Legal

Privacy Policy

Last updated: April 2026 · Applies to ClearCal and clearcal.io

The short version: ClearCal processes your Google Calendar events entirely inside your browser. Your calendar data never touches our servers. We collect only what we need to run your account and process your payment, and we don't sell or share your data with anyone.

1. Who we are

ClearCal is operated by Matt Gooch, trading as ClearCal through The Roadbook Project Ltd, based in the United Kingdom. We are the data controller for the personal data described in this policy.

If you have any questions about this policy or how we handle your data, contact us at privacy@clearcal.io.

2. What data we collect and why

We collect the minimum data necessary to provide the service.

Your email address

To identify your account and send receipts

Clerk (account provider)

Google OAuth access token

To read and colour-code your calendar events

Your browser only — never our servers

Google OAuth refresh token

To maintain your connection without repeated sign-ins

Your browser only — never our servers

Payment information

To process Pro and Lifetime subscriptions

Stripe — we never see your card details

Subscription status (free / pro / lifetime)

To determine which features you can access

Clerk user metadata

Your calendar events

To classify and colour-code meetings

Not collected — processed locally in your browser only

We do not collect analytics, usage statistics, crash reports, or any behavioural data. There are no third-party tracking scripts on this website.

3. Your calendar data

This is the most important section for most users.

When ClearCal runs, it fetches your calendar events directly from Google's API to your browser. The classification logic runs entirely inside the Chrome extension on your device. Your calendar events are never transmitted to ClearCal's servers at any point.

The only interaction our server has with Google is brokering the initial sign-in (a standard OAuth requirement — the client secret cannot safely be stored inside a browser extension). After sign-in, your access token is stored in Chrome's local extension storage on your device and used directly by the extension to call Google's API.

4. Third-party services

We use the following third parties, each of whom processes data on our behalf:

Google OAuth 2.0 — handles sign-in authentication. Governed by Google's Privacy Policy.
Clerk — manages user accounts and session tokens. Governed by Clerk's Privacy Policy. Clerk stores your email address and subscription status.
Stripe — processes payments. Governed by Stripe's Privacy Policy. Stripe stores your payment details — we never receive or store your card number.
Cloudflare — hosts our backend worker. Cloudflare may log request metadata (IP address, timestamp) in accordance with Cloudflare's Privacy Policy. These logs do not include calendar data.

We do not use any advertising networks, data brokers, or analytics platforms.

5. Legal basis for processing (UK GDPR)

Contract performance — processing your email and subscription status is necessary to provide the service you've paid for.
Legitimate interests — brokering the Google OAuth sign-in and verifying your subscription plan are necessary to operate the service securely.
Legal obligation — we retain payment records as required by UK tax law.

6. How long we keep your data

Account data (email, subscription status) — kept for as long as your account exists, and deleted within 30 days of account deletion.
Payment records — kept for 7 years as required by HMRC.
OAuth tokens — stored only in your browser. Deleted immediately when you click Disconnect in the extension popup, or when you revoke access via your Google Account.
Server request logs — Cloudflare retains basic request logs for up to 30 days. These do not contain calendar data.

7. Your rights under UK GDPR

You have the following rights regarding your personal data:

Right of access — you can request a copy of the personal data we hold about you.
Right to rectification — you can ask us to correct inaccurate data.
Right to erasure — you can ask us to delete your account and personal data. We'll action this within 30 days.
Right to portability — you can request your data in a machine-readable format.
Right to object — you can object to processing based on legitimate interests.
Right to restrict processing — you can ask us to pause processing while a dispute is resolved.

To exercise any of these rights, email privacy@clearcal.io. We will respond within one calendar month.

You also have the right to lodge a complaint with the UK's Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

This website does not use cookies for tracking or advertising. The only cookies that may be set are those strictly necessary for Clerk's authentication flow (session management). These are functional cookies and do not require consent under PECR.

We do not use Google Analytics, Facebook Pixel, or any other tracking technology.

9. Children

ClearCal is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

10. Changes to this policy

If we make material changes to this policy we will update the date at the top of this page and, where appropriate, notify you by email. We encourage you to review this page periodically.

11. Contact

Data controller: Matt Gooch, trading as ClearCal through The Roadbook Project Ltd

Email: privacy@clearcal.io