Legal

Privacy Policy

Last updated: May 2026  ·  Applies to ClearCal and clearcal.io

1. Who we are

ClearCal is operated by Matt Gooch, trading as ClearCal through The Roadbook Project Ltd, based in the United Kingdom. We are the data controller for the personal data described in this policy.

If you have any questions about this policy or how we handle your data, contact us at privacy@clearcal.io.

2. What data we collect and why

We collect the minimum data necessary to provide the service.

We do not collect analytics, usage statistics, crash reports, or any behavioural data. There are no third-party tracking scripts on this website.

3. Your calendar data

This is the most important section for most users.

When ClearCal runs, it fetches your calendar events directly from Google's API to your browser. The classification logic runs entirely inside the Chrome extension on your device. Your calendar events are never transmitted to ClearCal's servers at any point.

The only interaction our server has with Google is brokering the initial sign-in (a standard OAuth requirement — the client secret cannot safely be stored inside a browser extension). After sign-in, your access token is stored in Chrome's local extension storage on your device and used directly by the extension to call Google's API.

4. Google API Services User Data

ClearCal uses Google APIs only to provide and improve the user-facing ClearCal calendar colourisation and calendar management features.

Google user data we access: your Google email address; Google Calendar calendars, metadata, and events needed to provide ClearCal's calendar colourisation and calendar management features; and the OAuth tokens and permissions required to keep the Google Calendar integration working.

How we use Google user data: ClearCal uses your Google email address to identify and link your account. ClearCal reads calendar and event data as needed to classify events and manage calendar colours. Where you enable a ClearCal feature that changes calendar data, ClearCal may create or update event colours or related calendar metadata only to provide that feature.

Sharing, transfer, and disclosure: We do not sell Google user data. We do not share, transfer, or disclose Google user data to third parties except where necessary to provide and operate ClearCal, such as infrastructure, hosting, database, authentication, monitoring, or security providers acting on our behalf; where required by law; to protect the security or integrity of the service; or with your explicit consent.

We do not use Google user data for advertising, retargeting, data broker services, credit-worthiness, lending purposes, or any unrelated purpose.

Data protection mechanisms: Google Calendar data is requested directly between your browser and Google's APIs over HTTPS/TLS, and calendar events are processed locally in the ClearCal Chrome extension. OAuth access and refresh tokens are stored in Chrome's local extension storage on your device and are not stored on ClearCal's servers. Server-side secrets, such as the Google OAuth client secret, are kept in deployment secrets or environment variables rather than hard coded in this website. We limit access to account, billing, and service systems to what is needed to operate ClearCal, and our monitoring and logging practices are not intended to log OAuth tokens or sensitive Google Calendar content. Service providers that process account, payment, hosting, or authentication data on our behalf apply their own security controls, including provider-managed encryption at rest where applicable.

If you disconnect ClearCal in the extension, locally stored OAuth tokens are deleted. You can also revoke ClearCal's Google access from your Google Account permissions page.

ClearCal's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

We do not use Google Workspace API data to develop, improve, or train generalized AI or machine learning models.

5. Third-party services

We use the following third parties, each of whom processes data on our behalf:

• Google OAuth 2.0 — handles sign-in authentication. Governed by Google's Privacy Policy.
• Clerk — manages user accounts and session tokens. Governed by Clerk's Privacy Policy. Clerk stores your email address and subscription status.
• Stripe — processes payments. Governed by Stripe's Privacy Policy. Stripe stores your payment details — we never receive or store your card number.
• Cloudflare — hosts our backend worker. Cloudflare may log request metadata (IP address, timestamp) in accordance with Cloudflare's Privacy Policy. These logs do not include calendar data.

We do not use any advertising networks, data brokers, or analytics platforms.

6. Legal basis for processing (UK GDPR)

• Contract performance — processing your email and subscription status is necessary to provide the service you've paid for.
• Legitimate interests — brokering the Google OAuth sign-in and verifying your subscription plan are necessary to operate the service securely.
• Legal obligation — we retain payment records as required by UK tax law.

7. How long we keep your data

• Account data (email, subscription status) — kept for as long as your account exists, and deleted within 30 days of account deletion.
• Payment records — kept for 7 years as required by HMRC.
• OAuth tokens — stored only in your browser. Deleted immediately when you click Disconnect in the extension popup, or when you revoke access via your Google Account.
• Server request logs — Cloudflare retains basic request logs for up to 30 days. These do not contain calendar data.

Google user data is retained only for as long as needed to provide ClearCal, comply with legal obligations, resolve disputes, and maintain security. You can request deletion of your account data by emailing privacy@clearcal.io, and you can disconnect your Google account at any time.

8. Your rights under UK GDPR

You have the following rights regarding your personal data:

• Right of access — you can request a copy of the personal data we hold about you.
• Right to rectification — you can ask us to correct inaccurate data.
• Right to erasure — you can ask us to delete your account and personal data. We'll action this within 30 days.
• Right to portability — you can request your data in a machine-readable format.
• Right to object — you can object to processing based on legitimate interests.
• Right to restrict processing — you can ask us to pause processing while a dispute is resolved.

To exercise any of these rights, email privacy@clearcal.io. We will respond within one calendar month.

You also have the right to lodge a complaint with the UK's Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies

This website does not use cookies for tracking or advertising. The only cookies that may be set are those strictly necessary for Clerk's authentication flow (session management). These are functional cookies and do not require consent under PECR.

We do not use Google Analytics, Facebook Pixel, or any other tracking technology.

10. Children

ClearCal is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

11. Changes to this policy

If we make material changes to this policy we will update the date at the top of this page and, where appropriate, notify you by email. We encourage you to review this page periodically.

12. Contact