Legal

Privacy Policy

Effective date: April 19, 2026

Last updated: April 19, 2026

CalPilot is built on the principle that your data is yours. We collect only what we need to provide the service, we do not sell it, and we do not share it with advertisers. This policy explains exactly what data we collect, why, how we use it, how we protect it, and how you can delete it.

1. Who we are

CalPilot is a web application at mycalpilot.com that automatically syncs read-only iCal/webcal calendar subscriptions — from sources such as GameChanger, TeamSnap, Planning Center, school calendars, and church calendars — into Google Calendar with custom labels and formatting. CalPilot is independent and not affiliated with Google, GameChanger, TeamSnap, Planning Center, or any other third-party service mentioned.

2. Google API Services: Limited Use Disclosure

CalPilot's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, CalPilot commits to the following Limited Use practices:

We only use Google user data to provide the user-facing features of CalPilot (calendar syncing).
We do not transfer Google user data to third parties except (a) to provide or improve user-facing features, (b) when required by law, or (c) as part of a merger, acquisition, or sale of assets with notice to users.
We do not use Google user data for advertising, including personalized, retargeted, or interest-based advertising.
We do not use Google user data to train generalized or non-personalized AI or machine-learning models. We do not share Google user data with any AI/ML training systems.
We do not allow humans to read Google user data except (a) with your explicit consent (e.g., for support you requested), (b) when necessary for security purposes such as investigating abuse or a bug, or (c) when required by law.
We do not sell Google user data under any circumstances.

3. Information we collect

3a. Data from Google OAuth

When you sign in with Google, we receive and store the following:

Profile information: Your name, email address, Google account ID, and profile photo URL (for display in the app)
OAuth tokens: A refresh token and access token that allow CalPilot to create, update, and delete calendar events on your behalf, and read your calendar list

3b. Google Calendar data

CalPilot uses the following Google API scopes and accesses the following data:

Scope	Purpose	What we access
openid, email, profile	Sign you in and identify your account	Your Google account ID, email, name, profile photo
calendar.readonly	Show you the list of your Google Calendars so you can pick which one to sync events into	Metadata of your Google Calendars (calendar names/IDs) — no event content
calendar.events	Create, update, and delete calendar events on your behalf	Only events CalPilot has created in calendars you designate

Important: CalPilot only reads, modifies, or deletes events that CalPilot itself has previously created as part of your configured Flight Plans. We do not read, collect, or store events that were already in your Google Calendar before CalPilot created them.

3c. Schedule source data

URLs or identifiers for the iCal/webcal feeds you configure (e.g., GameChanger team links, TeamSnap calendar URLs, school iCal URLs)
The event data contained in those feeds (titles, times, locations) — read in order to sync to Google Calendar
Your sync configuration settings (prefix, frequency, lookback/lookahead windows)

3d. Account and payment data

Payment information: Processed by Stripe. We store only a Stripe customer ID and your current subscription status. We never see or store your credit card number, CVV, or bank details.
Terms acceptance timestamp: The date and time you accepted our Terms of Service and Privacy Policy.

3e. Operational data

Sync logs: Timestamps, event counts, success/failure status for each sync operation (to help you troubleshoot and for us to maintain service reliability)
Error logs: Technical error details when something fails, which may include Google API error responses
Basic server logs: IP address, browser type, and request timestamps (standard web server logs, retained for security purposes)

We do not use behavioral analytics, user tracking, session replay, or cross-site tracking.

4. How we use your information

We use the data described above only to:

Authenticate you and maintain your account
Sync events from your configured iCal/webcal sources into your Google Calendar
Keep those events updated when the source changes
Remove events you've told us to remove (Revert Sync, Ground Flight Plan, Delete Account)
Process subscription payments via Stripe
Send transactional emails you've opted into (sync failures, subscription confirmations)
Diagnose technical issues and prevent abuse
Respond to your support requests
Comply with legal obligations

We do not use your data for:

Advertising of any kind
Building user profiles for any purpose other than operating your CalPilot account
Training AI or machine-learning models
Selling or renting to third parties
Analytics that track you across other websites

5. Data storage and security

Your data is stored in a Supabase-hosted PostgreSQL database on AWS with encryption at rest and encryption in transit (TLS 1.2+). All traffic between your browser and CalPilot uses HTTPS. Google OAuth tokens are stored securely and are used only to perform the calendar operations you have configured.

Access to the production database is limited to CalPilot's administrator(s). We do not permit third parties (other than the infrastructure providers listed below) to access your data.

We use industry-standard practices to protect your data, but no system is perfectly secure. If we become aware of a breach affecting your data, we will notify you as required by applicable law.

6. Third-party services (subprocessors)

CalPilot uses the following services to operate. Each is bound by its own privacy policy and has agreed to appropriate data-protection terms:

Google (OAuth + Google Calendar API) — governed by Google's Privacy Policy
Supabase (database + auth) — supabase.com/privacy
Vercel (hosting) — vercel.com/legal/privacy-policy
Stripe (payments) — stripe.com/privacy
Sentry (error monitoring) — sentry.io/privacy. Error reports may include technical details about failed requests, which may include your user ID. We have configured Sentry to scrub personal data where possible.

We do not sell, rent, or share your personal information with any other third parties, except as required by law or as part of a merger/acquisition with notice to you.

7. Data retention and deletion

7a. How long we keep your data

Active accounts: We retain your data for as long as your account is active.
Canceled subscriptions (account still exists): Your data is retained so you can re-activate or download it.
Deleted accounts: We delete your data as described below.
Billing records: We are required to retain certain Stripe transaction records for tax and legal compliance (typically 7 years), but these contain no OAuth data, calendar data, or schedule data — only Stripe customer ID and transaction amounts.
Server logs: Retained for 30 days for security purposes, then automatically deleted.

7b. How to delete your account and data

Self-serve in-app deletion (preferred):

Sign in to mycalpilot.com
Go to Settings → Danger Zone → Delete My Account
Follow the confirmation steps

When you delete your account, CalPilot will:

Delete all events CalPilot has created in your Google Calendar
Revoke CalPilot's OAuth access to your Google account (equivalent to you removing access at myaccount.google.com/permissions)
Delete all your data from our database, including: your user record, Flight Plan configurations, sync history, user settings, OAuth tokens
Retain only a minimal compliance record (email address and deletion timestamp) in a separate log, solely to prove we honored the deletion request if asked

This process completes within minutes. A dedicated deletion instructions page is available at mycalpilot.com/delete-my-data.

Email fallback (if you can't sign in):

Email support@mycalpilot.com from the address associated with your account and we will delete your data within 30 days.

Revoking Google access without deleting your CalPilot account:

Visit myaccount.google.com/permissions and remove CalPilot. Note: this will stop syncing but will not delete your CalPilot account or the events already created in your calendar. To fully delete your data, use the in-app deletion flow above.

8. Your rights

You have the right to:

Access the personal data we hold about you
Correct inaccurate personal data
Delete your personal data (see section 7)
Port your data (receive a copy in a machine-readable format)
Withdraw consent at any time (by deleting your account or revoking OAuth access)
Object to certain uses of your data

California residents (CCPA/CPRA): You have the right to know, delete, correct, and opt out of the “sale” or “sharing” of personal information. CalPilot does not sell or share personal information as those terms are defined under California law.

EU/UK residents (GDPR): The legal bases for our processing are: (a) performance of a contract (providing the service), (b) your consent (for optional features), (c) legitimate interests (security, fraud prevention), and (d) legal obligation (tax records). You have the right to lodge a complaint with your local data protection authority.

To exercise any right, email support@mycalpilot.com.

9. Children's privacy

CalPilot is not directed at children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact support@mycalpilot.com and we will delete it promptly.

Note: CalPilot is frequently used by parents to sync their children's sports and school schedules. In that case, the parent is the CalPilot account holder and the child is the subject of the schedule — we do not create accounts for or collect information directly from children.

10. International data transfers

CalPilot's services are operated from the United States. If you are accessing CalPilot from outside the US, your data will be transferred to and processed in the US. By using CalPilot, you consent to this transfer. We rely on Standard Contractual Clauses and our subprocessors' Data Processing Agreements for cross-border transfers where applicable.

11. Changes to this policy

We may update this policy from time to time. If we make material changes — especially changes to how we use Google user data — we will notify you by email and/or an in-app notice and, where required by law, obtain your renewed consent before applying the changes to your existing data.

The “Last updated” date at the top of this policy indicates when it was most recently revised.

12. Contact us

CalPilot
Email: support@mycalpilot.com
Website: mycalpilot.com

For privacy-specific requests, please put “Privacy Request” in the subject line.