Privacy Policy

Last Updated: December 27, 2025

1. Introduction

Google Calendar Event Checker ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Chrome extension and associated services. CalCheckr is a product name, not a separate legal entity, and the Service is operated by the individual owner of the calcheckr.com domain.

Who We Are

Google Calendar Event Checker is operated by the owner of the calcheckr.com domain (“CalCheckr”). For users in the EU or UK, that operator acts as the data controller for the personal information described here. You can reach our privacy team at support@calcheckr.com.

2. Information We Collect

2.1 Information You Provide

Google Account Information: When you authenticate with Google OAuth, we receive your email address and user ID.
Email Communications: We store your email address in our database to manage your account, send important service notices, and—when you opt in—send product updates, newsletters, and new release announcements. You can unsubscribe from non-essential emails at any time.
Payment Information: Payment processing is handled securely by Stripe. We do not store credit card numbers or sensitive payment data.

2.2 Information We Access

Google Calendar Data: We access your calendar list and calendar events to provide our core functionality.
Event Modifications: We modify event titles only when you explicitly take an action in the extension (such as marking an event complete or incomplete).
Calendar Identifiers: We store the calendar IDs needed to retrieve and display your events. Your primary Google Calendar ID is often your Google account email address. We use these identifiers only to request data from Google on your behalf; we do not store or access any event content. Calendar IDs are treated as functional identifiers only and are not used to infer personal information or for any purpose unrelated to retrieving events you choose to display.

2.3 Automatically Collected Information

Usage Data: We collect minimal usage data for debugging, performance monitoring, and aggregated analytics on our public landing pages. Our website uses Cloudflare Web Analytics, a privacy-first analytics service that does not use cookies, does not track users across sites, and collects only aggregated metrics (page views, referrers, device types) that cannot identify individual visitors.
Session Data: We maintain session information to keep you authenticated.
Security Information: For fraud prevention and account security, we collect device information including browser type and version, operating system, language settings, timezone, and IP address. When possible we store only a hashed, non-reversible version. In rare cases—such as bot detection or rate-limit abuse—we may temporarily retain a raw IP address solely to identify and block malicious activity. Raw IPs are never linked to your Google Calendar content and are deleted once they are no longer needed for security purposes.
Workspace console sessions: When accessing the workspace admin console, we collect device fingerprint data (browser details, operating system, language settings, timezone) to protect sessions from unauthorized access. Session data is automatically deleted after a short period; suspicious changes may trigger session rotation or revocation.
Extension Preferences: Your toggle selections (such as whether you want emojis or strikethroughs) and premium entitlement flags are stored in browser storage so the extension can behave consistently across sessions.

2.4 Optional Diagnostics (Sentry)

The Enable reporting toggle in the extension options controls whether we send crash diagnostics to Sentry. When the toggle is off (default), monitoring is fully disabled. When you opt in, we send device metadata (browser version, operating system, language, and extension version) along with sanitized error stack traces so we can resolve bugs faster. We strip navigation URLs and event identifiers before sending so that Sentry never receives Google Calendar content or personal profile information.

2.5 Workspace Data

When you use the workspace admin console, we process workspace-level information including your Google Workspace domain, manager contact details, subscription status, billing information, and seat allocation data. We maintain a workspace member list showing email addresses, seat assignments, and account status for users who have signed in to the extension, enabling the workspace manager to manage access. This member list is visible only to the workspace manager through the admin console. Workspace member lists include only users who have individually authenticated with the extension and do not include directory-wide listings.

Workspace Roles: When a workspace license is used, the workspace manager acts as the administrator for seat management and billing purposes. Individual workspace users remain the data subjects for their personal Google account data and calendar access. The workspace manager cannot access users' calendar content or OAuth tokens through the Service. Workspace subscription managers are designated based on user confirmation during onboarding and are not verified against Google Workspace administrative roles.

The workspace manager cannot view, access, or retrieve calendar events, calendar metadata, OAuth tokens, or event content belonging to workspace users. The workspace manager can view only the email addresses and seat status of users within their own verified domain and cannot access data across other domains or personal Google accounts.

3. How We Use Your Information

We use your information solely to:

Authenticate your Google account and maintain your session
Display your calendar events in the extension popup
Mark calendar events as complete/incomplete based on your actions
Process premium subscription payments through Stripe
Protect your account from unauthorized access and fraudulent activity
Provide customer support and respond to your inquiries
Improve and debug our service, including optional error diagnostics when you enable reporting
Send optional newsletters, feature announcements, and product updates when you opt in

When you sign in to the workspace admin console, we securely communicate your workspace subscription status to the extension so it can enable appropriate features. No calendar content is shared in this process.

We do not use Google user data for advertising, profiling, or selling to third parties.

Legal Bases for Processing (EEA/UK Users)

Where GDPR or UK GDPR applies, we rely on the following lawful bases to process personal information:

Performance of a contract: To deliver the extension features you request.
Consent: When you opt in to optional diagnostics or marketing emails.
Legitimate interests: To secure accounts, prevent fraud, and improve the Service in ways that do not override your rights.
Legitimate interests (workspace administration): To manage organization-owned subscriptions, seat allocation, access control, and billing for Google Workspace licenses.
Legal obligations: To comply with applicable tax, accounting, or regulatory requirements.

You may withdraw consent at any time.

4. Data Storage and Security

We store only the information needed to deliver the extension, such as OAuth tokens, session details, subscription status, and your selected preferences. We never store your calendar event titles, descriptions, attendees, invitees, or other event content on our servers. Extension options and premium status are saved locally in Chrome storage so they are deleted when you uninstall or clear your browser data. Server-side data lives in Google Cloud Firestore, travels over secure (HTTPS) connections, and is protected with role-based access controls and encryption at rest. We generate non-personal, hashed device identifiers to help detect suspicious login activity.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security of your data. You acknowledge that you use the Service at your own risk. You are responsible for maintaining the confidentiality of your Google account credentials and for notifying us promptly if you suspect unauthorized use.

5. Data Sharing and Third Parties

We do not sell or rent your personal information or share it for cross-context behavioral advertising. We share limited data only with service providers that support the extension:

Google: For authentication and Google Calendar API access
Stripe: To process premium subscription payments. Stripe supplies us with billing status, card brand, and the last four digits for receipts, but we never receive full payment credentials.
Sentry: Error monitoring that activates only when you turn on the Enable reporting toggle. Sentry receives device diagnostics and redacted stack traces so we can investigate crashes without learning anything about your calendar contents.
Cloudflare: Our website uses Cloudflare Web Analytics to measure aggregated site traffic. Cloudflare does not set cookies, does not track users across sites, and does not collect personally identifiable information. Data is used solely for understanding website performance and is automatically deleted after one year.

Our public website may link to other resources (for example, Stripe or support documentation). Those sites have their own privacy practices, so please review them before sharing information.

We may also disclose information if required by law, court order, or governmental request, or if we believe in good faith that such disclosure is necessary to protect our rights, investigate fraud, or ensure the safety of users. We do not use or share your data for advertising, marketing, profiling, or training AI models.

International Data Transfers

We operate primarily from the United States and may process data on servers located there or in other countries where our service providers operate. By using the Service you acknowledge that your information may be transferred to jurisdictions that may not provide the same level of protection as your home country. When required, we rely on Standard Contractual Clauses or other legally recognized safeguards to facilitate those transfers.

6. OAuth Scopes and Permissions

Our extension requests the following Google OAuth scopes:

calendar.calendarlist.readonly: Read-only access to your calendar list to display available calendars
calendar.events: Access to create, read, update calendar events (used only to modify event titles with completion markers)
userinfo.email: Your email address for user identification and account management

We only use these permissions for the stated purposes and never access data beyond what's necessary for the extension's functionality.

Google API Limited Use Disclosure: Our use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

7. Data Retention

We keep your data only as long as necessary to provide the Service. OAuth tokens are removed when you revoke the extension's access from your Google Account settings, while signing out clears only the local session data. Subscription records may be retained while your subscription is active and for a short period afterward for operational needs. Local extension storage (such as option toggles and premium flags) is controlled by your browser and is deleted automatically when you uninstall the extension or clear Chrome sync data.

Workspace manager sessions are automatically terminated after a short period of inactivity for security. Workspace member list and billing records are retained while the workspace subscription is active and as required by law or accounting practices thereafter. When a workspace subscription is cancelled, we may retain workspace-related data (such as member email addresses and seat assignments) for as long as reasonably necessary to support billing reconciliation, account recovery, dispute resolution, fraud prevention, and legal compliance. We do not use retained workspace data for active service delivery once a subscription is no longer active. Optional Sentry diagnostics are retained for up to 90 days and consist solely of anonymized device information.

If you subscribe to optional newsletters, we retain your email address for that purpose until you unsubscribe.

8. Your Rights and Choices

You have the right to:

Access: Request a copy of your data
Deletion: Request deletion of your account and associated data (sign out to revoke tokens)
Revoke Access: Disconnect the extension at any time via Google Account permissions or at https://myaccount.google.com/permissions
Uninstall: Uninstalling the extension immediately stops all data access and removes local storage

California residents are entitled to exercise these rights without discrimination, and EU/UK residents may also lodge a complaint with their local supervisory authority if they believe we have processed data in violation of applicable law.

By supplying information about other individuals (for example, if you email us on someone's behalf) you confirm that you have their authorization to do so.

To exercise these rights, contact us at: support@calcheckr.com

9. Cookies and Tracking

We use essential session cookies to authenticate users and maintain secure sessions. These include cookies for the extension authentication flow and workspace admin console access. All authentication cookies are configured with security best practices (HttpOnly, Secure flags) and automatically expire after a short period. Temporary cookies are also used during OAuth authentication and are deleted immediately after completing the sign-in process.

You can view specific cookie names and settings in your browser's developer tools. We do not use cookies for tracking or advertising purposes.

Our website analytics (Cloudflare Web Analytics) operates without cookies and does not track individual users. You can adjust your browser settings to control cookie preferences.

The Service currently does not respond to "Do Not Track" signals because there is no industry-standard way to interpret them, but you can use browser settings or extensions to limit tracking technologies.

10. Children's Privacy

Our service is not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

11. Email Communications and Opt-Out

We may send essential transactional emails (such as welcome messages, onboarding information, service notices, trial reminders, and security alerts) without a separate opt-in because these are required to operate your account.

When you sign up or start a trial we may send onboarding tips, release notes, and promotional updates. You may opt in to receive newsletters and similar announcements. Every non-essential email includes an unsubscribe link. Even if you unsubscribe, we may continue sending required transactional emails (such as receipts, security alerts, or important service notices).

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Please review it periodically—your continued use of the service after changes constitutes acceptance of the updated policy. This Policy is interpreted in accordance with applicable laws, and nothing in it limits your rights under those laws.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: support@calcheckr.com
Website: https://calcheckr.com

Home | Terms of Service