— Legal
Privacy policy#
Last updated: 2026-05-26. Effective from this date for all users.
This policy describes how Caledee ("we", "us", "the service") handles personal data when you sign up, configure scheduling, or book a meeting through a Caledee link.
We try to keep this short and honest. If anything is unclear, write to privacy@caledee.com.
Who we are#
Caledee is operated by Galaxee (France). Contact:
- Email: privacy@caledee.com
- Postal: to be added — please email for the current address
For the purpose of the GDPR (EU regulation 2016/679) and the French Loi Informatique et Libertés, Galaxee is the data controller for the personal data described below.
What we collect, and why#
When you sign up as a host#
- Account: name, email, hashed password (bcrypt), chosen URL handle, timezone, optional display photo URL.
- Authentication: optional OAuth tokens from Google / Microsoft / Zoom (encrypted at rest with AES-256-GCM) to read your free/busy and create events. We never read the bodies of your calendar events — only their time ranges, to find conflicts.
Purpose: provide the scheduling service and write meetings on your calendar at your request. Legal basis: performance of the contract (Art. 6(1)(b) GDPR).
When someone books a meeting with you#
- Invitee: name and email entered on the booking form, the chosen time, optional answers to the host's custom questions, optional phone number for SMS reminders (only if the invitee opts in).
- Booking metadata: timestamps, status (active / canceled / rescheduled / no-show), location kind.
Purpose: create and deliver the booking. Legal basis: performance of the contract between the host and the invitee, facilitated by Caledee acting as data processor for the host.
Payments (Pro / Team / paid event types)#
- Stripe: when a host upgrades, or an invitee pays at booking time, payment is handled by Stripe. We store only an opaque Stripe customer / subscription / payment-intent ID. No card details touch our servers.
Legal basis: performance of the contract.
Lead capture (details-first booking flow)#
Some hosts enable a mode where you provide your name, email, and answers to custom questions before seeing available time slots. If you then leave without booking, we retain your details for up to 90 days so the host can follow up.
- What we store: name, email, timezone, answers to custom questions, the event type you visited.
- Legal basis: legitimate interest of the host in knowing who attempted to book (Art. 6(1)(f) GDPR).
- Retention: unconverted leads are automatically deleted after 90 days by an automated cleanup job.
- Your rights: you may request deletion at any time by emailing privacy@caledee.com.
A transparency notice is shown on the booking form when this mode is active.
Waitlist#
When all time slots are taken, you may choose to join a waitlist. We store your name, email, timezone, and preferred slot. When a slot opens, we email you a time-limited claim link (15 minutes).
- Legal basis: consent — you actively choose to join the waitlist.
- Retention: waitlist entries are kept until you book, the entry expires, or you cancel. Expired entries are kept for 90 days for analytics, then deleted.
Platform commission on paid bookings#
When an invitee pays for a booking (e.g., a paid consultation), Caledee may retain a platform fee from the payment amount (currently 3% for hosts on the Free plan; 0% on paid plans). This fee is collected automatically by Stripe as an application_fee_amount on the host's connected account. No additional personal data is collected for this — it uses the same Stripe payment data described above.
Technical data#
- Server logs: IP address, timestamp, request path, user agent. Kept 30 days, used to detect abuse and debug incidents.
- Cookies: a single first-party session cookie after login (
__Host-...), plus aNEXT_LOCALEcookie remembering your language. No third-party trackers. No analytics that identify you.
Legal basis for logs: legitimate interest in operating the service securely (Art. 6(1)(f) GDPR).
Who we share data with#
We use the following sub-processors. Each is bound by a data-processing agreement.
| Sub-processor | Purpose | Region |
|---|---|---|
| Hostinger | Hosting (VPS in Paris, FR) | EU |
| Resend | Transactional email delivery | EU (Ireland) |
| Stripe | Payments processing | EU + US |
| Sentry | Error monitoring | EU |
| OVH | DNS and the email-redirect mailbox | EU (FR) |
| Twilio (if SMS enabled) | SMS reminders | EU/US |
| Google / Microsoft / Zoom (if connected) | Calendar + conferencing for the host who connected | US/EU per provider |
| GitLab | Source code hosting + CI for our own development; no user data | EU (FR) |
We do not sell or rent personal data. We do not run ad targeting.
Where the data is stored#
The primary database and application servers run in Paris, France (Hostinger datacenter). Backups stay in the EU. Some sub-processors (Stripe US wallet, Google) may transfer to the US under their respective Standard Contractual Clauses + Data Privacy Framework certifications.
How long we keep it#
- Account data: kept while your account is active. After you delete your account, removed within 30 days from primary systems; encrypted backups age out after 90 days.
- Bookings: kept for the duration of the contract with the host + 3 years for accounting / dispute defense.
- Stripe records: kept by Stripe per their legal retention (typically 10 years for accounting).
- Server logs: 30 days.
- Sentry error logs: 90 days.
- Lead captures (unconverted): 90 days, then automatically purged.
- Waitlist entries (expired): 90 days, then automatically purged.
Your rights (Art. 15–22 GDPR)#
You can at any time, free of charge:
- Access the data we hold about you
- Rectify inaccurate data
- Delete your account and associated data (subject to legal retention listed above)
- Restrict processing
- Port your data in a machine-readable format
- Object to processing on legitimate-interest grounds
- Withdraw consent for non-essential processing at any time
Hosts can do most of this directly from Settings → Danger zone (account deletion + data export). Otherwise, email privacy@caledee.com — we'll respond within 30 days.
If we ever disagree, you can complain to your local data-protection authority (in France: the CNIL).
Security#
We follow the practices documented in docs/rules/security.md of our codebase. Notable choices:
- All public surfaces over HTTPS (Let's Encrypt, auto-renewing).
- Passwords hashed with bcrypt (cost 12).
- OAuth tokens and other secrets encrypted at rest (AES-256-GCM).
- Webhook payloads signed (HMAC-SHA256, 5-min replay window).
- Server hardened (fail2ban, key-only SSH, no root password).
- Defense in depth: rate limiting, CSRF protection on mutations, parameterized SQL via Prisma.
Despite all of this, no system is unbreakable. If we believe your data was exposed, we will notify you within 72 hours of becoming aware, per Art. 33 GDPR.
Children#
Caledee is not intended for users under 16. We don't knowingly collect data from minors. If you believe a child has signed up, email us and we'll remove the account.
Changes to this policy#
When this policy changes materially, we'll notify users by email at least 14 days before the new version takes effect. Older versions are archived on this page's git history at gitlab.com/galaxee-group/caledee.