Summary: This Privacy Policy explains how Calyxy collects, uses, and protects your personal information. We use OAuth authentication, which means we never see your passwords. We only access the minimum data necessary to provide our services, and you can disconnect any account at any time.
1. Introduction
Calyxy ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our smart home dashboard service ("Service"). Please read this Privacy Policy carefully. By using the Service, you consent to the data practices described in this policy.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Name
- Email address
- Password (encrypted and hashed - we cannot see your actual password)
- Subscription plan information
2.2 Third-Party Account Data
When you connect third-party accounts (Google, Microsoft, etc.) using OAuth, we collect and store:
- OAuth Tokens: Access tokens and refresh tokens that allow us to access your connected accounts
- Account Identifiers: Email addresses associated with connected accounts
- Cached Data: We may cache certain data to improve performance, including:
- Calendar events and metadata
- Task lists and items
- Music playback information (currently playing track, artist, album)
- Account profile information (name, email)
2.3 Usage Data
We automatically collect certain information when you use the Service:
- Dashboard layout preferences (widget positions, sizes, visibility)
- Settings and customization preferences
- Device information (browser type, operating system)
- IP address and general location (country/region level)
- Log data (access times, features used)
2.4 Cookies and Session Data
We use cookies and session storage to maintain your login state and remember your preferences. We use:
- Session Cookies: To maintain your login session
- Preference Cookies: To remember your dashboard layout and settings
- Redis Session Storage: To store session data securely on our servers
2.5 Trial and Fraud Prevention
To prevent abuse of free trials, we collect limited, non-personally-identifying device and browser signals (e.g., browser type, screen resolution, time zone) when you start a trial. We only store hashed values (we cannot recover the original data). We do not store raw canvas or biometric data. You may request deletion of this data via your account settings or by contacting us. In some regions (e.g., EU), this fingerprinting may be disabled.
3. How We Use Your Information
3.1 Service Provision
We use your information to:
- Provide, maintain, and improve the Service
- Authenticate your identity and manage your account
- Connect and sync with your third-party accounts
- Display your calendar events, tasks, and other integrated data
- Remember your dashboard layout and preferences
- Process payments and manage subscriptions
- Send you service-related communications (account updates, trial expiration notices)
3.2 Security and Fraud Prevention
We use your information to detect, prevent, and address security issues, fraud, and abuse of the Service.
3.3 Legal Compliance
We may use your information to comply with legal obligations, respond to legal requests, and protect our rights and the rights of our users.
4. Data Storage and Security
4.1 Data Storage
Your data is stored securely using industry-standard practices:
- Database: PostgreSQL database with encrypted connections
- Session Storage: Redis for secure session management
- Passwords: Hashed using bcrypt (we never store plain text passwords)
- OAuth Tokens: Encrypted and stored securely in the database
4.2 Security Measures
We implement various security measures to protect your data:
- HTTPS encryption for all data transmission
- OAuth 2.0 authentication (we never see your third-party passwords)
- Regular security audits and updates
- Access controls and authentication requirements
- Secure session management
4.3 Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your data within 30 days, except where we are required to retain it for legal or regulatory purposes. For free trial accounts that are not upgraded, data is deleted 7 days after the trial expires.
5. Third-Party Services and Data Sharing
5.1 OAuth Providers
When you connect accounts through OAuth (Google, Microsoft, etc.), you are granting those services permission to share certain data with Calyxy. The data shared is limited to what is necessary for the Service to function. Each OAuth provider has its own privacy policy governing how they handle your data.
5.2 Service Providers
We may share your information with trusted third-party service providers who assist us in:
- Payment processing (Stripe)
- Email delivery (Resend)
- SMS delivery (Textbelt)
- Hosting and infrastructure services
These service providers are contractually obligated to protect your information and may only use it for the specific purposes we authorize.
5.3 No Sale of Data
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We only share data as described in this Privacy Policy or with your explicit consent.
6. Your Rights and Choices
6.1 Access and Correction
You can access and update your account information at any time through your account settings. You can also request a copy of your data by contacting us.
6.2 Account Deletion
You can delete your account at any time through your account settings. When you delete your account, we will:
- Permanently delete your account information
- Delete all connected account tokens and cached data
- Delete your dashboard layout and preferences
- Cancel any active subscriptions
Deletion is permanent and cannot be undone. Some data may be retained for legal or regulatory purposes as required by law.
6.3 Disconnect Third-Party Accounts
You can disconnect any third-party account at any time through your account settings. When you disconnect an account, we will immediately revoke access and delete the associated OAuth tokens and cached data.
6.4 Cookie Preferences
Most browsers allow you to control cookies through their settings. However, disabling certain cookies may limit your ability to use some features of the Service.
6.5 Data Portability
Signed-in users can download a JSON export from Settings (including settings, notes, maintenance, chores configuration, calendar source list, and all saved dashboard layouts per browser/device). You may also contact us for a copy of your data in a machine-readable format.
7. Children's Privacy
Calyxy is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using the Service, you consent to the transfer of your information to these countries.
9. California Privacy Rights (CCPA)
If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected, used, shared, or sold
- Right to delete personal information
- Right to opt-out of the sale of personal information (we do not sell your data)
- Right to non-discrimination for exercising your privacy rights
To exercise these rights, please contact us using the information provided in the "Contact Us" section.
10. European Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA), you have certain rights under the General Data Protection Regulation (GDPR):
- Right of access to your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
To exercise these rights, please contact us using the information provided in the "Contact Us" section.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date
- Sending you an email notification (for significant changes)
- Displaying a notice on the Service
Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy.
12. Data Breach Notification
In the event of a data breach that may affect your personal information, we will notify you and relevant authorities as required by applicable law. We will provide information about the nature of the breach, the data affected, and steps we are taking to address it.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: [email protected]
Support Email: [email protected]
Website: Calyxy.com
We will respond to your inquiry within 30 days.
14. Consent
By using Calyxy, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.