Privacy Policy

This policy explains what Caliq processes, what it does not store, and your rights under the GDPR.

Plain-language summary

What personal data we process

Data processed on your device

• Notes you type and related app state (stored locally on your device, depending on your iOS settings and backups).
• Calendar data (events, calendars, reminders where applicable) accessed via Apple frameworks when you grant permission.

This data is processed locally to show your schedule, detect conflicts, and create events.

Data transmitted for online parsing (only if you use it)

• Prompt content you submit for parsing (which may include personal data if you type it).
• Reference time and timezone used to resolve relative dates.
• Parsed output (event titles, times, location) returned to your device.

Technical data (typical for web requests)

• IP address and basic request metadata (timestamp, status codes, request sizes) processed by our hosting and security providers.
• Device attestation tokens (if App Attest or similar anti-abuse checks are enabled) for fraud prevention.

Payments and subscriptions

• Subscriptions are processed by Apple via In-App Purchase. Caliq does not receive your payment card details.
• Caliq may process subscription status and transaction identifiers as needed to unlock features and prevent abuse.

Why we process data and legal bases

• Provide core app functionality (create and display events, detect conflicts): Contract (GDPR Art. 6(1)(b)) and Legitimate interests (Art. 6(1)(f)).
• Online parsing feature (if used): Contract (Art. 6(1)(b)).
• Security and abuse prevention (rate limiting, fraud detection, reliability): Legitimate interests (Art. 6(1)(f)).
• Legal compliance (tax, accounting, regulatory requests if applicable): Legal obligation (Art. 6(1)(c)).

Who we share data with

We share data only to operate Caliq and only when needed for the chosen features.

• Apple (In-App Purchases, App Store distribution). Apple acts as an independent controller for payment processing.
• Cloudflare (relay/edge services for online parsing requests, security, and performance).
• OpenAI (LLM based Natural Language Processing provider used for online parsing), if you enable online parsing.
• GitHub Pages (policy hosting). GitHub may process visitor IP addresses and standard web logs to serve this page.

International transfers

Some processors may handle data outside the EEA. Where applicable, transfers rely on recognized safeguards such as the European Commission's adequacy decisions or Standard Contractual Clauses.

How long we keep data

• On-device content is retained until you delete it, remove the app, or your device settings remove it.
• Online parsing requests are processed to return results. Caliq aims not to store prompt content in persistent logs.
• Operational logs (if kept) are retained only as long as necessary for security, debugging, and service reliability, then deleted or anonymized.
• Purchase records are handled primarily by Apple. Caliq retains only what is necessary to validate entitlements and prevent abuse.

Your GDPR rights

Depending on your situation, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Delete data
• Restrict processing
• Object to processing based on legitimate interests
• Data portability (where applicable)
• Withdraw consent (where processing is based on consent)
• Lodge a complaint with your supervisory authority

Because most content is stored on your device, the fastest way to delete it is usually within the app, your device settings, or by uninstalling the app.

Security

We apply reasonable technical and organizational measures to protect data. Caliq uses multiple layers of encryption and security controls:

Encryption in transit

• HTTPS/TLS - All network communication uses industry-standard TLS encryption (TLS 1.2/1.3) to protect data in transit to our proxy server and external services.
• Certificate validation - Strict certificate pinning and validation ensures secure connections.

Encryption at rest

• iOS system encryption - All on-device data benefits from iOS's built-in encryption, including:
  • Core Data (note storage)
  • UserDefaults (settings and preferences)
  • App Groups (widget data sharing)
  • EventKit (calendar access)
• Keychain - Sensitive authentication tokens are stored in the iOS Keychain with hardware-backed encryption when available.

Authentication and access control

• JWT tokens - We use signed JWT tokens for server authentication, generated from StoreKit transaction tokens.
• App Attest - Device attestation helps prevent abuse and ensures requests come from legitimate app instances.
• Rate limiting - Request throttling and abuse detection protect against automated attacks.

Best practices

• Regular security updates and dependency management
• Minimal data retention policies
• Access controls for operational systems
• Secure development practices and code review

No method of transmission or storage is completely secure. While we strive to use industry-standard protections, we cannot guarantee absolute security.

Children's privacy

Caliq is not intended for children under 16 without parental involvement. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data through online parsing, please contact us at support@caliq.eu and we will address it promptly.

Changes to this policy

We may update this policy to reflect changes in the app or legal requirements. The "Last updated" date will be revised accordingly. Continued use of Caliq after changes constitutes acceptance of the updated policy.

Contact

For questions about this privacy policy or to exercise your rights, contact us at:
Email: support@caliq.eu
Controller: Tridib Banerjee