Privacy Policy

Last updated: November 15, 2025

1. Introduction

At Schedulr, we take your privacy seriously. This Privacy Policy explains how we collect, use, protect, and handle your information when you use our group scheduling application. We are committed to maintaining strict data controls and ensuring your privacy is protected.

2. Data Collection

We collect the following types of information:

  • Account Information: Email address, username, and authentication credentials
  • Group Data: Group names, descriptions, and membership information
  • Usage Data: How you interact with the app, features used, and performance metrics
  • Device Information: Device type, iOS version, and app version
  • Subscription Data: Subscription status and purchase history (handled by RevenueCat)

Important: We do NOT collect or store your calendar data. Calendar access is read-only and all calendar data remains on your device.

2.1. Cookies and Tracking

We do not use cookies or tracking technologies. Schedulr is a privacy-first application that does not set, store, or use cookies for any purpose, including:

  • User tracking or analytics
  • Session management (we use secure token-based authentication)
  • Advertising or marketing purposes
  • Third-party tracking services

Our web presence (marketing website) is a static informational site that does not set cookies. If you access our website through a mobile app WebView, no cookies will be set or collected.

3. How Data is Used

We use your data to:

  • Provide and improve our scheduling services
  • Sync your groups and availability across devices
  • Process AI queries through Scheduly
  • Manage your subscription and provide customer support
  • Send you important updates and notifications (with your consent)
  • Ensure service security and prevent fraud

We do not sell your data to third parties. We do not use your data for advertising purposes.

4. Third-Party Services

Schedulr uses the following third-party services. Each service has strict data controls and privacy measures:

Supabase

Purpose: Database and backend service for storing user accounts, groups, and scheduling data.

Data Controls:

  • Row Level Security (RLS) policies are enforced at the database level—users can only access their own data
  • All data is encrypted at rest and in transit
  • Strict access controls and authentication required for all data access
  • EU/US hosting options available for data residency requirements
  • Regular security audits and compliance checks

Privacy: Supabase processes data on our behalf under a data processing agreement. Your data is never used by Supabase for their own purposes.

Apple Calendar

Purpose: Read-only calendar access for checking availability and finding optimal meeting times.

Data Controls:

  • Read-only access only—we cannot modify or create calendar events on your device
  • Calendar events are stored securely on Supabase with Row Level Security (RLS) policies
  • All calendar data is encrypted at rest and in transit
  • Only you can access your own calendar data through strict access controls
  • Permissions are clearly explained and user-controlled
  • You can revoke calendar access at any time in iOS Settings

Privacy: Your calendar privacy is paramount. Calendar events are stored securely with encryption and strict access controls. We only check availability when you actively use scheduling features.

OpenAI

Purpose: Powers the Scheduly AI assistant for natural language scheduling queries.

Data Controls:

  • Only query text is sent for processing—no user IDs, personal information, or calendar data
  • No user identification is stored with queries
  • Queries are automatically deleted after processing according to OpenAI's retention policies
  • Query retention policies are clearly stated—typically 30 days for abuse prevention only
  • Your privacy is maintained—queries are anonymous and cannot be traced back to you

Privacy: OpenAI processes queries under their privacy policy and data processing agreement. We do not send any personally identifiable information with AI queries.

RevenueCat

Purpose: Subscription management and payment processing.

Data Controls:

  • Only subscription-related data is shared (subscription status, purchase history)
  • Data is anonymized where possible
  • Payment processing is handled securely through Apple's App Store

Privacy: RevenueCat processes subscription data under their privacy policy. No personal financial information is shared.

5. Security Measures

We implement multiple layers of security to protect your data:

  • Row Level Security (RLS): Database-level policies ensure users can only access their own data
  • End-to-End Encryption: Sensitive data is encrypted in transit using TLS/SSL protocols
  • Strict Access Controls: Authentication and authorization required for all data access
  • Regular Security Audits: We conduct regular security reviews and compliance checks
  • Data Minimization: We only collect and store the minimum data necessary for functionality
  • Secure Authentication: Industry-standard authentication and session management

6. User Data Controls

You have complete control over your data. We respect the following rights:

  • Right to Access: You can access all your data through the app or by contacting us
  • Right to Deletion: You can request deletion of your account and all associated data
  • Right to Data Portability: You can export your data in a machine-readable format
  • Right to Opt-Out: You can opt out of non-essential data sharing
  • Data Ownership: You own your data completely—we are just the custodian

To exercise these rights, contact us at support@schedulr.co.uk. We will respond within 30 days.

7. GDPR Compliance

Schedulr is fully compliant with the General Data Protection Regulation (GDPR). This means:

  • We process your data lawfully, fairly, and transparently
  • We only collect data for specified, explicit, and legitimate purposes
  • We limit data collection to what is necessary
  • We keep your data accurate and up to date
  • We store data only as long as necessary
  • We ensure appropriate security of your data
  • You have the right to access, rectify, erase, restrict, and port your data

If you are located in the European Economic Area (EEA), you have additional rights under GDPR. Please contact us to exercise these rights.

8. Data Retention Policies

We retain your data only as long as necessary:

  • Account Data: Retained until you delete your account
  • Group Data: Retained until you leave the group or it's deleted
  • Usage Data: Retained for 12 months for analytics and improvement
  • Subscription Data: Retained as required by law (typically 7 years for tax purposes)
  • AI Queries: Processed and immediately deleted (OpenAI may retain for 30 days for abuse prevention)

Upon account deletion, all data is permanently removed within 30 days, except where retention is required by law.

9. Children's Privacy

Schedulr is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. Changes to Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to users via email or in-app notification. The "Last updated" date at the top indicates when changes were made.

11. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

Email: support@schedulr.co.uk

For data protection inquiries, please include "Privacy Request" in your subject line.