Privacy Policy

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

We collect the following categories of personal data:

• Waitlist data: your email address when you sign up for the waitlist.
• Account data: your name, email address, and authentication credentials when you create an account.
• Calendar data: event titles, times, durations, and attendee information when you connect your calendar, solely to provide scheduling optimization.
• Usage data: technical information such as your IP address, browser type, pages visited, and interaction patterns, collected to improve service quality.
• Payment data: billing information processed by Stripe; we do not store credit card numbers on our servers.

We process your personal data on the following legal bases under Art. 6 GDPR:

• Consent (Art. 6(1)(a)) — for waitlist sign-ups and marketing emails. You may withdraw consent at any time.
• Contract performance (Art. 6(1)(b)) — to provide the Schedulely service and manage your account.
• Legitimate interest (Art. 6(1)(f)) — for service improvement, security, and fraud prevention.

Your data is used exclusively to provide and improve Schedulely’s scheduling services. We analyze your calendar patterns to optimize focus time, meetings, and habits. We send transactional emails related to your account and, with your consent, product updates.

We never sell your personal data to third parties.

Your calendar data is never used to train AI models. Our AI features process your data in real-time to generate scheduling suggestions but do not retain it for model training purposes. AI processing occurs on our secured infrastructure within the European Union.

We use the following third-party service providers to operate Schedulely:

• Microsoft Azure (North Europe, Ireland) — hosting and infrastructure. Microsoft processes data under Standard Contractual Clauses (SCCs) and the EU Data Boundary.
• Resend (USA) — transactional email delivery. Data is processed under SCCs and the EU-US Data Privacy Framework.
• Stripe (USA) — payment processing. Stripe is certified under the EU-US Data Privacy Framework and operates as an independent controller for payment data.

Schedulely uses only technically necessary cookies required for the website to function (e.g., session management). We do not use advertising cookies or third-party tracking tools.

No consent banner is required for technically necessary cookies under the GDPR and TTDSG.

We retain your personal data only as long as necessary for the purposes described in this policy or as required by law.

• Waitlist data is retained until you unsubscribe or the waitlist period ends.
• Account data is retained for the duration of your account plus 30 days after deletion.
• Calendar data is deleted immediately upon disconnecting your calendar or closing your account.
• Payment records are retained for the statutory retention period of 10 years (§ 147 AO).

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15) — obtain confirmation of whether and which data we process about you.
• Right to rectification (Art. 16) — correct inaccurate personal data.
• Right to erasure (Art. 17) — request deletion of your data under certain conditions.
• Right to restriction (Art. 18) — restrict the processing of your data.
• Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
• Right to object (Art. 21) — object to processing based on legitimate interest.
• Right to withdraw consent — withdraw any given consent at any time without affecting the lawfulness of prior processing.

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for us is:

We use industry-standard security measures to protect your data, including:

• Encryption in transit (TLS 1.2+) and at rest
• Access controls restricted to authorized personnel
• Regular security reviews of our infrastructure

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the service. The current version is always available at this URL.

For privacy-related inquiries, please contact: