules, conflict resolution preferences, sync direction (one-way / two-way).
  • Operational logs: Sync activity logs, error logs, and audit trails — retained for up to 90 days.
  • Usage data: Event counts, sync frequency, feature usage — anonymized and aggregated.
  • Calendar event content (Microsoft 365 & Google Calendar): We process event data in transit to perform synchronization. We do NOT persistently store event titles, descriptions, locations, or attendee data from either Microsoft or Google calendars.

3. Legal Basis for Processing (GDPR)

  • Contract performance (Art. 6(1)(b) GDPR): Processing necessary to deliver the synchronization service you subscribed to.
  • Legitimate interest (Art. 6(1)(f) GDPR): Operational logs and security monitoring to ensure service integrity.
  • Consent (Art. 6(1)(a) GDPR): Analytics cookies — where you have provided consent.

4. Data Retention

  • Account and sync configuration data: retained for the duration of your subscription + 30 days after cancellation.
  • Operational logs: 90 days.
  • Anonymized usage statistics: up to 2 years.
  • All Google OAuth tokens and any Google Calendar data are deleted immediately upon account disconnection or within 30 days of subscription termination.

5. Google API Data — Limited Use Disclosure

CalSyncPro integrates with the Google Calendar API to provide calendar synchronization between Google Calendar and other connected calendar providers.

When you connect a Google account, we request the following OAuth 2.0 scopes:

  • https://www.googleapis.com/auth/calendar.readonly — read-only access to list your calendars (used to identify which calendar to synchronize). No calendar settings or metadata are modified.
  • https://www.googleapis.com/auth/calendar.events — read and write calendar events. Used to read source events and create free/busy placeholder events in destination calendars.

We also use the Google Calendar Push Notifications API (watch channels) to receive real-time change notifications when events are added, updated, or deleted. This mechanism uses the same scopes listed above — no additional permissions are granted. Notification channels are renewed automatically every 6 days and are terminated immediately when you disconnect your Google account.

Our use of Google Calendar data is strictly limited to providing the synchronization service. Specifically:

  • Google Calendar event data is used only to synchronize events between connected calendars — for no other purpose.
  • We do not store Google Calendar event content (titles, descriptions, attendees, locations) beyond the transit time required to complete the sync operation.
  • We do not use Google Calendar data for advertising, user profiling, selling to third parties, or any purpose unrelated to delivering the sync service.
  • We do not share Google user data with any third parties except as required to deliver the service (sub-processors listed in Section 6).

CalSyncPro's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

6. Data Transfers

All data is processed within the European Economic Area (EEA) — Microsoft Azure West Europe (Netherlands). No transfer to third countries occurs without adequate safeguards. Google OAuth tokens are exchanged directly with Google's servers (USA) under Google's Standard Contractual Clauses.

7. Sub-Processors

  • Microsoft Azure — cloud infrastructure (EU region, West Europe)
  • Microsoft Graph API — Microsoft 365 calendar data access on your behalf
  • Google Calendar API (Google LLC) — Google Calendar data access on your behalf; governed by Google's Privacy Policy
  • Stripe — payment processing (if applicable)

8. Your Rights (GDPR)

  • Right of access (Art. 15): Request a copy of your personal data.
  • Right to rectification (Art. 16): Correct inaccurate data.
  • Right to erasure (Art. 17): Request deletion of your data.
  • Right to restriction (Art. 18): Limit how we process your data.
  • Right to data portability (Art. 20): Receive your data in a machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interests.
  • Right to withdraw consent (Art. 7(3)): Withdraw consent at any time without affecting prior processing.

To exercise your rights, contact: privacy@calsyncpro.com. We respond within 30 days. You also have the right to lodge a complaint with your national data protection authority (in Poland: UODO, uodo.gov.pl).

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours (Art. 33 GDPR). If the breach poses a high risk to you personally, we will also notify you directly without undue delay (Art. 34 GDPR).

10. Cookies

We use the following cookies:

  • Necessary: Authentication state, locale preference, cookie consent. Cannot be disabled — required for the service to function.
  • Analytics (optional): Anonymized usage statistics to improve performance. Only set with your explicit consent.

We do not use advertising or tracking cookies.

11. Security

We implement appropriate technical and organizational measures including: TLS 1.3 encryption in transit, AES-256 encryption at rest, Azure AD and Google OAuth 2.0 authentication, role-based access control, regular security audits, and incident response procedures.

12. Changes to This Policy

We may update this policy periodically. Material changes will be notified via email at least 30 days in advance. Continued use of the service after the effective date constitutes acceptance. If you disagree with changes, you may terminate your account before the changes take effect.

Privacy Policy — CalSyncPro