CircleCal BETA

Privacy Policy

Effective date: February 1, 2026

1. Overview

This Privacy Policy explains how CircleCal (“CircleCal”, “we”, “us”) collects, uses, and shares information when you use our website and scheduling platform (the “Service”).

2. Information We Collect

  • Account information: username, email address, and your name (if provided).
  • Profile information: optional display name, timezone, notification preferences, and profile photo/avatar (if you upload one).
  • Organization information: business name, slug, staff roles/memberships, services, availability/scheduling configuration, and related settings (including optional booking subdomain and embed settings if enabled).
  • Booking information: appointment details (time, service, assigned staff/team/resource). If provided by the business or customer, this may include customer/client name and email address.
  • Billing information: subscription billing is processed by Stripe. CircleCal stores and uses limited billing metadata such as Stripe customer/subscription identifiers, invoice identifiers, plan status, and non-sensitive payment method metadata (e.g., brand and last4). CircleCal does not store full card numbers.
  • Client payment tracking (if enabled by a business): payment method selection (e.g., offline vs Stripe), payment status, and Stripe Checkout session identifiers associated with a booking.
  • Push notifications (mobile app): if you enable notifications, we collect and store your Expo push token, device platform (iOS/Android), and last-seen timestamp so we can deliver notifications you request.
  • Authentication and session data: security-related cookies and/or server-side session data used to keep you signed in and protect the Service (for example, session identifiers and CSRF/security tokens).
  • Invites and account links: if you invite staff/managers or use certain sign-in flows, we may generate temporary tokens and store related metadata (such as the invited email address and token status) to complete the invitation or authentication flow.
  • Technical and security information: IP address, browser/app user agent, and logs needed to operate, debug, and secure the Service (including login activity, fraud/abuse prevention, and rate-limiting). These logs may include request metadata such as timestamps, request paths, and limited request parameters associated with failed login attempts or abuse prevention events. We aim to avoid storing sensitive values (such as passwords) in these logs.
  • Audit and administrative records: to support security and troubleshooting (and certain admin features like undo/restore), we may retain audit logs and snapshots of changes made to records (for example, booking history events and administrative actions).

3. Cookies

CircleCal uses essential cookies and similar technologies required to operate the Service, such as keeping you signed in (session cookies), CSRF/security protections, and remembering app-mode display settings. We do not currently use advertising cookies.

4. How We Use Information

We use information to:

  • Provide, maintain, and secure the Service.
  • Process billing and manage subscriptions for business owners.
  • Send important account or service-related communications (e.g., password reset, booking confirmations where enabled).
  • Monitor and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.

5. How We Share Information

We may share information in the following ways:

  • Service providers: with vendors who help us run the Service (for example, payment processing via Stripe, push delivery via Expo, bot protection via Cloudflare Turnstile, hosting, storage for uploaded media, and email delivery), subject to contractual protections.
  • Within an organization: business owners may grant access to staff or managers; those users can access business data according to their role.
  • Legal and safety: if required by law or to protect rights, safety, and security.
  • Business transfers: if we are involved in a merger, acquisition, or sale of assets.

6. Data Retention

We retain information for as long as needed to provide the Service and for legitimate business purposes such as security, dispute resolution, troubleshooting, restoring data, and compliance. Businesses may also retain booking records for their own operational needs.

Even after you delete or change information, we may retain certain information for a limited period in backups, security logs, and audit records, as permitted by law.

7. Security

We use reasonable administrative, technical, and organizational measures designed to protect information. No security measures are perfect, and we cannot guarantee absolute security.

8. Your Choices and Rights

You may be able to access, update, or delete certain information through your account settings. You may also request access, correction, or deletion of your information by contacting us. If you are a customer/client booking with a business that uses CircleCal, your request may need to be directed to that business as well.

If you are a California resident, you may have additional rights under California privacy laws (such as the CCPA/CPRA), subject to applicable exceptions.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and may provide additional notice.

10. Contact

If you have questions about this Privacy Policy, please use our contact form.