Last updated: 21 May 2025
1. Who We Are
BackupMyCalendar (a product of Studio Stach) is the controller of your personal data.
CoC (KvK) 82999686 – VAT NL003762715B84
Email: info@backupmycalendar.com
2. Scope of this Policy
This Privacy Policy explains how we collect, use, disclose and safeguard the information you provide when you use backupmycalendar.com, our web application and related services (together, the “Service”). It applies to all visitors, account‑holders and anyone interacting with the Service.
3. What Data We Collect
We collect several kinds of information in order to operate and improve the Service:
- Account data. You provide your name, email address, and hashed password upon creating an account.
- Calendar data. We fetch events and related metadata that come from the calendars you connect to our systems.
- Payment and billing details. You provide these to Stripe, for the purposes of processing payments. This data could include the name and address on your invoice, VAT ID, etc.
- Usage data. We log data generated by your device and our servers, including IP address, browser type, device identifiers, pages visited, timestamps and error logs to secure and improve our operations.
We do not collect your Google, Microsoft or Apple passwords.
4. Legal Grounds for Processing (GDPR)
- Contract – to provide the automated backup and restore functionality you request.
- Legitimate interests – to improve and secure the Service, detect abuse and keep business records.
- Legal obligation – to comply with tax, accounting or law‑enforcement requests.
5. How We Use Your Data
- Create scheduled backups and allow you to browse and restore past versions.
- Authenticate you and maintain your account.
- Provide invoices, process payments, and send service‑related messages.
- Monitor performance, debug issues and protect against fraud or misuse.
- Develop new features and perform analytics (aggregated / pseudonymised where possible).
- Send newsletters or product updates.
7. Sharing & Disclosure
We only share personal data with:
- Service providers acting on our behalf (cloud hosting in the EU, email delivery, analytics). They process data under strict instructions and confidentiality clauses.
- Payment processor – Stripe (card payments, fraud prevention).
- Authorities when required by law or to protect rights, property or safety.
We do not sell personal data.
8. International Transfers
All backups and primary databases are stored on encrypted servers located in the European Union.
9. Security Measures
- TLS encryption in transit and AES‑256 at rest.
- Tokens and credentials are stored using hardware‑backed secrets management.
- Principle of least privilege and multi‑factor authentication for staff.
- Regular security audits, penetration tests and a public responsible‑disclosure programme.
10. Data Retention
- We store your calendar backups until you delete them or 30 days after account closure, whichever comes first.
- We store account and billing records as long as needed for legal obligations, often for 7 years.
- We store anonymised server logs for as long as needed to improve our services.
- You may delete individual backups at any time from the dashboard.
11. Your Rights
If you are in the EEA/UK you have the right to access, rectify, erase, restrict or object to processing, and receive a copy (portability) of your data. Where processing is based on consent you may withdraw it at any time.
To exercise any right, email support@backupmycalendar.com. We will reply within 30 days.
13. Children’s Privacy
The Service is not directed to children under 16. We do not knowingly collect data from children. If you believe a child has provided personal data, please contact us so we can delete it.
14. Changes to This Policy
We may update this Privacy Policy to reflect changes in law or our practices. We will post the new version here and, for significant changes, notify you by email or a prominent banner. The “Last updated” date will always tell you when the latest version took effect.
