Last updated: March 20, 2026
This Privacy Policy describes how Calso Inc., a corporation incorporated under the laws of the Province of Ontario, Canada (“Calso”, “we”, “our”, or “us”), collects, uses, and shares personal information when you use the Calso scheduling platform at calso.io and any related services. Throughout this Policy, “Calso” refers to Calso Inc.
We collect personal information you provide when creating an account, including your name, email address, and scheduling preferences. When you authenticate via Google OAuth or Microsoft OAuth and connect a calendar, we access your Google Calendar or Microsoft 365 calendar data (including event titles, times, and free/busy status) solely to provide scheduling functionality. If you subscribe to a paid plan, we collect billing information such as your payment method and billing address through our payment processor. We also automatically collect usage data, device information, IP addresses, and browser type when you interact with our service.
We use your personal information to operate and provide the Calso scheduling platform, including generating available time slots, creating and managing bookings, and synchronizing events with your Google Calendar. We use your email address to send transactional notifications such as booking confirmations, reminders, and cancellation notices via our email provider, Resend. We may also use aggregated, anonymized data to analyze service usage patterns and improve platform performance.
We do not sell, rent, or trade your personal information to third parties for marketing purposes. We share data with trusted service providers who assist in operating our platform, including Stripe and PayPal for payment processing, Google and Microsoft for calendar integration and authentication, Resend for transactional email delivery, Vercel for application hosting, Supabase for database management, Sentry for application error monitoring, and Google Analytics for aggregate traffic analysis on our public marketing pages. A current list of sub-processors and the circumstances of their use is maintained in our Terms of Service. We may disclose your information if required by law, court order, or governmental regulation, or if necessary to protect the rights, safety, or property of Calso, our users, or the public.
We retain your personal information for as long as your account remains active or as necessary to provide you with our services and fulfill the purposes described in this policy. When you delete your account, we will remove your personal data from our active systems within 30 days, except where retention is required by applicable law or for legitimate business purposes such as fraud prevention or dispute resolution. Anonymized and aggregated data that cannot be used to identify you may be retained indefinitely for analytics purposes.
Depending on your jurisdiction, you may have the right to access, correct, update, export, or delete your personal information. Under the GDPR (for EU/EEA residents), CCPA (for California residents), and PIPEDA (for Canadian residents), you may also have the right to object to or restrict certain processing activities, withdraw consent, and lodge a complaint with your local data protection authority. To exercise any of these rights, please contact us at support@calso.io and we will respond within the timeframe required by applicable law.
We use strictly necessary cookies to manage your authentication session and maintain your logged-in state across the platform. On our public marketing pages (such as our home, pricing, and comparison pages) we also use Google Analytics, which sets first-party analytics cookies to help us understand aggregate site traffic. These analytics cookies are not loaded on the signed-in areas of the product — your dashboard, the client portal, booking management, or embedded widgets — so your account activity and booking data are never sent to Google Analytics. We do not use advertising or cross-site retargeting cookies. You may configure your browser to block or delete cookies, but doing so may prevent you from accessing certain features of the service that require authentication.
Calso integrates with third-party services including Google Calendar and Microsoft 365 (for scheduling and free/busy data), Stripe and PayPal (for payment processing), and Resend (for email delivery), each of which operates under its own privacy policy. We encourage you to review the privacy policies of these providers to understand how they handle your data. We are not responsible for the privacy practices or data handling of any third-party service, and your use of such services is subject to their respective terms.
Calso's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements. Specifically, when you connect a Google Calendar to Calso we request the calendar.readonly and calendar.events scopes, and we use the data accessed through them only to: (a) read free/busy intervals from the calendars you select so we can detect scheduling conflicts and compute available booking slots; (b) create, update, and delete calendar events on your designated booking calendar in response to bookings made, rescheduled, or cancelled through Calso. We do not transfer this Google user data to third parties except as necessary to provide or improve user-facing features of the Calso scheduling service, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users. We do not use Google user data for advertising. We do not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for Calso's internal operations and only when the data has been aggregated and anonymized. You may revoke Calso's access to your Google data at any time from within Calso (Settings → Calendars → Disconnect) or directly from your Google Account at https://myaccount.google.com/permissions; in either case Calso will delete the access and refresh tokens we hold for the disconnected account.
When you connect a Microsoft 365 / Outlook calendar or Microsoft Teams account to Calso, we request the User.Read, Calendars.ReadWrite, OnlineMeetings.ReadWrite, and offline_access scopes through the Microsoft Graph API. We use the data accessed through these scopes only to: (a) read free/busy intervals from the calendars you select so we can detect scheduling conflicts and compute available booking slots; (b) create, update, and delete calendar events on your designated booking calendar in response to bookings made, rescheduled, or cancelled through Calso; (c) generate Microsoft Teams meeting URLs for bookings configured to use Teams as the meeting location. We do not transfer this Microsoft data to third parties except as necessary to provide or improve user-facing features of the Calso scheduling service, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users. We do not use Microsoft data for advertising. We do not allow humans to read this data unless we have your affirmative agreement, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for Calso's internal operations and only when the data has been aggregated and anonymized. You may revoke Calso's access to your Microsoft data at any time from within Calso (Settings → Calendars → Disconnect, which deletes the access and refresh tokens we hold for the disconnected account), or directly from your Microsoft account at https://myapps.microsoft.com or https://account.microsoft.com/consent. Our use of Microsoft Graph data complies with the Microsoft Services Agreement and the Microsoft APIs Terms of Use.
We implement industry-standard technical and organizational security measures to protect your personal information, including encryption of data in transit via TLS and encryption at rest for stored data. Your data is hosted on Supabase (PostgreSQL) infrastructure located in AWS ca-central-1 (Canada), and our application is deployed on Vercel with enterprise-grade security controls. While we take reasonable precautions, no method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security of your information.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on this page and updating the "Last updated" date, and where required by law, we will provide additional notice via email. Your continued use of Calso after such changes constitutes your acceptance of the revised policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at support@calso.io, or by mail at: Calso Inc., 14-4400 Montrose Rd, Niagara Falls, ON, Canada L2H 1K2. For data protection inquiries from EU/EEA residents, you may also contact your local supervisory authority. We will make every effort to respond to your inquiry within 30 days.