CalPilot reads your iCal feeds and writes events into your Google Calendar. That's an unusual amount of trust. Here's what we do — and what we will never do — with that access.
No part of your Google Calendar, your iCal feeds, or your synced events is used to train any AI or machine-learning model. Not ours, not anyone else's. This is a Google API compliance requirement and a commitment we extend beyond Google data.
When you give CalPilot access to a Google Calendar, we read, modify, and delete only events with our internal extended-properties tag — the ones we synced from your iCal feeds. We never read, modify, or store events that were already on your calendar before CalPilot got there.
Not to advertisers. Not to data brokers. Not to anyone. The only entities that touch your data are listed in our Privacy Policy, and each is a contracted infrastructure provider (Supabase, Vercel, Stripe, Resend, Sentry) under strict data-processing agreements.
CalPilot doesn't use session replay, heat maps, cross-site tracking, or any behavioral-analytics SDK. Server logs (IP, browser, request timestamp) exist for security and are deleted after 30 days.
Settings → Danger Zone → Delete My Account removes every CalPilot-created event from your Google Calendar, revokes our OAuth grant, and wipes your CalPilot data. You can also email support@mycalpilot.com from your account email.
Data lives in Supabase Postgres on AWS with disk-level encryption. All traffic is TLS 1.2+. OAuth tokens are stored securely and used only for the calendar operations you configured.
The complete contract is our Privacy Policy — particularly Section 2 (Google API Services: Limited Use Disclosure) and Section 7 (Data retention & deletion). The Terms of Service covers the legal side of using the product.
Questions? support@mycalpilot.com