Privacy Policy

1. Introduction

CalStack ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your information when you use our website and services located at calstack.app (the "Service").

CalStack is a SaaS platform that helps businesses connect their calendars with their websites to enable seamless booking and scheduling functionality. This policy complies with the General Data Protection Regulation (GDPR), Google API Services User Data Policy, and other applicable data protection laws.

2. Data Controller

3. Information We Collect

3.1 Personal Information

When you use our Service, we may collect the following personal information:

• Contact Information: Name, email address, phone number
• Company Information: Company name, business details
• Quote Requests: Information you provide when requesting quotes through our widgets
• Account Information: Registration details, login credentials

3.2 Google Calendar Data

When you connect your Google Calendar to CalStack, we access the following data:

• Calendar Availability: Free/busy information to display available time slots
• Event Creation: We create calendar events when bookings are made through your widget
• Basic Calendar Metadata: Calendar name and timezone for proper scheduling

We only access the minimum data necessary to provide the calendar integration functionality. We do not access, read, or store the content of your existing calendar events.

3.3 Technical Information

• Device Information: Device type, operating system, browser type
• IP Address: Your internet protocol address
• Usage Data: How you interact with our Service

3.4 Cookies and Tracking Technologies

We and our third-party service providers use cookies and similar tracking technologies to:

• Maintain user sessions and authentication
• Remember your preferences and settings
• Analyze website usage and performance
• Enable integrations with third-party services
• Improve our Service functionality

Types of cookies we use:

• Essential Cookies: Required for basic website functionality and security
• Functional Cookies: Remember your preferences and enable features
• Analytics Cookies: Help us understand how you use our Service
• Third-Party Cookies: Set by our integrated services (HubSpot, Google Calendar, Clerk, Zapier)

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Service. Essential cookies cannot be disabled as they are necessary for the Service to function properly.

5. How We Use Your Information

We process your personal data for the following purposes:

• To provide and maintain our Service
• To process and respond to quote requests
• To create and manage user accounts
• To facilitate integrations with third-party services (HubSpot, Google Calendar, Zapier)
• To provide customer support
• To improve our Service and user experience
• To comply with legal obligations

6. Marketing Communications

Important Clarification:

• We only send marketing communications to users who have signed up for a CalStack account and have opted in to receive such communications.
• We do not use data collected through our users' widgets (end-user data) for our own marketing purposes.
• We do not send marketing materials to leads or contacts collected through our customers' booking widgets.
• Google user data is never used for marketing or advertising purposes.

7. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: To provide our Service and fulfill our obligations
• Legitimate Interest: To improve our Service and provide customer support
• Consent: Where you have given explicit consent for specific processing
• Legal Obligation: To comply with applicable laws and regulations

8. Data Sharing and Third Parties

We may share your information with the following third parties:

8.1 Service Integrations

We share data with the following third-party services, which may also use their own cookies and tracking technologies:

• HubSpot: For CRM and contact management (when you enable this integration). HubSpot uses cookies for analytics and marketing purposes.
• Google Calendar: For scheduling and calendar integration (when you enable this integration). See Section 4 for detailed information on Google data handling.
• Zapier: For workflow automation (when you enable this integration). Zapier uses cookies for authentication and service delivery.
• Clerk: For authentication and user management. Clerk uses cookies for session management and security.

These third parties have their own privacy policies and cookie policies. We recommend reviewing their policies to understand how they handle your data:

• HubSpot Privacy Policy
• Google Privacy Policy
• Zapier Privacy Policy
• Clerk Privacy Policy

8.2 Other Disclosures

We do not sell, trade, or rent your personal information to third parties. We may disclose your information only when required by law or to protect our rights and safety.

9. User Responsibility for Collected Data

CalStack provides tools for our users (business owners) to collect leads and booking information through widgets embedded on their websites.

Important:

• Data Controller: Our users (business owners) are the data controllers for any personal data they collect through their CalStack widgets.
• User Responsibility: Each user is responsible for how they use, store, and manage the data collected through their widgets, including compliance with applicable data protection laws.
• No Control: CalStack does not control how our users choose to use the data collected through their widgets.
• Data Processor: CalStack acts as a data processor on behalf of our users, processing data only as necessary to provide our Service.

10. Data Storage and International Transfers

Your personal data is stored and processed in the United States. We ensure appropriate safeguards are in place for international data transfers in compliance with GDPR requirements.

We work with service providers that have implemented adequate safeguards, including Standard Contractual Clauses (SCCs) where applicable.

11. Data Retention and Deletion

We retain your personal data for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy.

• Account Data: Retained for the duration of your account and deleted upon account termination (subject to legal retention requirements).
• Widget Data: The admin user is responsible for managing data retention within their account. Data can be deleted through the dashboard or upon request.
• Google Calendar Data: Access tokens are deleted when you disconnect the integration. Cached availability data is not permanently stored.

Requesting Deletion: You may request deletion of your data at any time by contacting us at hello@calstack.app. We will process your request within 30 days.

When the data retention period expires or upon your request, we will securely delete or anonymize your personal data.

12. Cookie Consent and Management

By continuing to use our Service, you consent to our use of cookies as described in this policy. You have the following options to manage cookies:

• Browser Settings: Most browsers allow you to control cookies through their settings preferences
• Opt-out Tools: Some third parties provide opt-out mechanisms for their tracking technologies
• Do Not Track: We honor browser "Do Not Track" signals where technically feasible

Please note that disabling cookies may limit your ability to use certain features of our Service.

13. Your Rights Under GDPR

If you are located in the European Union, you have the following rights:

• Right of Access: Request access to your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Request transfer of your data
• Right to Object: Object to processing of your data
• Right to Withdraw Consent: Withdraw consent where applicable

To exercise any of these rights, please contact us at hello@calstack.app. We will respond to your request within 30 days.

14. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

• Encryption: All data transmitted to and from our Service is encrypted using TLS/SSL protocols
• Secure Authentication: We use OAuth 2.0 for third-party integrations and secure session management
• Access Controls: Strict access controls ensure only authorized personnel can access sensitive data
• Regular Security Reviews: We regularly review and update our security practices
• Secure Infrastructure: Our Service is hosted on secure, industry-standard infrastructure

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

15. Children's Privacy

Our Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us immediately.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top of this policy. For significant changes, we will notify registered users via email. We encourage you to review this Privacy Policy periodically.

17. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.