Boring Calendar

Privacy Policy

Effective Date: September 5, 2025

Boring Calendar ("us", "we", or "our") operates the Boring Calendar website and application (hereinafter referred to as the "Service").

This page is used to inform website visitors and application users regarding our policies with the collection, use, and disclosure of Personal Information if anyone decided to use our Service.

If you choose to use our Service, then you agree to the collection and use of information in relation with this policy. The Personal Information that we collect is used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, which is accessible at Terms of Service, unless otherwise defined in this Privacy Policy.

Information Collection and Use

We collect the following information to provide and improve our Service:

  • Account Information: Name, email address, and authentication credentials
  • OAuth Tokens: Encrypted tokens for accessing your calendar providers (Google, Apple, Microsoft)
  • Calendar Data: Events, tasks, and calendar metadata you choose to sync
  • Voice Commands: Audio transcriptions when you use voice features
  • Usage Data: App telemetry, device information, IP address for security and diagnostics
  • Support Communications: Messages and feedback you send to us

Data Retention:

  • OAuth tokens: Retained until you revoke access or delete your account
  • Calendar/task data: Retained while your account is active and deleted within 30 days of account deletion
  • App logs: Retained for 30 days for security and diagnostics
  • Support communications: Retained for up to 2 years for customer service purposes

Data Storage: Your data is encrypted in transit (TLS) and at rest where supported by our infrastructure providers.

Log Data

We want to inform you that whenever you visit our Service, we collect information that your browser or device sends to us that is called Log Data. This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser version, device type, operating system, pages of our Service that you visit, the time and date of your visit, the time spent on those pages, and other statistics.

Cookies

Cookies are files with a small amount of data that is commonly used as an anonymous unique identifier. These are sent to your browser from the website that you visit and are stored on your computer's hard drive.

Our website uses these "cookies" to collection information and to improve our Service. You have the option to either accept or refuse these cookies, and know when a cookie is being sent to your computer. If you choose to refuse our cookies, you may not be able to use some portions of our Service.

Service Providers

We may employ third-party companies and individuals due to the following reasons:

  • To facilitate our Service;
  • To provide the Service on our behalf;
  • To perform Service-related services; or
  • To assist us in analyzing how our Service is used.

We want to inform our Service users that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.

Specifically, we use the following third-party services (sub-processors):

We bind each provider by contract and limit their access to what's necessary to deliver the Service.

Use of Google API Services & Limited Use

Boring Calendar's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We access Google Calendar data (and any other Google data you explicitly authorize) only to provide user-visible features in Boring Calendar. We do not sell the data, we do not use it for advertising, and we do not allow humans to read it except when required for security, to comply with law, or when you ask us to.

You can revoke our access at any time from your Google Account Security Settings.

AI Processing

Some features in Boring Calendar use AI to help you manage your calendar more efficiently. When you use these features:

  • Your prompts and necessary context are sent to OpenAI's API to generate responses
  • We do not use your Google user data or personal data to train AI models
  • OpenAI states that API data is not used for training their models by default
  • AI features are optional and you control when they are used

Your Rights & Data Deletion

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Request corrections to inaccurate data
  • Deletion: Request deletion of your account and associated data
  • Portability: Receive your data in a machine-readable format
  • Revoke Access: Remove calendar provider permissions at any time

To exercise these rights, email us at contact@boringcalendar.ai. Account deletion removes OAuth tokens and deletes synced calendar/task data from our systems within 30 days. Backups may retain data for up to 90 days before permanent deletion.

You can immediately revoke Google Calendar access from your Google Account settings, Apple Calendar access from your device settings, and Microsoft access from your Microsoft account.

Security

We implement industry-standard security measures to protect your personal information:

  • Encryption: TLS/SSL for data in transit, AES-256 for sensitive data at rest
  • Access Controls: Role-based access, principle of least privilege for staff
  • Authentication: Secure OAuth 2.0 implementation, encrypted token storage
  • Monitoring: Security event logging and anomaly detection
  • Updates: Regular security patches and dependency updates
  • Infrastructure: SOC 2 compliant hosting providers

While we implement these measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to promptly notifying you of any data breaches that may affect you.

Cookies and Analytics

We use cookies and similar technologies to enhance your experience:

  • Essential Cookies: Required for authentication and core functionality
  • Preference Cookies: Remember your settings and preferences
  • Analytics: We use privacy-focused analytics to improve our service (no personal data shared with third parties)

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of our Service.

Links to Other Sites

Our Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Children's Privacy

Our Service is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under the age of 18.

In compliance with the Children's Online Privacy Protection Act (COPPA), if we discover that a child under 13 has provided us with personal information, we will immediately delete this information from our servers. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at contact@boringcalendar.ai so we can take necessary action.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Thus, we advise you to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately, after they are posted on this page.

Contact Us

If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us at contact@boringcalendar.ai.