School2Calendar
Privacy Policy

Privacy Policy

Last updated:

This Privacy Policy explains how School2Calendar (“we”, “us”, or “our”) collects, uses, and protects information when you use the School2Calendar service (the “Service”).

What the Service does

School2Calendar receives inbound emails sent to your personal forwarding address (for example, inbound+<userToken>@school2calendar.com), extracts event information using your saved context, and writes calendar events to your connected calendar (Google Calendar via OAuth; iCloud via CalDAV).

Information we collect

Email content you send us

  • Sender and recipient addresses (including your personal routing token)
  • Email headers (e.g., Message-ID, Date, Subject)
  • Email body (text and/or HTML)
  • Basic attachment metadata (and, if present, calendar attachments such as text/calendar)

Account and configuration data

  • Your email address
  • Context you provide (e.g., timezone/home location, parsing hints, allowed/blocked senders)
  • Optional kid profiles and relevance rules (used to filter/label events)

Calendar connection data

  • OAuth tokens for Google Calendar (and refresh/access tokens)
  • CalDAV credentials for iCloud (e.g., app-specific password), if you choose iCloud
  • Calendar IDs and event IDs needed to write/update events

Operational data

  • Processing status and error logs for your messages and calendar writes
  • Audit records of actions taken on your behalf (e.g., token refresh, calendar write attempts)

How we use information

  • To ingest and store inbound emails for processing and reprocessing
  • To extract calendar event candidates and write them into your connected calendar
  • To prevent duplicates using idempotency and deduplication techniques
  • To provide support, troubleshooting, and an audit trail
  • To improve extraction quality (for example by refining prompts/rules), using minimized data where practical

LLM processing

The Service uses an LLM to help interpret emails and extract event details. Email bodies may be sent to an LLM provider as part of this processing. We aim to minimize data sent where possible and avoid logging raw LLM inputs/outputs by default.

Security

We are designed to protect sensitive data:

  • OAuth tokens are stored encrypted at rest and are never intentionally logged.
  • Processing and background jobs are scoped to individual users to prevent cross-user access.
  • We use retries and safe write patterns to reduce the risk of missed events or duplicates.

Data retention

We retain raw emails for a limited period (typically 30–90 days, subject to configuration) to support reliability, retries, and reprocessing. Structured extracted data may be retained longer as part of your account. Calendar credentials are retained until you disconnect.

Sharing

We share data only as necessary to operate the Service, including with:

  • Calendar providers you connect (e.g., Google, iCloud) to create/update events
  • Infrastructure providers that store/process data on our behalf
  • LLM providers to perform extraction

Your choices

  • You can disconnect your calendar integration to stop future writes.
  • You can request deletion or export of your data by contacting us.

Contact

Questions about this policy: privacy@school2calendar.com

Back to home Terms of Service