MiCal
Home Terms

Privacy Policy

Last updated: May 17, 2026

Overview

MiCal ("we," "our," or "us") is a calendar bridging service that connects multiple calendar providers to help you synchronize events and manage scheduling. We take your privacy seriously. This policy explains what data we collect, how we use it, and how we protect it.

What We Collect

Account Information: When you sign up via Google or Microsoft OAuth, we receive your email address, name, and profile information from the provider. We use this to create your account and identify you.

Calendar Data: With your explicit permission, we access calendar event metadata (titles, times, locations, attendees) to perform synchronization. We do not read the content of event descriptions unless necessary for sync operations.

Contacts: With your explicit permission, MiCal reads your Google Contacts and "Other contacts" (via the Google People API) and your Microsoft contacts (via Microsoft Graph) solely to suggest email addresses when you are sending an invitation — for meeting polls, family/team group invites, and booking-page recipients. Contacts are fetched fresh from the provider on demand each time you open a recipient picker and are returned to your browser for autocomplete only. MiCal servers do not store or persist your contact data, it is never shared with third parties, and it is never used to train AI/ML models. Access ends the moment you disconnect the account.

OAuth Tokens: We store encrypted refresh and access tokens for connecting to your calendar providers. These are encrypted at rest using AES-256-GCM encryption.

Usage Data: We collect basic operational data such as sync run logs, error reports, and API request timestamps to maintain service reliability.

How We Use Your Data

  • To synchronize events between your connected calendars according to your configured rules
  • To power public booking pages that you choose to create and share
  • To send operational notifications (sync failures, account issues)
  • To improve service performance and reliability

We do not sell your data. We do not use your calendar data for advertising. We do not train AI models on your data.

Data Storage & Security

Your data is stored in Turso (libSQL) databases with encryption at rest. OAuth tokens are encrypted with AES-256-GCM using keys stored separately from the database. Sessions are secured with HMAC-signed cookies.

All data transmission occurs over TLS (HTTPS). We use timing-safe comparisons for authentication checks.

Third-Party Services

We integrate with Google (Calendar and Contacts) and Microsoft (Outlook Calendar and Contacts). Your use of these services is governed by their respective privacy policies. We request only the minimum scopes necessary for the features you use — reading calendars to build your merged schedule and availability, writing events when you take a booking or resolve a poll, and reading contacts for recipient autocomplete. MiCal's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Your Rights

You may disconnect calendar integrations, delete your account, or request a copy of your data at any time by contacting us. Account deletion removes all personal data within 30 days.

Contact

For privacy questions or data requests, contact: privacy@mical.net

MiCal — Calendar infrastructure for modern professionals.