CalDAVconnect
DE Log in
Home Blog Pricing Docs
Log in Join the beta

Privacy Policy

Controller

Mediakreativ UG (haftungsbeschränkt)
represented by Managing Director Christian Schindler
Herrengasse 2, 06542 Allstedt
E-mail: privacy@caldavconnect.de

Under applicable law, our company is not required to appoint a data protection officer. Managing Director Christian Schindler is responsible for data protection.

Hosting

CalDAVconnect is hosted on servers operated by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. All data is processed exclusively within the EU. Legal basis: Art. 6(1)(f) GDPR.

Data processed

1. Website visits

When you visit the website, your IP address, referrer, and browser data are transmitted automatically. This data is technically necessary to display the website and is not evaluated in a way that identifies individuals. Legal basis: Art. 6(1)(f) GDPR.

2. Registration and user account

When you register, your email address, name, and password (encrypted) are stored. The data is used solely to operate your user account. Legal basis: Art. 6(1)(b) GDPR.

3. CalDAV credentials

Server URL, username, and password for CalDAV servers are stored encrypted (AES-256-GCM) and used solely for calendar synchronization. Legal basis: Art. 6(1)(b) GDPR.

4. Google Calendar / Microsoft 365 OAuth tokens

OAuth tokens are stored encrypted and used solely for calendar synchronization with Google Calendar and Microsoft 365, respectively. Legal basis: Art. 6(1)(b) GDPR.

5. Calendar event data

Calendar entries are processed for synchronization. Title, description, location, participants, and timestamps are stored encrypted so that changes can be detected and synchronized. The data is not used for other purposes and is not disclosed to third parties. Legal basis: Art. 6(1)(b) GDPR.

6. Acceptance of Terms, DPA and Privacy Policy

When accepting our Terms of Service, Data Processing Agreement and Privacy Policy, we store your IP address, browser identifier (user agent), accepted version and timestamp. This data serves as proof of the consent given. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in being able to prove consent).

7. Email delivery

Transactional emails (registration confirmation, invitations) are sent via Lettermint (EU-based, Netherlands). Legal basis: Art. 6(1)(b) GDPR.

8. Beta waitlist

Email address and optional information (name, CalDAV server used) are stored to manage the beta waitlist. Legal basis: Art. 6(1)(a) GDPR (consent). Consent may be withdrawn at any time.

Cookies

CalDAVconnect uses only technically necessary cookies (session, CSRF protection). No tracking, remarketing, or targeting cookies are used.

Disclosure to third parties

Data processors (EU)

The following service providers process personal data on our behalf. All process data exclusively within the EU.

  • Hetzner Online GmbH — Hosting and infrastructure (Germany). All user data, credentials, and encrypted calendar data are stored on Hetzner servers.
  • Lettermint — Transactional email delivery (Netherlands). Email address and name are transmitted for sending system emails (registration, password reset, invitations).

Cloud calendar providers (third country / USA)

When you connect a cloud calendar, calendar data is exchanged with the respective provider. This occurs solely at your explicit request through OAuth authorization.

  • Google Ireland Ltd. — Google Calendar API. Data transmitted: calendar entries (title, description, location, times, participants). Legal basis: Art. 6(1)(b) GDPR (contract performance). Third-country transfer: EU-US Data Privacy Framework.
  • Microsoft Ireland Operations Ltd. — Microsoft Graph API. Data transmitted: calendar entries (title, description, location, times, participants). Legal basis: Art. 6(1)(b) GDPR (contract performance). Third-country transfer: EU-US Data Privacy Framework.

OAuth authorization can be revoked at any time in the settings of the respective cloud provider. When a connection is deleted, all stored tokens and sync data are removed.

Web analytics (anonymized)

Plausible Analytics — We use Plausible for anonymized website usage analysis. Plausible does not collect personal data: no cookies are set, no IP addresses are stored, and no fingerprinting is used. No personal data is transmitted.

Retention

User data is fully removed when the account is deleted. Calendar sync data is removed when the respective connection is deleted. Beta waitlist entries are deleted after the beta phase ends.

Your rights as a data subject

You have the right to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object (Art. 21 GDPR)

To exercise your rights, please contact: privacy@caldavconnect.de

Right to lodge a complaint

You have the right to lodge a complaint with the competent supervisory authority:

Landesamt für Verbraucherschutz Sachsen-Anhalt
Pfälzer Str. 50, 06124 Halle (Saale)

Changes to this privacy policy

We reserve the right to update this privacy policy in response to legal or technical changes.

As of: April 2026