Privacy Policy
Jotcal · Last updated: June 4, 2026
Jotcal ("the App") is a calendar and productivity application for Android. This Privacy Policy explains how your information is collected, used, and protected when you use the App.
Jotcal is designed with privacy in mind. Your calendar data, tasks, notes, and handwriting are stored locally on your device and are never uploaded to our servers. We operate a minimal backend used only to verify in-app purchases and manage free-trial eligibility, which receives a device identifier and purchase information for that limited purpose. We do not sell your information. We do not use your information for advertising. We do not use your information to train artificial intelligence or machine learning models.
Information We Collect
Information You Provide
When you connect a calendar account, the App receives the following information depending on the provider:
- Google Calendar: Your email address (for account identification), calendar names, and calendar event data (titles, dates, times, descriptions, locations, attendees). Access is granted through Google OAuth and is limited to the scopes
calendar.eventsandcalendar.readonly. - Microsoft Outlook: Your email address, calendar names, and calendar event data. Access is granted through Microsoft Authentication Library (MSAL) with the scopes
Calendars.ReadWriteandoffline_access. - iCloud Calendar: Your Apple ID email and an app-specific password you provide. Calendar data is accessed via the CalDAV protocol.
- CalDAV (Generic): A server URL, username, and password you provide. Calendar data is accessed via the CalDAV protocol.
Information Created Locally
The App stores the following data locally on your device:
- Calendar events (synced and locally created)
- Tasks and notes you create
- App settings and preferences
- Handwriting stroke data for handwritten notes
Device Location (Optional)
If you enable the optional weather feature, the App can request your device's approximate (coarse) location to set your weather location automatically. This uses the ACCESS_COARSE_LOCATION permission, which you may grant or deny; you can also set a weather location manually instead. The approximate latitude and longitude are used only to retrieve weather forecasts and are sent to the Open-Meteo weather service (see Third-Party Services below). Your location is not sent to our backend, and the App does not request precise (GPS) location.
Information Sent to Our Backend
To manage the free trial and the one-time Pro purchase, the App communicates with a backend service we operate (the "JotCal API"). The following information is sent to and stored by this service:
- Device identifier: An Android device identifier (the Android ID,
Settings.Secure.ANDROID_ID) is used to anchor your free-trial period server-side and to associate a Pro purchase with your device, so the trial cannot simply be reset by reinstalling the App. This identifier is specific to your device and the App. It is not the Android Advertising ID and is not used for advertising or for tracking you across other apps or services. - Trial timestamp: The date and time your free trial started.
- Purchase information: When you purchase Pro, the App sends the Google Play purchase token, the product identifier, and the device identifier so the purchase can be verified with Google Play. The verification result (order ID and purchase state) is stored.
Information We Do Not Collect
- Precise (GPS) location — only approximate location is used, and only if you enable the weather feature and grant permission
- Contacts
- Photos, videos, or files
- The Android Advertising ID or any advertising identifier
- Usage analytics or telemetry
- Crash reports
How We Use Your Information
Your information is used solely to provide the App's functionality:
- Display your calendar events, tasks, and notes
- Synchronize calendar data between your device and your calendar providers
- Recognize handwriting input and convert it to calendar events
- Store your preferences (display settings, weather location, connected accounts)
- Provide optional weather forecasts for your chosen or detected location
- Determine your free-trial eligibility and verify your Pro purchase
We do not use your information for any other purpose.
How Your Data Is Stored
On-Device Storage
All data is stored locally on your device:
- Calendar database: Stored in a local Room database on your device's internal storage.
- Authentication tokens: Encrypted at rest using AES-256-GCM via Android's EncryptedSharedPreferences. OAuth tokens for Google and Microsoft are stored encrypted. CalDAV credentials (iCloud and generic) are stored encrypted.
- Settings and preferences: Stored locally using Android DataStore.
Data in Transit
When you enable calendar synchronization, your calendar data is transmitted directly between your device and your calendar provider over HTTPS (TLS encryption) and does not pass through our servers. The App enforces HTTPS for all network connections. Separately, the App sends limited purchase- and trial-verification requests to our backend service over HTTPS, as described below.
Our Backend Service
Your calendar events, tasks, notes, handwriting, and account credentials are never uploaded to our servers. The only data stored on our own infrastructure is the limited purchase- and trial-related information described under "Information Sent to Our Backend" above: a device identifier, your trial start time, and verified purchase records. This backend (the "JotCal API") runs on Cloudflare Workers with a Cloudflare D1 database. It does not receive your calendar data, location, contacts, or handwriting.
Third-Party Calendar Services
When you connect a calendar provider, your data is subject to that provider's privacy policy:
- Google: Google Privacy Policy. The App's use of Google Calendar data complies with the Google API Services User Data Policy, including the Limited Use requirements. Specifically, the App only uses Google user data to provide calendar functionality visible to you within the App. The App does not transfer Google user data to third parties except as necessary to provide the service, with your consent, or for legal/security reasons. The App does not use Google user data for advertising, retargeting, or unauthorized purposes. Human access to Google user data is not required for the App's operation.
- Microsoft: Microsoft Privacy Statement.
- Apple iCloud: Apple Privacy Policy.
Third-Party Services Used Within the App
- Google ML Kit (Digital Ink Recognition): Used on-device to recognize handwriting. Handwriting data is processed locally and is not sent to Google's servers. See ML Kit Terms.
- Open-Meteo Weather API: If you enable the weather feature, the App sends latitude and longitude coordinates — which you set manually or which are derived from your device's approximate location — to Open-Meteo to retrieve weather forecasts. No personal information or device identifier is included in these requests. See Open-Meteo Terms.
- Google Play Billing & Google Play Developer API: In-app purchases are processed by Google Play. To confirm a purchase is genuine, our backend sends the purchase token to the Google Play Developer API for verification. See the Google Privacy Policy.
- Cloudflare: Our backend service (the JotCal API) is hosted on Cloudflare Workers and stores trial and purchase records in a Cloudflare D1 database. Cloudflare processes this limited data on our behalf as a service provider. See the Cloudflare Privacy Policy.
Data Sharing
We do not sell, rent, trade, or otherwise share your personal information with third parties.
Your calendar data is transmitted only to the calendar providers you explicitly connect (Google, Microsoft, iCloud, or a CalDAV server you specify). No other third parties receive your calendar data.
The limited purchase- and trial-related data described above is processed by our service providers solely to operate the App's licensing: Cloudflare hosts our backend, and Google verifies in-app purchases through the Google Play Developer API. We do not share this information for any other purpose.
Data Retention and Deletion
Your data is stored on your device for as long as you use the App. You can delete your data at any time by:
- Disconnecting accounts: Removes stored credentials and synced calendar data for that provider.
- Clearing app data: Go to Android Settings > Apps > Jotcal > Storage > Clear Data. This removes all locally stored data including events, tasks, notes, settings, and authentication tokens.
- Uninstalling the App: Removes all App data from your device.
Clearing app data or uninstalling the App removes the data on your device, but it does not delete the trial and purchase records associated with your device identifier on our backend. These records are retained to maintain your Pro entitlement and to prevent the free trial from being reset by reinstalling the App.
To request deletion of the trial and purchase records associated with your device, contact us at the email address below. Note that deleting a record tied to an active purchase may affect your access to Pro features.
Children's Privacy
The App is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided information through the App, please contact us so we can take appropriate action.
Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access: You can view all data stored by the App on your device.
- Deletion: You can delete all App data at any time (see Data Retention and Deletion above).
- Portability: Calendar data can be exported through your calendar provider's own export tools.
- Withdraw consent: You can disconnect any calendar account at any time through the App's Settings.
For European Economic Area (EEA) Residents
The legal basis for processing your data is your consent (connecting a calendar account or enabling location-based weather) and contract performance (providing the App's functionality, including licensing and purchase verification). Your calendar data is stored on your device and transmitted directly to your chosen calendar providers. The limited purchase- and trial-related data we process is handled on our behalf by Cloudflare and Google and may be processed in data centers outside the EEA; this processing is necessary to perform our contract with you.
For California Residents
Under the California Consumer Privacy Act (CCPA): We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. You have the right to know what personal information is collected, to delete it, and to opt out of its sale (which does not apply, as we do not sell data).
Security
We take reasonable measures to protect your information:
- Authentication tokens are encrypted at rest using AES-256-GCM
- All network communication uses HTTPS (TLS)
- Cleartext network traffic is prohibited
- Device backup of sensitive data is disabled
- XML parsing is hardened against XXE attacks
No method of electronic storage or transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last updated" date at the top. We encourage you to review this policy periodically. Continued use of the App after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or the App's data practices, please contact us at:
Email: support@jotcal.app