Privacy Policy
Effective Date: 28 September 2025
This Privacy Policy explains how C(o)lendar (the "App") collects, uses, stores, and protects personal data. The App is a corporate calendar and leave/remote work management SaaS application.
1. Application Identity
- App Name: C(o)lendar
- Internal / Repository Name: Colendar
- Bundle ID: com.colendar.app
- Platforms: iOS, Android (Web version may be available)
- Application Type: Corporate calendar, leave & remote work management, admin panel (HR / SaaS)
- User Roles: Admin / User
2. Data Controller
The App is operated by an individual developer acting as a service provider.
- Data Controller: Individual Developer
- Contact Email: info.colendar@gmail.com
- Address: Istanbul, Turkiye
- Data Protection Officer (DPO): Not appointed
In B2B scenarios, client companies may act as independent data controllers for their employees' personal data, while the App operator acts as a data processor.
3. Categories of Personal Data
3.1 Data Provided by Users
- First name and last name
- Email address
- Password (hashed and salted)
- Company name
- Date of birth
- Employment start date
- User role (Admin/User)
- Language and time zone preferences
- Calendar events (title, description, location, meeting link, invitees)
- Leave and remote work records
- Notification preferences
- Company board posts, content, and uploaded images
- Reports, complaints, and administrative notes
Not collected: Phone number, profile photo, job title/position.
Photo gallery access may be requested solely for uploading images to company boards.
3.2 Automatically Collected Data
- IP address (authentication and audit logs)
- User-agent information
- Device type (iOS / Android)
- Push notification token
- Time zone
- Audit logs (including old/new values, IP address, and user-agent)
Analytics and crash reporting may be enabled in the future depending on selected service providers. If enabled, processing will be limited to performance monitoring, stability, and error diagnosis, and may require user consent where legally required.
3.3 Special Categories of Personal Data
The App includes a sick leave category. If health-related information is entered into event descriptions or notes, such data may qualify as special category personal data under applicable data protection laws.
Users and administrators are advised not to enter unnecessary health details.
4. Purposes of Processing
Personal data is processed for the following purposes:
- Account creation and authentication
- Operation of calendar, leave, and remote work features
- User and admin management
- Sending notifications
- Security, audit logging, and fraud prevention
- Subscription and in-app purchase verification
- Moderation and reporting processes
- System performance monitoring and stability
5. Legal Bases
Processing is based on one or more of the following legal grounds:
- Performance of a contract
- Legitimate interests (security, audit logging, fraud prevention)
- Explicit consent (push notifications, analytics, optional communications)
- Compliance with legal obligations, where applicable
6. Data Retention
- Personal data is retained as long as the user account is active.
- Upon account deletion, personal data is permanently deleted from active systems.
- Soft-deleted records may be retained for up to 90 days for cleanup and recovery purposes.
- Audit logs are retained as long as necessary for security purposes and fraud prevention.
- Backup retention periods may apply and are limited to operational necessity.
7. Data Sharing
Personal data may be shared with:
- Hosting and database providers (e.g., Railway - region depending on deployment)
- Push notification services (Expo, Apple APNs, Google FCM)
- In-app purchase verification services (Apple, Google)
- Analytics or crash reporting providers, if enabled
No personal data is shared for advertising or cross-app tracking purposes.
8. International Data Transfers
Personal data may be transferred to servers or service providers located outside the user's country. Where required, such transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs).
9. User Rights
Users have the right to:
- Access their personal data
- Request correction or deletion
- Object to processing
- Request data portability
- Withdraw consent where processing is based on consent
Requests may be submitted via email to info.colendar@gmail.com.
10. Account Deletion
Users may delete their accounts directly within the mobile application. Account deletion results in permanent removal of personal data from active systems, subject to applicable backup retention periods.
11. Children's Privacy
The App is intended for corporate use and is not designed for children under the age of 13. The App does not knowingly collect personal data from children.
12. Cookies and Tracking
The mobile applications do not use cookies. If a web version is enabled, HTTP-only authentication cookies may be used solely for secure session management.
13. Changes to This Policy
This Privacy Policy may be updated from time to time. Material changes will be communicated via email and/or in-app notifications.
14. Contact