Privacy Notice

This service ("Clev.Calendar") is operated by Alvaro Daza ("we", "us"). Alvaro Daza is the data controller responsible for personal data processed through Clev.Calendar.

• Account data: name, email address, hashed password, account creation date.
• Profile and product data: calendar entries, color palettes, share links, and other content you create.
• Support communications: messages you send us and our replies.
• Usage and device data: IP address, browser, device type, pages viewed, timestamps, and basic telemetry.
• Subscription metadata: plan, status, and renewal information returned by our payment processor.

• Provide the service (contract performance): account creation, authentication, storing your calendar data.
• Secure the service (legitimate interests): fraud prevention, abuse detection, access logging.
• Improve the product (legitimate interests): aggregate analytics, debugging, performance monitoring.
• Support (legitimate interests / contract): responding to inquiries.
• Legal compliance (legal obligation): tax, accounting, and lawful requests.

We share personal data only with the following categories of recipients:

• Hosting and infrastructure providers who host the application and database on our behalf.
• Paddle.com Market Ltd. ("Paddle"), our Merchant of Record, which processes all payments, manages subscriptions, calculates and remits sales tax, issues invoices, and handles refund requests. Paddle acts as an independent controller for payment data. See Paddle's privacy notice at paddle.com/legal/privacy.
• Email delivery providers for transactional emails (welcome, receipts, account notices).
• Professional advisers (legal, accounting) where reasonably necessary.
• Authorities where required by law or to protect our rights.

We do not sell your personal data.

We keep account and content data for as long as your account is active, and for a reasonable period afterward to comply with legal obligations and resolve disputes. Billing records are retained as required by tax law (typically up to 7 years). When data is no longer needed, it is deleted or anonymised.

Depending on your jurisdiction, you may have the right to access, rectify, delete, restrict, or port your personal data, to object to processing, and to withdraw consent. You may also lodge a complaint with your local data protection authority. To exercise these rights, contact us through the email address associated with your account; we will respond within a reasonable period and in any case within one month where required by law.

Some of our service providers may process data outside your country of residence. Where required, transfers are protected by appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

We use appropriate technical and organisational measures, including encryption in transit, access controls, and least-privilege server credentials. No system is perfectly secure, but we work to protect your data against unauthorized access, alteration, disclosure, or destruction.

We use strictly necessary cookies and local storage to keep you signed in and remember your preferences. We do not use third-party advertising cookies. You can clear cookies through your browser; doing so may sign you out.

We may update this notice from time to time. Material changes will be communicated through the service or by email.

For privacy questions, contact Alvaro Daza through the support email associated with your account.