← Back to SquadCal

Privacy Policy

Last updated: December 2024

SquadCal is a simple group scheduling tool created by Samuel Edney. This policy explains what information we collect and how we use it.

Information We Collect

When you use SquadCal, we collect:

• Name: Your first and last name, used to identify you in the calendar
• PIN: A 4-digit PIN you create, stored securely using bcrypt hashing
• Availability: The dates you mark as unavailable
• Welcome messages: Optional messages created by calendar owners

How We Store Your Data

• All data is stored as JSON files on our server
• Your PIN is never stored in plain text - it's hashed using bcrypt
• Your browser stores your login credentials locally (localStorage) for convenience
• We do not use cookies

How We Use Your Data

Your information is used solely to:

• Display your name and availability to other calendar participants
• Authenticate you when you return to update your availability
• Calculate and display group availability results

Data Sharing

We do not sell, trade, or share your personal information with third parties. Your data is only visible to:

• Other participants of calendars you join (they see your name and unavailable dates)
• Calendar creators (who can see participant lists and remove participants)

Third-Party Services

We use the following third-party services:

• Cloudflare: For SSL/TLS encryption, DDoS protection, and content delivery. Cloudflare may collect technical data such as IP addresses. See Cloudflare's Privacy Policy.
• QRCode.js: A client-side library for generating QR codes. No data is sent externally.

Data Retention

• Calendar data is retained until the calendar creator deletes it
• There is no automatic expiration of calendars
• You can clear your local login data by clicking "Change" in the app

Your Rights

You can:

• Update your availability at any time
• Ask the calendar creator to remove you as a participant
• Clear your browser's localStorage to remove saved credentials
• Contact me to request deletion of specific calendar data

Security

We take reasonable measures to protect your data:

• All connections are encrypted via HTTPS/TLS
• PINs are hashed using bcrypt (not stored in plain text)
• The data directory is protected from direct web access
• File locking prevents data corruption from concurrent access

Children's Privacy

SquadCal is not directed at children under 13. We do not knowingly collect information from children under 13.

Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date.