Privacy Policy
Last updated: July 6, 2026
1. Introduction
At Schedulr, we take your privacy seriously. This Privacy Policy explains how we collect, use, protect, and handle your information when you use our group scheduling application. We are committed to maintaining strict data controls and ensuring your privacy is protected.
2. Data Collection
We collect the following types of information:
- Account Information: Email address, username, and authentication credentials
- Group Data: Group names, descriptions, and membership information
- Usage Data: How you interact with the app, features used, and performance metrics
- Device Information: Device type, iOS version, and app version
- Subscription Data: Subscription status and purchase history (handled by RevenueCat)
- Journey Planning Data: When you request Scheduly journey planning, we may process your journey request, recent travel-planning messages, route preferences, and, if planning starts from an event, the event title, date/time, visible location, and visible notes
- Approximate Location: Approximate device coordinates are processed only if you select "Current location" for journey planning and grant permission
Important: We do NOT collect or store your calendar data. Calendar access is read-only and all calendar data remains on your device.
2.1. Cookies and Tracking
We do not use cookies or tracking technologies. Schedulr is a privacy-first application that does not set, store, or use cookies for any purpose, including user tracking, session management, advertising, or third-party tracking services.
Our web presence (marketing website) is a static informational site that does not set cookies.
3. How Data is Used
We use your data to:
- Provide and improve our scheduling services
- Sync your groups and availability across devices
- Process AI queries through Scheduly
- Generate user-initiated Scheduly journey plans when requested
- Manage your subscription and provide customer support
- Send you important updates and notifications (with your consent)
- Ensure service security and prevent fraud
We do not sell your data to third parties. We do not use your data for advertising purposes.
Scheduly Journey Planning
Scheduly journey planning is user-initiated. When you ask Scheduly to plan a journey, we may process your journey request, recent travel-planning messages, and route preferences such as fewer transfers or less walking. If planning starts from an event, we may use the event title, date/time, visible location, and visible notes to prepare the plan.
Approximate device coordinates are processed only when you choose "Current location" and grant location permission. Schedulr does not continuously track your location and does not sell location data.
OpenAI is used to extract journey details, handle clarifying questions, perform one current-disruption web search, and prepare the response. Google Maps Platform is used to compute transit and walking route content. Disruption data may be incomplete or may change after the displayed "checked at" time.
Schedulr does not persist raw Google route payloads or final provider-derived route legs. Chat history stores user requests, clarification messages, and only a neutral receipt that a live plan was generated and must be regenerated. Operational logs may include privacy-safe usage metadata such as model names, token counts, route/search counts, latency, and outcome, but not journey text, coordinates, private notes, or raw route content.
4. Third-Party Services
Schedulr uses the following third-party services. Each service has strict data controls and privacy measures:
Supabase
Purpose: Database and backend service for storing user accounts, groups, and scheduling data.
- Row Level Security (RLS) policies are enforced at the database level — users can only access their own data
- All data is encrypted at rest and in transit
- Strict access controls and authentication required for all data access
- EU/US hosting options available for data residency requirements
Apple Calendar
Purpose: Read-only calendar access for checking availability.
- Read-only access only — we cannot modify or create calendar events
- Calendar events are stored securely on Supabase with RLS policies
- All calendar data is encrypted at rest and in transit
- You can revoke calendar access at any time in iOS Settings
OpenAI
Purpose: Powers the Scheduly AI assistant for natural language scheduling queries and user-initiated journey planning.
- For ordinary scheduling queries, only the query text is sent for processing — no user IDs are included
- No user identification is stored with queries
- Queries are automatically deleted after processing per OpenAI's retention policies
- For journey planning, OpenAI may process the travel prompt, recent travel-planning messages, visible event context, route preferences, and a current-disruption web search result
- OpenAI privacy information is available at openai.com/policies/privacy-policy
Google Maps Platform
Purpose: Computes transit and walking route content for user-initiated Scheduly journey planning.
- Google Maps Platform receives the journey origin, destination, timing, route preference, and approximate coordinates only when you choose "Current location" and grant permission
- Schedulr does not persist raw Google route payloads or final provider-derived route legs
- Google privacy information is available at policies.google.com/privacy
RevenueCat
Purpose: Subscription management and payment processing.
- Only subscription-related data is shared (subscription status, purchase history)
- Data is anonymized where possible
- Payment processing is handled securely through Apple's App Store
5. Security Measures
We implement multiple layers of security to protect your data:
- Row Level Security (RLS): Database-level policies ensure users can only access their own data
- End-to-End Encryption: Sensitive data is encrypted in transit using TLS/SSL protocols
- Strict Access Controls: Authentication and authorization required for all data access
- Regular Security Audits: We conduct regular security reviews and compliance checks
- Data Minimization: We only collect and store the minimum data necessary for functionality
6. User Data Controls
You have complete control over your data. We respect the following rights:
- Right to Access: You can access all your data through the app or by contacting us
- Right to Deletion: You can request deletion of your account and all associated data
- Right to Data Portability: You can export your data in a machine-readable format
- Right to Opt-Out: You can opt out of non-essential data sharing
- Data Ownership: You own your data completely — we are just the custodian
To exercise these rights, contact us at support@schedulr.co.uk. We will respond within 30 days.
7. GDPR Compliance
Schedulr is fully compliant with the General Data Protection Regulation (GDPR):
- We process your data lawfully, fairly, and transparently
- We only collect data for specified, explicit, and legitimate purposes
- We limit data collection to what is necessary
- We keep your data accurate and up to date
- We store data only as long as necessary
- We ensure appropriate security of your data
- You have the right to access, rectify, erase, restrict, and port your data
8. Data Retention Policies
We retain your data only as long as necessary:
- Account Data: Retained until you delete your account
- Group Data: Retained until you leave the group or it's deleted
- Usage Data: Retained for 12 months
- Subscription Data: Retained as required by law (typically 7 years for tax purposes)
- AI Queries: Processed and immediately deleted (OpenAI may retain for 30 days for abuse prevention)
- Journey Planning Chat: Chat history may retain user requests and clarification messages according to the AI conversation retention period, but stores only a neutral receipt for generated live plans
- Route Data: Raw Google route payloads and final provider-derived route legs are not persisted by Schedulr
8.1. Automated Database Cleanup
To maintain database performance, Schedulr includes an automated cleanup system that periodically removes old data:
- Calendar Events: Events older than 90 days are automatically deleted from our database (your Apple Calendar is not affected)
- AI Usage Records: Monthly records older than 6 months are deleted
- AI Conversations: Conversations inactive for 6 months are deleted
If you have concerns about data retention or wish to export your data, contact us at support@schedulr.co.uk.
9. Children's Privacy
Schedulr is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.
10. Changes to Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be communicated to users via email or in-app notification. The "Last updated" date at the top indicates when changes were made.
11. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:
Email: support@schedulr.co.uk
For data protection inquiries, please include "Privacy Request" in your subject line.