Privacy Policy

1. What We Collect

We collect the following information when you use Family Calendar:

• Account information: Name, email address, and password (stored as a secure hash)
• Calendar events: Event titles, dates, times, locations, and notes from connected Google Calendar and Outlook accounts
• Medical appointment data: Appointment dates, times, types, and provider names from connected Epic MyChart accounts
• OAuth tokens: Access and refresh tokens for Google, Microsoft, and Epic — stored encrypted and used only to sync data on your behalf
• Quick Wins: Personal task lists you create within the app
• Usage data: Basic analytics (page views, errors) to improve the service — no advertising profiles

2. How We Use Your Data

We use your data solely to provide and improve Family Calendar:

• Displaying your calendar events in the Family Calendar interface
• Syncing changes you make back to your Google/Outlook calendars
• Generating AI-powered daily briefings and suggestions (via Anthropic Claude API)
• Sending you product-related emails (never marketing without consent)

We do not sell, rent, or share your personal data or calendar data with third parties for advertising or commercial purposes.

3. Health and Appointment Data

When you connect a MyChart account, we access only confirmed appointment scheduling information through the Epic SMART on FHIR API. We do not access:

• Medical records or clinical notes
• Diagnoses or conditions
• Medications or prescriptions
• Lab results or imaging

Appointment data is stored in our encrypted database and displayed only to you and members of your family workspace. It is never shared externally.

4. Data Storage and Security

All data is stored on Neon.tech PostgreSQL infrastructure hosted in the United States. We use the following security measures:

• HTTPS-only communication (TLS 1.2+)
• Encrypted database connections
• OAuth tokens stored encrypted at rest
• Passwords stored as bcrypt hashes (never plaintext)
• Access controls — family members can only see their own family's data

5. Third-Party Services

Family Calendar uses these third-party services, each of which may process your data per their own policies:

• Vercel — hosting and CDN
• Neon.tech — PostgreSQL database hosting
• Google LLC — Google Calendar integration and Google OAuth login
• Microsoft Corporation — Outlook integration and Microsoft OAuth login
• Epic Systems Corporation — MyChart appointment data via SMART on FHIR
• Anthropic — Claude API for AI briefing generation (event summaries are sent; no persistent storage by Anthropic per their API policy)

6. Cookies

We use only functional cookies necessary for authentication (session tokens). We do not use tracking, advertising, or analytics cookies. You can disable cookies in your browser, but doing so will prevent you from logging in.

7. Your Rights

• Access: Request a copy of all data we hold about you
• Correction: Update your name, email, or color via Settings
• Deletion: Delete your account and all data via Settings → Delete Account, or email us
• Disconnect: Remove any connected calendar (Google, Outlook, MyChart) at any time from Settings → Connected Calendars
• Portability: Export your events data in JSON format via Settings → Export Data

Deletion requests are processed within 30 days. MyChart disconnection removes cached appointment data immediately.

8. Children's Privacy

Family Calendar is not directed at children under 13. Children's appointments may be managed by a parent or guardian within the family workspace, but accounts must be created by adults.

9. Contact Us

For privacy inquiries or data requests: