Privacy Policy
Jotcal · Last updated: February 25, 2026
Jotcal ("the App") is a calendar and productivity application for Android. This Privacy Policy explains how your information is collected, used, and protected when you use the App.
Jotcal is designed with privacy in mind. Your calendar data is stored locally on your device. We do not operate servers that receive, store, or process your data. We do not sell your information. We do not use your information for advertising. We do not use your information to train artificial intelligence or machine learning models.
Information We Collect
Information You Provide
When you connect a calendar account, the App receives the following information depending on the provider:
- Google Calendar: Your email address (for account identification), calendar names, and calendar event data (titles, dates, times, descriptions, locations, attendees). Access is granted through Google OAuth and is limited to the scopes
calendar.eventsandcalendar.readonly. - Microsoft Outlook: Your email address, calendar names, and calendar event data. Access is granted through Microsoft Authentication Library (MSAL) with the scopes
Calendars.ReadWriteandoffline_access. - iCloud Calendar: Your Apple ID email and an app-specific password you provide. Calendar data is accessed via the CalDAV protocol.
- CalDAV (Generic): A server URL, username, and password you provide. Calendar data is accessed via the CalDAV protocol.
Information Created Locally
The App stores the following data locally on your device:
- Calendar events (synced and locally created)
- Tasks and notes you create
- App settings and preferences
- Handwriting stroke data for handwritten notes
Information We Do Not Collect
- Device location
- Contacts
- Photos, videos, or files
- Device identifiers or advertising IDs
- Usage analytics or telemetry
- Crash reports
How We Use Your Information
Your information is used solely to provide the App's functionality:
- Display your calendar events, tasks, and notes
- Synchronize calendar data between your device and your calendar providers
- Recognize handwriting input and convert it to calendar events
- Store your preferences (display settings, weather location, connected accounts)
We do not use your information for any other purpose.
How Your Data Is Stored
On-Device Storage
All data is stored locally on your device:
- Calendar database: Stored in a local Room database on your device's internal storage.
- Authentication tokens: Encrypted at rest using AES-256-GCM via Android's EncryptedSharedPreferences. OAuth tokens for Google and Microsoft are stored encrypted. CalDAV credentials (iCloud and generic) are stored encrypted.
- Settings and preferences: Stored locally using Android DataStore.
Data in Transit
When you enable calendar synchronization, data is transmitted directly between your device and your calendar provider over HTTPS (TLS encryption). The App enforces HTTPS for all network connections. No data passes through our servers.
No Cloud Storage
We do not operate backend servers. Your data is never uploaded to or stored on any server controlled by us.
Third-Party Calendar Services
When you connect a calendar provider, your data is subject to that provider's privacy policy:
- Google: Google Privacy Policy. The App's use of Google Calendar data complies with the Google API Services User Data Policy, including the Limited Use requirements. Specifically, the App only uses Google user data to provide calendar functionality visible to you within the App. The App does not transfer Google user data to third parties except as necessary to provide the service, with your consent, or for legal/security reasons. The App does not use Google user data for advertising, retargeting, or unauthorized purposes. Human access to Google user data is not required for the App's operation.
- Microsoft: Microsoft Privacy Statement.
- Apple iCloud: Apple Privacy Policy.
Third-Party Services Used Within the App
- Google ML Kit (Digital Ink Recognition): Used on-device to recognize handwriting. Handwriting data is processed locally and is not sent to Google's servers. See ML Kit Terms.
- Open-Meteo Weather API: If you enable the weather feature and set a location, the App sends latitude and longitude coordinates to Open-Meteo to retrieve weather forecasts. No personal information is included in these requests. See Open-Meteo Terms.
Data Sharing
We do not sell, rent, trade, or otherwise share your personal information with third parties.
Your calendar data is transmitted only to the calendar providers you explicitly connect (Google, Microsoft, iCloud, or a CalDAV server you specify). No other third parties receive your data.
Data Retention and Deletion
Your data is stored on your device for as long as you use the App. You can delete your data at any time by:
- Disconnecting accounts: Removes stored credentials and synced calendar data for that provider.
- Clearing app data: Go to Android Settings > Apps > Jotcal > Storage > Clear Data. This removes all locally stored data including events, tasks, notes, settings, and authentication tokens.
- Uninstalling the App: Removes all App data from your device.
We do not retain any data on our servers because we do not operate servers.
Children's Privacy
The App is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided information through the App, please contact us so we can take appropriate action.
Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access: You can view all data stored by the App on your device.
- Deletion: You can delete all App data at any time (see Data Retention and Deletion above).
- Portability: Calendar data can be exported through your calendar provider's own export tools.
- Withdraw consent: You can disconnect any calendar account at any time through the App's Settings.
For European Economic Area (EEA) Residents
The legal basis for processing your data is your consent (connecting a calendar account) and contract performance (providing the App's functionality). Since all data is stored on your device and transmitted directly to your chosen calendar providers, no international data transfers by us occur.
For California Residents
Under the California Consumer Privacy Act (CCPA): We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. You have the right to know what personal information is collected, to delete it, and to opt out of its sale (which does not apply, as we do not sell data).
Security
We take reasonable measures to protect your information:
- Authentication tokens are encrypted at rest using AES-256-GCM
- All network communication uses HTTPS (TLS)
- Cleartext network traffic is prohibited
- Device backup of sensitive data is disabled
- XML parsing is hardened against XXE attacks
No method of electronic storage or transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last updated" date at the top. We encourage you to review this policy periodically. Continued use of the App after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or the App's data practices, please contact us at:
Email: support@jotcal.app