← Back to SquadCal
Privacy Policy
Last updated: January 2026
SquadCal is a simple group scheduling tool created by Samuel Edney. This policy explains what information we collect and how we use it.
Information We Collect
When you use SquadCal, we collect:
- Name: Your first and last name, used to identify you in calendars
- Email address (optional): If you create an account, we store your email for login and to link your calendars
- Password (optional): If you create an account, stored securely using bcrypt hashing
- PIN: A 4-digit PIN for guest access (without an account), stored securely using bcrypt hashing
- Availability: The dates you mark as unavailable
- Welcome messages: Optional messages created by calendar owners
User Accounts
You can use SquadCal in two ways:
- Guest access: Join calendars with just your name and a 4-digit PIN. Your data is only linked to that specific calendar.
- Account access: Create an account with email and password to see all your calendars in one dashboard and stay logged in across sessions.
Creating an account is optional. All features work without one.
How We Store Your Data
- All data is stored as JSON files on our server
- Passwords and PINs are never stored in plain text - they're hashed using bcrypt
- Your browser stores your login session locally (localStorage) for convenience
- We do not use cookies
How We Use Your Data
Your information is used solely to:
- Display your name and availability to other calendar participants
- Authenticate you when you return to update your availability
- Calculate and display group availability results
- Show your calendars on your dashboard (if you have an account)
Data Sharing
We do not sell, trade, or share your personal information with third parties. Your data is only visible to:
- Other participants of calendars you join (they see your name and unavailable dates)
- Calendar creators (who can see participant lists and remove participants)
Your email address is never shown to other participants.
Third-Party Services
We use the following third-party services:
- Cloudflare: For SSL/TLS encryption, DDoS protection, and content delivery. Cloudflare may collect technical data such as IP addresses. See Cloudflare's Privacy Policy.
- QRCode.js: A client-side library for generating QR codes. No data is sent externally.
Data Retention
- Calendar data is retained until the calendar creator deletes it
- Account data is retained until you delete your account or request deletion
- There is no automatic expiration of calendars or accounts
- You can clear your local login data by logging out or clearing browser storage
Your Rights
You can:
- Update your availability at any time
- Update your name and password in your account settings
- Ask the calendar creator to remove you as a participant
- Log out to clear your browser session
- Contact me to request deletion of your account or calendar data
Security
We take reasonable measures to protect your data:
- All connections are encrypted via HTTPS/TLS
- PINs are hashed using bcrypt (not stored in plain text)
- The data directory is protected from direct web access
- File locking prevents data corruption from concurrent access
Children's Privacy
SquadCal is not directed at children under 13. We do not knowingly collect information from children under 13.
Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated date.