Privacy Policy
Last updated: January 10, 2026
TL;DR: dfCal is designed with privacy first. Your calendar data stays on your device and is synced directly with your calendar providers (Google, Microsoft, CalDAV). We don't collect, store, or have access to your personal information on our servers.
1. Information We Collect
We don't collect any personal information on our servers. dfCal operates entirely on your device:
- Calendar data is stored locally on your iPhone/iPad
- Authentication tokens are stored securely in your device's Keychain
- No analytics or tracking is implemented
- No data is sent to our servers
2. Google User Data
When you connect a Google account to dfCal, our app accesses certain Google user data. This section specifically describes how we handle data obtained through Google APIs:
2.1 Data We Access
dfCal requests access to the following Google Calendar data:
- Calendar List - To display your available calendars
- Calendar Events - To read, create, update, and delete events on your behalf
2.2 How We Use Google User Data
Google user data is used solely for the following purposes:
- Displaying your calendar events - We fetch your events to show them in the app's calendar view
- Creating and managing events - When you create, edit, or delete events in dfCal, we sync those changes to Google Calendar
- Offline access - Events are cached locally on your device so you can view your schedule without an internet connection
We do not use Google user data for any other purposes, including but not limited to:
- Advertising or marketing
- Selling or sharing with third parties
- Training AI/ML models
- Profiling or analytics
2.3 Data Storage & Protection
Google user data is protected as follows:
- Local storage only - All calendar data is stored exclusively on your device; we do not store your Google data on any external servers
- Encrypted credentials - OAuth tokens are stored in the iOS Keychain, which uses hardware-backed encryption
- Secure transmission - All communication with Google APIs uses HTTPS/TLS encryption
- No server-side processing - Your Google data is never transmitted to or processed by our servers
2.4 Data Retention & Deletion
- Cached calendar data is retained locally as long as you use the app
- Disconnecting your Google account removes all associated tokens and cached data from your device
- Uninstalling the app removes all Google user data from your device
- You can revoke dfCal's access at any time through your Google Account permissions
3. Third-Party Services
dfCal connects directly to your calendar providers:
- Google Calendar - Uses Google's OAuth 2.0 for authentication. Subject to Google's Privacy Policy
- Microsoft Outlook - Uses Microsoft's OAuth 2.0 for authentication. Subject to Microsoft's Privacy Statement
- CalDAV Servers - Connects directly to your CalDAV server
dfCal only requests the minimum permissions needed to read and write calendar events (principle of least privilege).
4. Data Storage & Security
All your data is stored locally on your device with the following protections:
- Calendar events and tasks - Cached locally for offline access using iOS standard data protection
- Account credentials - Stored in iOS Keychain with hardware encryption
- Settings and preferences - Stored in app preferences (UserDefaults)
- No cloud backup of sensitive data - Authentication tokens are excluded from iCloud backup
Deleting the app removes all locally stored data from your device.
5. Data Sharing
We do not share, sell, rent, or transfer your personal information or calendar data to any third parties. Your data is only transmitted directly between your device and your chosen calendar providers (Google, Microsoft, or your CalDAV server).
6. Children's Privacy
dfCal does not knowingly collect information from children under 13. The app is designed for general audiences.
7. Your Rights
You have full control over your data:
- Access - All your calendar data is visible within the app
- Deletion - Remove your account from the app or uninstall to delete all local data
- Portability - Your data remains with your calendar provider and can be exported through their services
- Revocation - Revoke access permissions directly through your Google or Microsoft account settings
8. Changes to This Policy
We may update this privacy policy from time to time. Any changes will be reflected on this page with an updated "Last updated" date. Continued use of dfCal after changes constitutes acceptance of the updated policy.
9. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us at:
[email protected]