Skip to main content

Privacy Policy

GDPR Compliance

Using our software enables you and your organization to meet GDPR regulatory requirements. Aany data entered into our apps, including Personally Identifiable Information (PII) or Protected Health Information (PHI), is never transferred, saved, or stored on our servers. All data remains on your device or with the third-party services you choose to sync with (such as iCloud, Google, Microsoft Office etc) ensuring your information stays under your control at all times.

Takeaway

None of your data is ever transferred, synced, or stored on our servers or any third-party services we use. Simply put, we have no access to or knowledge of what our software is being used for.

As a result, our operations do not involve large-scale processing or monitoring of personal data, which means we are not required to appoint a Data Protection Officer (DPO) under GDPR. However, we remain fully committed to ensuring all interactions comply with GDPR regulations, prioritizing secure and direct communication between the app and the services you choose to use.

important

If you use our software with a third-party service (such as a CalDAV or WebDAV server), it is your responsibility to ensure that the service complies with GDPR requirements. These services are solely responsible for handling your private data on their systems.

EULA

Our End User Licensing Agreement is accessible here.

Contacts Access Permission

When you launch our apps, they will request your permission to access your Contacts.

  • BusyCal: Access to your Contacts is required to display birthdays and anniversaries, schedule meetings, and autofill addresses when adding locations to events. Your name and email addresses from your "Me Card" are used for sending invitations, managing shared calendars, and tracking changes to events (e.g., last modified details). BusyCal does not collect or upload your contact details to its servers. Contacts are only uploaded to the CalDAV server you sync with if you explicitly attach them to events.

  • BusyContacts: Access to your Contacts is required to autofill addresses, names, and numbers as needed. It also uses your "Me Card" to accurately identify you and allow changes to your contact card. Like BusyCal, BusyContacts does not collect or upload your contact details to its servers.

Login Credentials

BusyCal and BusyContacts use your login credentials (e.g., username and password) to synchronize, manage, and display your calendars, events, reminders, and contacts.

  • When adding accounts such as Office 365 or Google, our apps use industry-standard authentication methods like OAuth for secure login.
  • Your credentials, including usernames, passwords, or OAuth tokens, are securely stored in the system Keychain on macOS or iOS. The Keychain is a secure component designed to safely store app and system credentials.
  • We do not transfer or share your account information, including synced data, with any third-party servers, including our own, outside of your device.

Office 365 / Exchange Web Services

BusyCal and BusyContacts connect to Office 365 and Exchange accounts via Microsoft’s Exchange Web Services (EWS) protocol. ActiveSync is not supported.

  • All communication occurs directly between your device and the server associated with your account for synchronization purposes.
  • No information is sent to or shared with any other servers outside of this connection.
  1. Delegate and Shared Calendars

BusyCal and BusyContacts offer a full replacement of Outlook in their own rights and so in order to sync with Exchange / O365, our apps need to be able to see delegate and shared calendars and address books (only related to the connected account) so that the user is able to manage calendars they own, including ones shared them.

  1. Basic profiles

Our applications do not probe, discover, or access the profiles of others within your organization. They only request the email addresses of users from the server when adding an "attendee" to an event or when setting up a shared calendar. This is also necessary when using the Availability Viewer to conduct Free/Busy lookups.

  1. Full Access to User Calendars/Address Books

Our apps are designed to serve as replacements for native apps like Apple Calendar or Microsoft Outlook, and therefore require full access to perform actions such as creating, editing, or deleting events and contacts on your behalf.

important

Full access is required for our apps to read, write, or delete events and contacts as directed by you. This access is limited to your calendars and address books and does not include any other organizational data.

In some cases, granting access to work or university accounts may require prior approval from your organization. This is typically done through administrative settings within platforms like Office 365 or similar portals.

Licensing

When you place an order or purchase a copy of our software, you are required to share your email address with us. This email is linked to the serial number generated to uniquely identify your installation(s). This information is stored and used exclusively for licensing and invoicing purposes. When you register your Mac for the first time, your Mac-ID, IP address, and serial number are sent to our servers to validate and activate your copy. This process is necessary solely for licensing purposes and to validate your installation.

Automatic Updates

BusyCal and BusyContacts on macOS periodically check for updates by contacting our servers. This process involves sending anonymous information about your installation, including the version of BusyCal/BusyContacts and macOS, to determine if an update is available for your software.

Mailing Lis

If you have subscribed to our mailing list, you will receive infrequent emails from us about important software updates, new product announcements (which may or may not be developed in association / collaboration with another company) or special offers. We will protect your privacy and not share / sell your email addresses to anyone. You may unsubscribe from our mailing list at any time.

Application Logs

If you contact us and choose to share private logs for diagnostic purposes (with your consent), these logs are retained only as long as necessary to resolve the issue. No one outside our organization has access to this information. You have the right to request immediate deletion of logs at any time, even before the issue is resolved.

Logs are never shared automatically, and we cannot access your computer or installed apps. Our apps are sandboxed, native applications that securely store data locally on your device, giving you complete control over your logs, including the ability to delete them or adjust logging levels as needed.

Non-Personal Information

Non-personal information refers to data that cannot be used to uniquely identify an individual. This typically includes crash stack traces and performance-related analytics. We use Google Firebase—formerly known as Fabric/Crashlytics—to receive automatic crash reports and optional performance metrics. This information helps us identify bugs and improve app performance. It is used exclusively for these purposes and is not employed for tracking individuals or any other purpose.

The only exception is when users voluntarily choose to send their application logs for diagnostic support. In such cases, users are informed that the logs may contain sensitive information before sharing.

Crash reporting can be entirely disabled via the application's preferences, ensuring complete control over data sharing.

Internet Access Policy

Apart from third-party CalDAV, Exchange, and WebDAV servers that you may configure with our apps, here is a list of domains our apps communicate with. No personal information is ever collected, tracked, stored, or shared, especially anything you enter or store within the apps. This applies to all our apps.

Outgoing Connections

versioncheck.busymac.com

Our apps connect to this server to validate your license and to check for updates. Your license serial number and the device UUID it is licensed to are frequently validated to ensure you haven't exceeded your allocated seat quota and to thwart illegal piracy attempts. Given our flexible 30-day refund policy, this also checks if your license has not been invalidated after a refund is issued. If this connection is blocked for a prolonged period while the app continues to function and sync otherwise, the app may prevent further usage as it can no longer validate your license.

register.busymac.com

Our apps connects to the this server to register your license. Your license serial number and the device UUID is shared with the server to adjust this against your seat quota.

news.busymac.com

Our apps connect to this server to check for essential app-updates and related announcements.

*.busymac.workers.dev, *.on.aws

We protect our weather API behind a secure proxy server, hosted by CloudFlare / AWS Lambda functions. This domain is solely responsible for servicing weather and W3W (What3Words.com) lookups securely. No location data is stored, retained, collected, tracked, saved, transferred, sold, or communicated with anyone.

*.cloudfunctions.net

Our apps connect to Google Cloud Functions to enable Push Sync for Google Calendar accounts. This domain is solely responsible for securely registering for automatic, push sync when enabled. No personal data, including any part of your account information or credentials, are transferred or communicated outside of the app.

*.crashlytics.com, crashlyticsreports-pa.googleapis.com

Our apps send anonymous crash reports containing stack traces to Google Firebase (Crashlytics) to help identify and resolve bugs and crashes. Crash logs are automatically generated by macOS whenever an app unexpectedly closes or crashes due to issues such as user interactions, memory leaks, or other system errors. These stack traces provide critical insights, enabling developers to diagnose the root cause and improve the app's overall stability.

Without these stack-traces, it would be nearly impossible to identify the source of the issue or make the necessary fixes to enhance your experience. Rest assured, these reports are entirely anonymous and contain no personally identifiable information.

firebaselogging-pa.googleapis.com, *.app-measurement.com

Analytics are turned off by default. When manually enabled under app Settings, our apps occasionally send entirely anonymous app-usage and licensing-related events to Firebase to correlate these with Crashlytics reports and to help identify general performance issues and usage trends. These analytics also help us identify areas that are under-utilized and need greater attention. Any data collected here strictly complies with the General Data Protection Regulation (GDPR). Data collection is also automatically purged periodically and contains absolutely no information related to events, calendars, and accounts, personal or otherwise.

googleapis.com

This domain is used for Google Calendar, Tasks, Contacts, and Workspace APIs (for free/busy discovery). This domain will only be connected to when you add a Google account to the app.

dns.google

This is Google's public DNS, used internally by all Google APIs (Calendar, Tasks, Contacts, Firebase, Crashlytics, etc.) for sending queries to authoritative servers from Core data centers and Google Cloud region locations.

Cookies and Other Technologies

Our website, services, apps, email communications, and advertisements may use "cookies" and other technologies such as "pixel tags" and "click-through URLs". We use the information we collect in this manner to better understand our users' interactions with our website and to optimize the user experience. You can disable cookies in your browser settings, but please note that certain features on our website may not be available as a result.

As you access our services, we gather some information automatically on our servers and store it in log files. This information includes your browser type, version, and language, your operating system, the referring and exit websites, IP address, a date/time stamp of the request, and the requested resource (file name and URL). We use this information in anonymized form for statistical analysis, to administer our site, and to improve our product and services, without directly associating this data with individual users.