Privacy Policy

1. Introduction

CloudMeet ("we", "our", "the Service") is an open-source meeting scheduling application available at cal.reks.io. This Privacy Policy describes how we collect, use, and protect your information when you use our Service.

2. Information we collect

When you use CloudMeet, we collect the following information:

• Account information: Your name and email address, obtained through Google OAuth or Microsoft OAuth when you sign in.
• Calendar data: Your calendar event times (start/end) to determine availability. We do not store the content, titles, descriptions, or attendees of your existing calendar events.
• Booking information: When someone books a meeting with you, we store the attendee's name, email address, selected time slot, and any notes they provide.
• Authentication tokens: OAuth refresh tokens to maintain your calendar connection. These are stored encrypted.

3. Google API Services - Limited Use Disclosure

CloudMeet's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, CloudMeet:

• Only requests access to Google Calendar data necessary to provide scheduling functionality (checking availability and creating calendar events).
• Does not use Google user data for serving advertisements.
• Does not sell or transfer Google user data to third parties.
• Does not use Google user data for purposes unrelated to the scheduling functionality.
• Does not allow humans to read Google user data, except with your explicit consent, for security purposes, to comply with law, or when data is aggregated and anonymized.

4. How we use your information

We use your information exclusively to:

• Authenticate your identity and manage your account.
• Check your calendar availability to prevent double-booking.
• Create calendar events when meetings are booked.
• Generate Google Meet or Microsoft Teams meeting links when configured.
• Send booking confirmation, cancellation, and reminder emails (if email notifications are enabled).

5. Data sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. Your data is only shared with:

• Google Calendar API / Microsoft Graph API: To read availability and create events, as authorized by you.
• Cloudflare: Our infrastructure provider that hosts and processes all data.
• Email service provider: If email notifications are enabled, booking details are shared with our email provider to deliver notifications.

6. Data storage and security

All data is stored on Cloudflare's infrastructure (D1 database and KV storage). OAuth tokens are stored encrypted. We use HTTPS for all data transmission. No data is stored on local servers or personal devices.

7. Data retention and deletion

We retain your data for as long as your account is active. You can request complete deletion of your data at any time by contacting us. Upon deletion:

• Your account information and OAuth tokens are permanently removed.
• Your event types and availability settings are deleted.
• Booking records associated with your account are deleted.

8. Your rights

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Revoke calendar access at any time through your Google Account permissions or Microsoft account permissions.

9. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date.

10. Contact

For privacy-related questions or data deletion requests, please contact us at krzys.kan@gmail.com.