WonderCal is a meeting scheduling platform that helps people find times to meet by reading availability from connected calendars and coordinating responses across participants. This Privacy Policy describes the information we collect, how we use it, who we share it with, how long we keep it, and the choices you have. It applies to the WonderCal website, the WonderCal web application, our transactional email, and any associated APIs or integrations we operate.
We try to write this policy in plain language. Where a section involves something technical — such as the OAuth scopes we request from Google or Microsoft, or the analytics provider we use — we describe both what happens and why, so you can make informed decisions about what to share with us.
This policy applies to three groups of people:
Different sections below explain which group each practice applies to.
When you create an account, we store your email address, a display name, an optional profile image, your locale, your timezone, and authentication identifiers issued by your sign-in provider (for example, your Google or Microsoft user ID). You may also choose to add a LinkedIn URL, headline, company, short bio, username, and personal meeting page settings. These optional fields are visible to people you invite or who book time with you.
When you connect a Google or Microsoft calendar, we receive OAuth credentials issued by that provider: an access token, a refresh token, the token expiry time, the email address of the connected account, the provider's account identifier, and (where available) a display name and profile image for that account. We also store the list of calendars on that account, each calendar's name, timezone, color, and whether you have marked it as blocking your availability.
You can connect multiple Google and Microsoft accounts to a single WonderCal user. Each connected account is stored separately and can be disconnected at any time from the Settings page.
To show your availability, we sync events from the calendars you have marked as blocking. For each event we store its start time, end time, busy/free state, an all-day flag, and a stable identifier supplied by the provider. Whether we also store the event title depends on the visibility scope you chose when you connected the account — see "Calendar Permissions and Scope Choices" below for the full explanation. We do not store event descriptions, attachments, attendee lists, locations, or video conferencing links from your existing calendar events.
For each meeting we store the title, optional description, duration, optional location, the participant list, available days and hours, response deadlines, the selected/confirmed time once chosen, and any meeting slug you use in a personal scheduling URL. When the meeting is confirmed, we also store identifiers for the calendar events we create on your behalf (if you have granted write access).
When you respond to a meeting, we store the time slots you indicated as available or blocked, the meeting they apply to, and your account or guest identifier. If you respond as a guest without signing in, we may store the name and email address you provided. For anonymous guests we mint a one-time claim token (stored only as a hash on our side and saved in your browser's local storage) so that you can later prove ownership of those responses if you sign up with the matching email.
To make rebooking easier, we automatically build a contact list of people you have shared a meeting with (their name, email, the date you first met, your most recent meeting date, and the count of shared meetings). You may also add private notes to your own contacts; those notes are visible only to you.
When you send an invitation, we record the recipient's email address, the time the invitation was sent, an opaque invitation token (used to authenticate the recipient without requiring a password), and delivery status updates from our email provider (sending, sent, delivered, opened, clicked, bounced, failed, declined, or revoked). For automated reminders we keep a count of reminders sent and the timestamp of the last reminder.
If you upgrade to a paid plan, we store your Stripe customer identifier and your current plan tier. We do not store credit card numbers, expiration dates, or CVCs on our servers — payment instruments are handled directly by Stripe. For Enterprise inquiries submitted through our contact-sales form, we store your name, work email, company, company size, optional phone, and your stated use case.
If you create an API key for programmatic access, we store a one-way hash of the key (we cannot recover the original key once it is shown to you), a label you give it, the creation timestamp, and the timestamp of the most recent use. We also keep monthly usage counters per account to enforce plan limits.
We collect operational telemetry about how the product is used — for example, which API endpoints are called, whether a calendar sync succeeded or failed, and whether a meeting was confirmed. This information is used to operate the service, debug failures, and enforce plan quotas. It is associated with your account.
We use Microsoft Clarity to better understand how people interact with our website and web application. Clarity captures information such as mouse movements, clicks, scroll behavior, page navigation, browser type, device type, screen resolution, country (derived from IP address), and aggregated session recordings. Clarity uses cookies and similar technologies to recognize repeat visits within a session. The dedicated "Microsoft Clarity" section below explains exactly what Clarity does, what it does not record, how the data is used, and how to opt out.
We use cookies and browser storage for three purposes: keeping you signed in, remembering small pieces of state across the OAuth redirect flow (for example, an invitation token you arrived with), and powering the analytics described above. You can clear cookies and storage from your browser settings at any time, though doing so will sign you out and remove guest claim tokens saved on that device.
When you connect a Google or Microsoft calendar to WonderCal, you choose two things separately. We store these choices on your connected-account record and respect them on every sync and every action we take on your behalf.
When you choose "see only busy times," WonderCal asks Google or Microsoft for only the start time, end time, and busy/free status of each event — not the title or any other details. Event titles are never sent to us by the provider, so we never see them, never store them, and never include them in our logs or backups. This is a promise we keep in our own code: we have made the decision, on your behalf, to ask for less than Google or Microsoft would otherwise be willing to share with us.
You can broaden or narrow these permissions at any time. Broadening (for example, switching from busy-only to titles, or granting write access) happens from the Settings page in WonderCal and triggers a re-authorization with your provider. Narrowing or revoking access entirely is done either by disconnecting the account from WonderCal or by visiting your provider's account permissions page (Google, Microsoft) and removing WonderCal's consent.
WonderCal's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data to serve advertisements, we do not allow humans to read your Google data except where you have given us explicit support consent or as required for security investigations or to comply with applicable law, and we do not transfer Google user data to third parties except as necessary to provide the service you have requested.
We do not sell your personal information. We do not use your calendar contents, contact list, meeting metadata, or connected-account credentials to train machine learning models, whether our own or third parties'. We do not use your data for advertising and we do not run third-party advertising on the WonderCal website or web application.
We use Microsoft Clarity, a product-analytics and session-replay service provided by Microsoft Corporation, to understand how people use the WonderCal website and web application so we can improve usability and diagnose problems.
Clarity is configured to mask sensitive content by default. Text inputs, form values, and elements marked as sensitive are replaced with placeholder characters in session recordings. Clarity does not record passwords, payment card numbers (which are entered directly into Stripe's hosted forms), or the content of OAuth consent screens (those are served by Google or Microsoft and are outside our application). Clarity does not have access to your calendar events, meeting contents, or contact list — it only sees what is rendered in your browser and is not given access to our backend data.
Microsoft acts as a service provider for the data Clarity collects on our behalf. Microsoft may also process the data for its own purposes as described in the Microsoft Privacy Statement and the Clarity documentation. Clarity data is retained by Microsoft according to its own policies, currently one year by default.
You can opt out of Clarity at any time, and we make this easy:
clarity.ms domain, enabling Global Privacy Control or Do Not Track (which Clarity respects where required by law), or clearing the Clarity cookie.Opting out of Clarity does not affect any feature of the application.
We share information only in the situations described below. We do not sell personal information and we do not share it with advertisers.
When you create or are invited to a meeting, the other participants can see your name, the times you marked as available or blocked for that meeting, and (if you have chosen to display them) your profile fields such as headline, company, bio, and LinkedIn URL. They cannot see your individual calendar event titles — only an overlay of your busy time within the meeting's search window.
When you grant write access and confirm a meeting, we send the resulting event — including title, start and end time, location, description, and the participant invitations — to Google or Microsoft so it can be placed in your calendar.
We may disclose information if we believe in good faith that disclosure is necessary to comply with a law, regulation, legal process, or governmental request, to protect the safety of any person, to address fraud or security issues, or to protect WonderCal's rights or property.
If WonderCal is involved in a merger, acquisition, or sale of assets, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.
We support several ways to sign in, including OAuth with Google and Microsoft and email magic links. Magic-link tokens are single-use and expire after a short window; once consumed they cannot be replayed. OAuth access tokens and refresh tokens are stored on our backend and used only to make API calls to your calendar provider on your behalf.
We use industry-standard practices to protect your data: encryption in transit (TLS) for all client-server traffic, encryption at rest for our database, hashed storage for API keys and anonymous-guest claim tokens, signed and time-limited tokens for OAuth state and email links, and per-user rate limiting on authenticated APIs. Internal access to production data is limited and audited.
No system is perfectly secure. If we ever become aware of a breach affecting your data, we will notify affected users as required by applicable law.
WonderCal is operated from the United States and our service providers (including Convex, Vercel, Cloudflare, Google, Microsoft, Resend, and Stripe) may process and store data in the United States and other countries. By using WonderCal you acknowledge that your information may be transferred to and processed in countries other than your own. Where required by law we rely on appropriate safeguards (such as Standard Contractual Clauses) to govern these transfers.
Depending on where you live, you may have rights under privacy laws such as the EU and UK General Data Protection Regulations, the California Consumer Privacy Act, and similar regimes. We honor these rights for all users regardless of location, to the extent practical:
To exercise any of these rights, email us at the address in the Contact section below from the email address associated with your account. We will respond within 30 days.
WonderCal is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided personal information to us, please contact us and we will take steps to delete it.
We may update this Privacy Policy from time to time. When we make material changes we will update the "Last updated" date at the top of this page and, for significant changes, notify account holders by email or in-product notice before the changes take effect. Continued use of WonderCal after the effective date of a revised policy constitutes acceptance of the changes.
If you have any questions about this Privacy Policy, our data practices, or wish to exercise any of your rights, please contact us:
Email: support@wondercal.us
We aim to respond within 30 days.