1. Who We Are
ProtonScheduler ("we", "our", "us") is an open-source scheduling platform. Our cloud service is hosted on Scaleway infrastructure in the European Union (Paris, France). Our source code is publicly available under the MIT license at github.com/beatsandhooks/proton-scheduler.
2. Our Architecture: Why It Matters for Privacy
ProtonScheduler is built on the Solid protocol, a decentralized data standard created by Sir Tim Berners-Lee. This means:
- Your scheduling data (events, bookings, calendar entries, preferences) is stored in your personal Solid Pod — a data store that you own and control.
- We never have access to the contents of your Solid Pod. Our servers facilitate connections but do not store or process your scheduling data.
- You can switch providers or self-host at any time. Your data is portable by design.
3. What We Collect
We distinguish clearly between what we store and what stays in your Pod.
3a. Data we store (cloud service only)
If you use ProtonScheduler Cloud (our hosted service), we store the following account metadata in our database:
| Data | Purpose | Retention |
|---|---|---|
| Email address | Account identification, notifications | Until account deletion |
| WebID (Solid identifier) | Solid Pod authentication | Until account deletion |
| Solid Pod URL | Connecting to your data store | Until account deletion |
| Subdomain choice | Your booking page URL | Until account deletion |
| Subscription tier | Feature access control | Until account deletion |
| Aggregate usage counts | Enforcing plan limits (e.g. bookings/month) | Rolling monthly |
3b. Data stored by Stripe
If you subscribe to a paid plan, payment processing is handled entirely by Stripe, Inc. We store only your Stripe customer ID and subscription ID. We never see or store your credit card number, bank details, or billing address. See Stripe's privacy policy.
3c. Data we do NOT collect
- Your calendar events, bookings, or meeting details
- Names or contact information of people who book with you
- Behavioral data, browsing patterns, or usage analytics
- IP addresses (not logged beyond standard server access logs, which are rotated weekly)
- Cookies for tracking or advertising (we use a single session cookie for authentication)
3d. Self-hosted users
If you self-host ProtonScheduler, we collect nothing. The software does not phone home, send telemetry, or contact our servers in any way. You are fully independent.
4. How We Use Your Data
The account metadata we store is used exclusively to:
- Authenticate you and connect to your Solid Pod
- Route visitors to your booking page via your subdomain
- Enforce plan limits (e.g. bookings per month on the Free tier)
- Process subscription billing through Stripe
- Send transactional emails (booking confirmations, account notifications)
We do not use your data for advertising, profiling, training AI models, or any purpose other than operating the service you signed up for.
5. Data Sharing
We do not sell, rent, or share your personal data with third parties, with the following limited exceptions:
- Stripe — Payment processing only. Stripe acts as an independent data controller for payment data.
- Scaleway — Our hosting provider. They process data on our behalf under a Data Processing Agreement (DPA) in compliance with GDPR.
- Legal obligation — We may disclose data if required by law, court order, or government request. We will notify you if legally permitted to do so.
6. Data Location and Transfers
All ProtonScheduler Cloud infrastructure is hosted in the European Union (Scaleway, Paris, France). We do not transfer your account data outside the EU. Stripe may process payment data in the US under their own data transfer mechanisms.
7. Your Rights (GDPR)
If you are in the EU/EEA, you have the right to:
- Access — Request a copy of all data we hold about you
- Rectification — Correct inaccurate data
- Erasure — Delete your account and all associated metadata
- Portability — Export your data (your scheduling data is already in your portable Solid Pod)
- Object — Object to processing of your data
- Restriction — Request restricted processing
To exercise these rights, email [email protected]. We will respond within 30 days.
8. Data Retention
Account metadata is retained for as long as your account exists. When you delete your account:
- All account metadata is permanently deleted from our database within 48 hours
- Your Stripe subscription is canceled (Stripe retains payment records per their own policy)
- Your Solid Pod and all scheduling data remain untouched — they're yours
- Server backups containing your data are overwritten within 7 days
9. Cookies
ProtonScheduler uses a single, strictly necessary session cookie to keep you logged in. We do not use:
- Tracking cookies
- Analytics cookies (no Google Analytics, no Mixpanel, nothing)
- Advertising cookies
- Third-party cookies of any kind
Because we only use a strictly necessary cookie, no cookie consent banner is required under GDPR.
10. Security
We take security seriously:
- All connections encrypted via TLS 1.3
- Server hardened with UFW firewall, fail2ban, and SSH key-only access
- API keys hashed with SHA-256 (we never store raw keys)
- Stripe webhook signature verification on all payment events
- Daily encrypted database backups with 7-day rotation
- Open-source codebase — security is verifiable by anyone
If you discover a security vulnerability, please report it to [email protected]. We aim to respond within 24 hours.
11. Children
ProtonScheduler is not intended for use by anyone under 16 years of age. We do not knowingly collect data from children.
12. Changes to This Policy
We may update this privacy policy from time to time. Material changes will be communicated via email to registered users at least 14 days before taking effect. The "last updated" date at the top of this page indicates when the policy was last revised. Previous versions are available in our GitHub repository.
13. Contact
For privacy-related questions or concerns: