Legal

Privacy Policy

Last updated: April 2, 2026

1. Introduction

At Schedulr, we take your privacy seriously. This Privacy Policy explains how we collect, use, protect, and handle your information when you use our group scheduling application. We are committed to maintaining strict data controls and ensuring your privacy is protected.

2. Data Collection

We collect the following types of information:

  • Account Information: Email address, username, and authentication credentials
  • Group Data: Group names, descriptions, and membership information
  • Usage Data: How you interact with the app, features used, and performance metrics
  • Device Information: Device type, iOS version, and app version
  • Subscription Data: Subscription status and purchase history (handled by RevenueCat)

Important: We do NOT collect or store your calendar data. Calendar access is read-only and all calendar data remains on your device.

2.1. Cookies and Tracking

We do not use cookies or tracking technologies. Schedulr is a privacy-first application that does not set, store, or use cookies for any purpose, including user tracking, session management, advertising, or third-party tracking services.

Our web presence (marketing website) is a static informational site that does not set cookies.

3. How Data is Used

We use your data to:

  • Provide and improve our scheduling services
  • Sync your groups and availability across devices
  • Process AI queries through Scheduly
  • Manage your subscription and provide customer support
  • Send you important updates and notifications (with your consent)
  • Ensure service security and prevent fraud

We do not sell your data to third parties. We do not use your data for advertising purposes.

4. Third-Party Services

Schedulr uses the following third-party services. Each service has strict data controls and privacy measures:

Supabase

Purpose: Database and backend service for storing user accounts, groups, and scheduling data.

  • Row Level Security (RLS) policies are enforced at the database level — users can only access their own data
  • All data is encrypted at rest and in transit
  • Strict access controls and authentication required for all data access
  • EU/US hosting options available for data residency requirements

Apple Calendar

Purpose: Read-only calendar access for checking availability.

  • Read-only access only — we cannot modify or create calendar events
  • Calendar events are stored securely on Supabase with RLS policies
  • All calendar data is encrypted at rest and in transit
  • You can revoke calendar access at any time in iOS Settings

OpenAI

Purpose: Powers the Scheduly AI assistant for natural language scheduling queries.

  • Only query text is sent for processing — no user IDs or personal information
  • No user identification is stored with queries
  • Queries are automatically deleted after processing per OpenAI's retention policies

RevenueCat

Purpose: Subscription management and payment processing.

  • Only subscription-related data is shared (subscription status, purchase history)
  • Data is anonymized where possible
  • Payment processing is handled securely through Apple's App Store

5. Security Measures

We implement multiple layers of security to protect your data:

  • Row Level Security (RLS): Database-level policies ensure users can only access their own data
  • End-to-End Encryption: Sensitive data is encrypted in transit using TLS/SSL protocols
  • Strict Access Controls: Authentication and authorization required for all data access
  • Regular Security Audits: We conduct regular security reviews and compliance checks
  • Data Minimization: We only collect and store the minimum data necessary for functionality

6. User Data Controls

You have complete control over your data. We respect the following rights:

  • Right to Access: You can access all your data through the app or by contacting us
  • Right to Deletion: You can request deletion of your account and all associated data
  • Right to Data Portability: You can export your data in a machine-readable format
  • Right to Opt-Out: You can opt out of non-essential data sharing
  • Data Ownership: You own your data completely — we are just the custodian

To exercise these rights, contact us at support@schedulr.co.uk. We will respond within 30 days.

7. GDPR Compliance

Schedulr is fully compliant with the General Data Protection Regulation (GDPR):

  • We process your data lawfully, fairly, and transparently
  • We only collect data for specified, explicit, and legitimate purposes
  • We limit data collection to what is necessary
  • We keep your data accurate and up to date
  • We store data only as long as necessary
  • We ensure appropriate security of your data
  • You have the right to access, rectify, erase, restrict, and port your data

8. Data Retention Policies

We retain your data only as long as necessary:

  • Account Data: Retained until you delete your account
  • Group Data: Retained until you leave the group or it's deleted
  • Usage Data: Retained for 12 months
  • Subscription Data: Retained as required by law (typically 7 years for tax purposes)
  • AI Queries: Processed and immediately deleted (OpenAI may retain for 30 days for abuse prevention)

8.1. Automated Database Cleanup

To maintain database performance, Schedulr includes an automated cleanup system that periodically removes old data:

  • Calendar Events: Events older than 90 days are automatically deleted from our database (your Apple Calendar is not affected)
  • AI Usage Records: Monthly records older than 6 months are deleted
  • AI Conversations: Conversations inactive for 6 months are deleted

If you have concerns about data retention or wish to export your data, contact us at support@schedulr.co.uk.

9. Children's Privacy

Schedulr is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. Changes to Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to users via email or in-app notification. The "Last updated" date at the top indicates when changes were made.

11. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

Email: support@schedulr.co.uk

For data protection inquiries, please include "Privacy Request" in your subject line.