NewState of Calendar Chaos 2026Learn more

Privacy Policy

Privacy Policy

Last updated: 2026-05-11

Supaplan ("Supaplan", "we", "us", or "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data when you use the Supaplan mobile application (iOS and Android) and related web-based features used for scheduling and sharing events (together, the "Service").

This Policy applies globally, including users in the European Union (EU) and European Economic Area (EEA).

If you have any questions, contact us at [email protected].

1. Scope of This Policy

This Policy applies to:

  • The Supaplan mobile app
  • Supaplan web pages used for event sharing and scheduling
  • Communications with Supaplan support

It does not apply to third-party services you may access via Supaplan.

2. Personal Data We Collect

2.1 Data You Provide

  • Account information (name, email address, authentication identifiers)
  • Preferences and settings
  • Communications with customer support
  • Content you intentionally enter into the app (for example notes or requests)

2.2 Contacts and Calendar Data (Opt-In Only)

With your explicit consent, Supaplan may access:

  • Contacts (names, email addresses, phone numbers)
  • Calendar events, availability, and related scheduling metadata

Purpose

This data is used strictly to provide core, user-visible functionality, including:

  • Scheduling and coordination
  • Availability checks
  • Creating, updating, and managing events
  • Sharing event information with selected participants

Important Commitments

  • Contacts and calendar data are never sold
  • Never used for advertising or marketing purposes
  • Never shared with data brokers or resellers
  • Never used to train, fine-tune, or improve generalized AI or machine learning models
  • Used only to provide the features you explicitly enable and use

You may revoke access at any time through your device settings or within the app.

3. Automatically Collected Data

We may collect:

  • Device and log data (IP address, operating system, app version)
  • Approximate location (derived from IP address)
  • Usage analytics (feature usage, performance metrics, crash reports)

This data is used for security, reliability, and service improvement.

3.1 Product Analytics on the Calendar App

When you are signed in to the Supaplan calendar app (/cal/*), we use Mixpanel to record product-usage events such as page views and onboarding milestones.

  • Processor: Mixpanel, Inc. (United States), acting as our data processor. Cross-border transfers are covered by the EU Standard Contractual Clauses described in §8.
  • Residency: Mixpanel data is processed on Mixpanel's EU infrastructure (api-eu.mixpanel.com).
  • Identifier: Mixpanel events are tied to your Supaplan user ID. The Mixpanel People profile mirrors your Supaplan profile (email, first / last name, avatar URL, timezone, language, time-format preference, account-creation date) and your subscription state (plan tier — free / trial / paid — access flag, store, trial days remaining). We do not pass calendar event content, contact details, or message bodies to Mixpanel.
  • Scope: The Mixpanel SDK is not loaded on the marketing website, public booking pages, or pre-authentication screens — only after you sign in to the calendar app.
  • Storage: Mixpanel uses localStorage (not cookies) to persist its anonymous identifier and is reset when you sign out.
  • Retention: Event and People-profile data is retained for 5 years from the most recent event under Mixpanel's standard project policy. Deleting your Supaplan account triggers a Mixpanel delete request for your distinct ID.

Marketing-site analytics (Google Analytics 4)

On the public marketing pages (everything outside /cal/*, /book/*, /shared/*, and /cal/admin/*) we additionally load Google Analytics 4 to measure aggregate traffic. Details of the cookies it sets and how to opt out are in the Cookie Policy. The privacy-relevant facts:

  • Processor: Google Ireland Ltd. (EU) acting as joint controller with Google LLC (United States). Cross-border transfers are covered by the EU Standard Contractual Clauses described in §8.
  • Data: Pseudonymous client ID, page paths, referrer, device and browser metadata, and a truncated IP address. No Supaplan user identifier is sent to GA4.
  • Retention: GA4 event and user data retention in our property is set to 14 months; aggregated reports persist longer per Google's default reporting policy.
  • Scope: GA4 is not loaded on the authenticated calendar app, the public booking pages, the shared-event pages, or admin screens.

We process personal data based on one or more of the following legal bases:

  • Performance of a contract (providing core functionality)
  • Consent (contacts, calendar access, notifications)
  • Legitimate interests (security, fraud prevention, service reliability)
  • Legal obligations (compliance with applicable laws, regulations, court orders, subpoenas, or other legal processes; tax and accounting requirements; responding to law enforcement requests when required by law)

5. Use of AI and Automation

Supaplan uses automation and AI only to provide features that you actively and explicitly use, such as:

  • Scheduling suggestions
  • Time planning insights
  • Natural language interaction with your schedule

AI Data Handling Guarantees

  • AI features are user-initiated and visible in the app interface
  • Personal data is processed only at the time of your request
  • We do not use your data to train, develop, or fine-tune generalized or third-party AI models
  • Data submitted during AI interactions is not retained for model training or improvement
  • All AI-initiated actions that modify your data (such as creating or updating events) require explicit user confirmation (human-in-the-loop)
  • AI processing is performed using Google Vertex AI with zero retention policy, ensuring that your data is not stored or retained by the AI service provider

AI is used solely to assist you in using the Service and does not operate autonomously on your data.

6. Payments

Payments are processed exclusively by the Apple App Store or Google Play Store.

Supaplan does not collect, store, or process payment card information.

7. Data Retention

  • Personal data is retained for as long as your account is active
  • You may delete your account at any time directly within the app
  • After account deletion, data is deleted or anonymized, except where retention is required by law
  • We do not retain personal data longer than necessary for the purposes described in this Policy

Analytics retention windows:

  • Mixpanel event and profile data: 5 years from the most recent event (Mixpanel project default).
  • Google Analytics 4 event and user data: 14 months in our property; aggregated reports persist longer per Google's default reporting policy.

8. International Data Transfers

Your data may be processed in countries outside your country of residence. Where required, we rely on EU Standard Contractual Clauses (SCCs) or equivalent legal safeguards to protect your data.

The following processors involve a cross-border transfer to the United States, all of them covered by the EU SCCs:

  • Mixpanel, Inc. — product analytics on the authenticated calendar app (see §3.1). EU residency endpoint, US-based processor.
  • Google LLC — Google Analytics 4 on the marketing site (see §3.1). EU sub-processor: Google Ireland Ltd.
  • Google LLC — Vertex AI for the AI features described in §5, with the documented zero-retention policy for prompts and outputs.

9. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

10. Security

We implement appropriate technical and organizational security measures to protect your data.

All service tokens and account credentials are stored encrypted using Google Cloud Key Management Service (KMS) with FIPS 140-2 Level 3 validated cryptographic modules.

However, no method of transmission or storage is completely secure.

11. Changes to This Policy

We may update this Privacy Policy from time to time.

The most current version will always be available in the app and on our website.

12. Contact

📧 [email protected]