At CalyPaly, privacy isn't an afterthought—it's a core design principle. We believe you should know exactly what data we collect and why.
Email address, name, and password (hashed, never stored in plain text). Used for authentication and communication about your bookings.
Booking types you create, availability settings, and scheduled appointments. This is the core data needed to provide our service.
If you connect Google or Microsoft calendars, we store encrypted OAuth tokens to check availability and create events. We only access calendar data when you explicitly connect your calendar.
We never store credit card numbers. Payments are processed by Stripe or PayPal. We only store transaction IDs for refund processing.
Download all your data anytime from Settings → Privacy → Export Data. You'll receive a complete JSON file of everything we have.
Delete your account and all associated data permanently from Settings → Privacy → Delete Account. This action is irreversible.
Active accounts: Data retained while your account is active.
Deleted accounts: All data permanently deleted within 30 days.
Cancelled bookings: Retained for 90 days for potential disputes, then automatically purged.
See our detailed Security page for information about encryption, infrastructure, and our security practices.
If you have any questions about this privacy policy or how we handle your data, contact us at privacy@calypaly.com
Last updated: January 2026