Privacy Policy

Last updated: March 2026

What QRCal Does

QRCal lets you scan a QR code to book a meeting. It connects to Google Calendar to find available times and create events. When both people use QRCal, the app finds the soonest mutual time that works for everyone.

Information We Collect

Account Information

Email address and display name from Google Sign-In or Apple Sign-In. Used for authentication and displaying your name in meetings.

Google Calendar Data

What we access: We read your event titles, times, and attendees to show your upcoming schedule in the app and to find available meeting times. We create and delete events when you book or cancel meetings through QRCal.

What we don't store: Your calendar events are fetched in real-time from Google and displayed directly on your device — we do not copy or store your events on our servers. The only thing stored on our end is an encrypted access token so we can communicate with Google Calendar on your behalf.

What we don't share: Your calendar data never leaves the connection between your device and Google's servers. We do not share, sell, or transfer your calendar data to anyone.

Meeting Preferences

Duration, buffer time, available hours, and available days. You set these in the app. Stored to compute your availability.

QR Code Data

Labels you give your QR codes (e.g., "Work", "Personal"). Generated by the app and associated with your account.

Booking Information

Meeting start and end times, attendee email addresses, and booking status. Created when meetings are booked through QRCal.

Subscription Data

Apple StoreKit transaction receipts and subscription status. Used to manage your Pro subscription.

Guest Information (One-Sided Bookings)

When someone without a QRCal account books with you, we collect their name and email to send the calendar invitation. This data is associated with the booking only.

Information We Do NOT Collect

  • Location data (camera is for QR scanning only)
  • Device identifiers or advertising IDs
  • Analytics or usage tracking (no analytics SDKs)
  • Contacts, photos, or media
  • Browsing or search history
  • Health, fitness, or financial data

How We Store Your Data

Data is stored in Supabase (PostgreSQL) with row-level security. Your Google refresh token is encrypted with AES-256-GCM before storage. Session tokens are stored in your iOS device's Keychain.

Third-Party Services

  • Google Calendar API — to read your availability and create meeting events. Google's privacy policy applies to data processed by Google.
  • Apple Sign-In — for account authentication. Apple's privacy policy applies.
  • Supabase — database hosting. Data stored on Supabase infrastructure.

We do NOT share your data with advertisers, data brokers, or any other third parties.

Data Deletion

You can revoke Google Calendar access from within the app (Settings > Revoke Google Access). You can delete your account by contacting us. Revoking access removes your encrypted Google tokens from our database.

Contact

For privacy questions: josh@autodb.app