Last updated: May 9, 2026
MiCal ("we," "our," or "us") is a calendar bridging service that connects multiple calendar providers to help you synchronize events and manage scheduling. We take your privacy seriously. This policy explains what data we collect, how we use it, and how we protect it.
Account Information: When you sign up via Google or Microsoft OAuth, we receive your email address, name, and profile information from the provider. We use this to create your account and identify you.
Calendar Data: With your explicit permission, we access calendar event metadata (titles, times, locations, attendees) to perform synchronization. We do not read the content of event descriptions unless necessary for sync operations.
OAuth Tokens: We store encrypted refresh and access tokens for connecting to your calendar providers. These are encrypted at rest using AES-256-GCM encryption.
Usage Data: We collect basic operational data such as sync run logs, error reports, and API request timestamps to maintain service reliability.
We do not sell your data. We do not use your calendar data for advertising. We do not train AI models on your data.
Your data is stored in Turso (libSQL) databases with encryption at rest. OAuth tokens are encrypted with AES-256-GCM using keys stored separately from the database. Sessions are secured with HMAC-signed cookies.
All data transmission occurs over TLS (HTTPS). We use timing-safe comparisons for authentication checks.
We integrate with Google Calendar and Microsoft Outlook. Your use of these services is governed by their respective privacy policies. We only request the minimum scopes necessary for calendar synchronization.
You may disconnect calendar integrations, delete your account, or request a copy of your data at any time by contacting us. Account deletion removes all personal data within 30 days.
For privacy questions or data requests, contact: privacy@mical.net