Security & privacy overview
This section is for IT leads, data protection officers — and everyone who wants to know exactly what happens with their data. The legally binding version is the privacy policy; this is the readable one.
The essentials
Section titled “The essentials”- Hosted in Germany: servers and database run at Hetzner (Falkenstein, DE) — no US cloud underneath.
- Event contents are not stored: Kalender Sync persists only event IDs and checksums for change detection. Titles, descriptions and locations only pass through during sync.
- Third-party data stays out: attendee lists, guest email addresses, organisers and accept/decline responses are never transferred — at any visibility level.
- Credentials encrypted: OAuth tokens, app passwords and feed URLs are stored encrypted (AES-256); all transport runs over TLS.
- Data minimisation by architecture: only the sync window of −3 to +6 months is synced, and by default only “busy/free”.
What is stored
Section titled “What is stored”| Category | Contents |
|---|---|
| Account | email address, name (optional), language, plan, consent timestamps |
| Calendar metadata | calendar name, colour, write permissions — no contents |
| Sync configuration | syncs with visibility level, placeholder title, source/target calendars |
| Sync mappings | event IDs (source ↔ blocker) and checksums — no contents |
| Credentials | OAuth tokens / app passwords / feed URLs, encrypted |
| Sessions | browser, IP address, last activity (reviewable) |
What is not stored
Section titled “What is not stored”- Event contents (title, description, location) — pass-through during sync only
- Attendee lists and their email addresses
- Attachments
- Emails, files or contacts from your accounts — Kalender Sync has no permission for those