MicroCal
FeaturesHow it worksPricing
Sign inStart free

Privacy Policy

Last updated: May 26, 2026

MicroCal ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our calendar management service at microcalendar.com.au and related applications (collectively, the "Service").

Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

1. Information We Collect

Information you provide directly

  • Account information: name, email address, and password when you register for an account.
  • Profile information: profile photo and display preferences you optionally provide.
  • Booking information: when guests book meetings through your booking pages, we collect their name, email address, timezone, and any notes they provide.
  • Payment information: billing details are collected and processed directly by Stripe. We do not store your full credit card number. We store a Stripe customer ID and subscription status.
  • Communications: if you contact our support team, we retain those communications.

Information collected automatically

  • Calendar data: when you connect Microsoft 365 or Google Calendar, we sync your calendar events to provide our service. This includes event titles, descriptions, times, attendees, and recurrence information. We store this data to power the unified calendar view and availability checking features.
  • Usage data: pages visited, features used, and actions taken within the Service, collected to improve the product.
  • Device and log data: IP address, browser type, operating system, and referring URLs collected automatically when you use the Service.
  • Cookies: session cookies for authentication and preference cookies for settings like theme and timezone.

Information from third parties

  • Microsoft 365: when you connect your Microsoft account, we receive your profile information (name, email) and calendar data as authorized by the OAuth scopes you grant.
  • Google Calendar: when you connect your Google account, we receive your profile information and calendar data as authorized by the OAuth scopes you grant.

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service: sync your calendars, display unified calendar views, calculate availability, and facilitate meeting bookings.
  • Process payments: manage subscriptions, send billing receipts, and handle failed payment notifications through Stripe.
  • Send transactional emails: booking confirmations, cancellations, reminders, and account-related notifications (email verification, password reset).
  • Enforce access controls: determine subscription status, trial eligibility, and workspace membership to control feature access.
  • Improve the Service: analyze usage patterns to fix bugs and develop new features.
  • Ensure security: detect and prevent fraudulent activity, abuse, and unauthorized access.
  • Comply with legal obligations: respond to lawful requests from authorities where required.

We do not sell your personal information to third parties. We do not use your calendar data for advertising purposes.

3. Calendar Data

Because calendar data is sensitive, we want to be especially clear:

  • We sync your calendar events solely to provide the Service features you have enabled (unified view, availability checking, booking pages, calendar groups).
  • Calendar event data is stored in our database as a local cache of your external calendar. The source of truth remains with Microsoft or Google.
  • We do not share your calendar event data with other users unless you explicitly create a Calendar Group and invite them.
  • Members of a Calendar Group see event details only for the specific calendars you have added to that group.
  • Public Calendar Groups expose events as busy/free blocks to unauthenticated visitors — event titles and descriptions are not shown to unauthenticated users.
  • You can disconnect a calendar at any time. Disconnecting deletes the synced event data from our database.

4. How We Share Your Information

We share your information only in these circumstances:

  • Service providers: we use trusted third-party providers to operate the Service:
    • Stripe (payment processing)
    • Resend (transactional email delivery)
    • AWS S3 (profile photo storage)
    • Inngest (background job processing)
    • Vercel (hosting and infrastructure)
    • Neon (database)
    Each provider is bound by data processing agreements.
  • With your consent: we share information with third parties when you explicitly authorize it (e.g. connecting your Microsoft or Google account).
  • Workspace members: within a workspace, members can see each other's names, email addresses, and availability (busy/free status).
  • Calendar Group members: members of a group you create can see event details for the calendars you have added to that group, according to the permissions you set.
  • Legal requirements: we may disclose information if required by law, court order, or governmental authority.
  • Business transfers: if MicroCal is acquired or merges with another company, your information may be transferred as part of that transaction. We will notify you before your information is subject to a different privacy policy.

5. Data Retention

  • Account data: retained for as long as your account is active. Deleted within 30 days of account deletion.
  • Calendar event data: retained while your calendar connection is active. Deleted immediately when you disconnect a calendar or delete your account.
  • Booking data: retained for 2 years after the booking date for record-keeping purposes, then deleted.
  • Payment records: retained for 7 years to comply with financial regulations, even after account deletion.
  • Logs and analytics: retained for 90 days.

6. Security

We implement industry-standard security measures:

  • All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
  • Calendar OAuth tokens (access tokens and refresh tokens) are stored encrypted in our database.
  • Passwords are hashed using bcrypt and never stored in plain text.
  • Profile photos are stored in AWS S3 with access controls.
  • We perform regular security reviews of our infrastructure.

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

If you discover a security vulnerability, please report it to support@microcal.com.au. We take all reports seriously and will respond within 48 hours.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: request a copy of the personal data we hold about you. Use the "Export data" feature in Settings → Danger Zone.
  • Correction: update your name, email, or timezone in Settings.
  • Deletion: delete your account and all associated data in Settings → Danger Zone → Delete account. Calendar event data is deleted immediately. Payment records are retained as required by law.
  • Disconnection: disconnect any calendar integration at any time from the Connections page. This deletes all synced event data.
  • Portability: export your bookings and booking pages as JSON from Settings → Export data.
  • Opt-out of emails: manage notification preferences in Settings → Notifications.

For requests that cannot be fulfilled through the app, contact us at support@microcal.com.au. We will respond within 30 days.

8. Cookies

We use the following cookies:

  • Session cookie: stores your authentication session. Required for the Service to function. Expires when you sign out or after 30 days.
  • Theme preference: stores your light/dark mode preference. Persisted in localStorage, not a cookie.
  • No advertising cookies: we do not use advertising or tracking cookies of any kind.

9. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact us at support@microcal.com.au and we will delete it promptly.

10. International Data Transfers

MicroCal is operated from Australia and serves users globally. Your data may be stored and processed in the United States (AWS, Vercel) and other countries where our service providers operate. By using the Service, you consent to this transfer.

We ensure appropriate safeguards are in place for international transfers in compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Sending an email to your registered address
  • Displaying a notice in the application

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions or requests:

See also our Terms of Service.