Privacy Policy

Last updated: 2026-05-04

Supaplan ("Supaplan", "we", "us", or "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data when you use the Supaplan mobile application (iOS and Android) and related web-based features used for scheduling and sharing events (together, the "Service").

This Policy applies globally, including users in the European Union (EU) and European Economic Area (EEA).

If you have any questions, contact us at [email protected].

1. Scope of This Policy

This Policy applies to:

The Supaplan mobile app
Supaplan web pages used for event sharing and scheduling
Communications with Supaplan support

It does not apply to third-party services you may access via Supaplan.

2. Personal Data We Collect

2.1 Data You Provide

Account information (name, email address, authentication identifiers)
Preferences and settings
Communications with customer support
Content you intentionally enter into the app (for example notes or requests)

2.2 Contacts and Calendar Data (Opt-In Only)

With your explicit consent, Supaplan may access:

Contacts (names, email addresses, phone numbers)
Calendar events, availability, and related scheduling metadata

Purpose

This data is used strictly to provide core, user-visible functionality, including:

Scheduling and coordination
Availability checks
Creating, updating, and managing events
Sharing event information with selected participants

Important Commitments

Contacts and calendar data are never sold
Never used for advertising or marketing purposes
Never shared with data brokers or resellers
Never used to train, fine-tune, or improve generalized AI or machine learning models
Used only to provide the features you explicitly enable and use

You may revoke access at any time through your device settings or within the app.

3. Automatically Collected Data

We may collect:

Device and log data (IP address, operating system, app version)
Approximate location (derived from IP address)
Usage analytics (feature usage, performance metrics, crash reports)

This data is used for security, reliability, and service improvement.

3.1 Product Analytics on the Calendar App

When you are signed in to the Supaplan calendar app (/cal/*), we use Mixpanel to record product-usage events such as page views and onboarding milestones.

Residency: Mixpanel data is processed on Mixpanel's EU infrastructure (api-eu.mixpanel.com).
Identifier: Mixpanel events are tied to your Supaplan user ID. The Mixpanel People profile mirrors your Supaplan profile (email, first / last name, avatar URL, timezone, language, time-format preference, account-creation date) and your subscription state (plan tier — free / trial / paid — access flag, store, trial days remaining). We do not pass calendar event content, contact details, or message bodies to Mixpanel.
Scope: The Mixpanel SDK is not loaded on the marketing website, public booking pages, or pre-authentication screens — only after you sign in to the calendar app.
Storage: Mixpanel uses localStorage (not cookies) to persist its anonymous identifier and is reset when you sign out.

We process personal data based on one or more of the following legal bases:

Performance of a contract (providing core functionality)
Consent (contacts, calendar access, notifications)
Legitimate interests (security, fraud prevention, service reliability)
Legal obligations (compliance with applicable laws, regulations, court orders, subpoenas, or other legal processes; tax and accounting requirements; responding to law enforcement requests when required by law)

5. Use of AI and Automation

Supaplan uses automation and AI only to provide features that you actively and explicitly use, such as:

Scheduling suggestions
Time planning insights
Natural language interaction with your schedule

AI Data Handling Guarantees

AI features are user-initiated and visible in the app interface
Personal data is processed only at the time of your request
We do not use your data to train, develop, or fine-tune generalized or third-party AI models
Data submitted during AI interactions is not retained for model training or improvement
All AI-initiated actions that modify your data (such as creating or updating events) require explicit user confirmation (human-in-the-loop)
AI processing is performed using Google Vertex AI with zero retention policy, ensuring that your data is not stored or retained by the AI service provider

AI is used solely to assist you in using the Service and does not operate autonomously on your data.

6. Payments

Payments are processed exclusively by the Apple App Store or Google Play Store.

Supaplan does not collect, store, or process payment card information.

7. Data Retention

Personal data is retained for as long as your account is active
You may delete your account at any time directly within the app
After account deletion, data is deleted or anonymized, except where retention is required by law
We do not retain personal data longer than necessary for the purposes described in this Policy

8. International Data Transfers

Your data may be processed in countries outside your country of residence.

Where required, we rely on EU Standard Contractual Clauses (SCCs) or equivalent legal safeguards to protect your data.

9. Your Rights

You have the right to:

Access your personal data
Correct inaccurate data
Request deletion of your data
Restrict or object to processing
Request data portability
Withdraw consent at any time
Lodge a complaint with a supervisory authority

10. Security

We implement appropriate technical and organizational security measures to protect your data.

All service tokens and account credentials are stored encrypted using Google Cloud Key Management Service (KMS) with FIPS 140-2 Level 3 validated cryptographic modules.

However, no method of transmission or storage is completely secure.

11. Changes to This Policy

We may update this Privacy Policy from time to time.

The most current version will always be available in the app and on our website.

12. Contact

📧 [email protected]