Privacy Policy

Last updated: February 23, 2026

1. Overview

hash-calendar supports two usage modes:

• Local mode: calendar state is kept in your browser and URL hash.
• Optional cloud mode: if you create a cloud account, calendar data is stored in our Supabase database for sync and backup features.

2. Data You Enter

Event titles, dates, recurrence settings, timezone choices, and similar calendar data are processed in your browser.

• In local mode, calendar state is encoded in the URL hash (`#...`).
• URL hash content is not sent in normal HTTP requests to the server.
• Language preference may be stored locally in your browser.
• In cloud mode, calendar snapshots are stored in Supabase and linked to your account ID.
• If you start a paid subscription, subscription and invoice metadata is processed by Dodo Payments.

If you share your calendar URL, anyone with that link can access the shared calendar state in the hash. Treat shared links as sensitive.

3. Analytics

The main app page loads Google Analytics (GA4). It is configured to send only `origin + pathname` and not the URL hash, to avoid transmitting calendar payload data in analytics page URLs.

• Provider: Google Analytics (Measurement ID: `G-77V3TP2B5T`)
• Configured page location excludes the hash fragment

4. Third-Party Requests

The app may load third-party resources (for example analytics scripts, fonts, icon libraries, or QR code utilities). Those providers may receive standard request metadata such as IP address, user agent, and referrer.

5. Encryption and Security

The app includes optional password-based encryption for shared links. Encryption improves confidentiality, but no system can provide absolute security. Keep passwords private and avoid sharing them in the same channel as encrypted links.

6. Data Retention

Data retention depends on how you use the app:

• Local mode: retention is controlled by your browser history, copied/shared links, and local device state.
• Cloud mode: calendar/account records remain until you delete your account.

When you use the in-app Delete Account action, we immediately request subscription cancellation (if active) and then permanently delete your cloud account and related cloud calendar data.

Payment providers may keep billing records for tax, accounting, fraud prevention, or legal obligations, even after account deletion.

7. Your Choices

• Do not share calendar links if they contain sensitive data.
• Use link encryption for shared calendars when needed.
• Use browser privacy controls or blockers to limit analytics.
• Clear browser history when you want to remove locally retained URLs.
• If you use cloud mode, you can delete your account in-app at any time.

8. Account Deletion

Cloud account deletion is available in-app under the account menu. Deletion is permanent and cannot be undone. To reduce accidental removals, the app asks you to type DELETE before confirming.

9. Changes to This Policy

This policy may be updated as the project evolves. The date at the top of this page indicates the latest revision.

10. Contact

For questions, use the help guide and FAQ.