Privacy Policy

Controller within the meaning of Art. 4 No. 7 GDPR:
PPJ Venture Labs UG (haftungsbeschränkt)
Barellistr. 3b, 80638 Munich, Germany
Email: paul@kalender-sync.de
Phone: +49 174 3361564

Calendar synchronization (core service): Kalender Sync synchronizes only free/busy availability between your calendars. No event details (titles, attendees, notes, locations, descriptions) are transferred or permanently stored. We process:

• Your email address (for account creation and login)
• OAuth tokens for Google and Microsoft (we never see your password)
• Encrypted app-specific passwords for iCloud/KSuite (ChaCha20-Poly1305)
• Calendar metadata (calendar names, IDs, colors)
• Event time slots and free/busy status only

Website: When you visit our website, we process server log data (IP address, browser type, requested page, timestamp). If you consent, we use Google Analytics for anonymous usage statistics.

Contact form and emails: When you contact us, we process your name, email address, and message content to respond to your inquiry.

• Art. 6(1)(b) GDPR — Performance of contract: Processing your calendar data is necessary to provide the synchronization service.
• Art. 6(1)(a) GDPR — Consent: Google Analytics is only activated with your explicit consent via our cookie banner.
• Art. 6(1)(f) GDPR — Legitimate interest: Server logs for security and error diagnosis.

• Hetzner Online GmbH (Nuremberg, Germany) — Server hosting. All data is stored and processed in Germany. Data processing agreement in place.
• Netlify Inc. (USA, EU-US Data Privacy Framework) — Hosting of the marketing website (kalender-sync.de). No personal data from the app is processed here.
• Brevo (Sendinblue) (Paris, France) — Transactional emails (login links, sync notifications). Data processing agreement in place.
• Google Analytics (optional, consent-based) — Anonymous website usage statistics. IP anonymization enabled. Only activated with explicit consent.

We use the following cookies:

• klaro (essential) — Stores your cookie consent decision. Duration: 1 year. Provider: self-hosted.
• session (essential) — Authentication cookie for the app. Duration: session. Provider: self-hosted at Hetzner.
• _ga, _gid (optional, consent-based) — Google Analytics. Duration: _ga 2 years, _gid 24 hours. Only set with explicit consent.

You have the right to:

• Access (Art. 15) — Request information about your stored personal data
• Rectification (Art. 16) — Correct inaccurate data
• Erasure (Art. 17) — Delete your account and all data (available in the app under Settings)
• Restriction (Art. 18) — Restrict processing of your data
• Data portability (Art. 20) — Export your data (available in the app under Settings)
• Objection (Art. 21) — Object to processing based on legitimate interest

To exercise your rights, contact us at paul@kalender-sync.de.

Your account data is retained as long as your account is active. When you delete your account, all personal data, calendar connections, sync configurations, and event mappings are permanently deleted within 24 hours. Server logs are retained for 7 days.

We provide a data processing agreement (Auftragsverarbeitungsvertrag) per Art. 28 GDPR upon request. Contact us at paul@kalender-sync.de.

You have the right to lodge a complaint with a supervisory authority. The competent authority is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18, 91522 Ansbach, Germany
Website: lda.bayern.de