Busy Apps Privacy Policy

GDPR Compliance

Using our software enables you and your organization to meet the regulatory requirements of the GDPR. We want to clarify that we do not retain or store any data you enter into our software, including any Personally Identifiable Information (PII) or Protected Health Information (PHI). As such, none of this data is transferred or synced to our servers or to any third-party servers or services we may use. Consequently, our operations do not involve large-scale processing or monitoring of personal data that would necessitate the appointment of a Data Protection Officer (DPO) under GDPR. We ensure all interactions are in compliance with GDPR regulations, focusing on secure, direct communication between the app and the services you use. Therefore, it is essential to ensure that the service you are using in conjunction with our software (such as a CalDAV / WebDAV service) is in compliance with GDPR regulations.

EULA

Our End User Licensing Agreement is accessible here.

Contacts Access Permission

Upon launching, our apps will request your permission to access your Contacts. BusyCal needs access to your Contacts to display birthdays and anniversaries, and to schedule meetings. It also uses your contacts to autofill addresses when adding locations to events. Your name and email addresses from your Me Card are utilized for sending invitations, managing shared calendars, and documenting changes to events to track their last modified state. BusyCal does not collect or upload your contact details to its servers. Only contacts that you explicitly attach to events are uploaded to the CalDAV server with which you are syncing.

BusyContacts requires access to your Contacts for autofilling addresses, names, and numbers as needed. It also needs access to your Me Card to accurately identify you and enable you to make changes to your contact card. BusyContacts does not collect or upload your contact details to its servers.

Login Credentials

BusyCal and BusyContacts utilize your username and password to synchronize, manage, and display your calendars, events, reminders, and contacts. When adding Office 365, Google Calendar, or Contacts accounts to BusyCal and BusyContacts, we rely on industry standards such as OAuth for authentication. Your username, password, or OAuth tokens are securely stored in the system Keychain, a component of macOS and iOS that securely stores credentials for both system and third-party applications. Your account information, including any data you sync, is never transferred or shared with any third-party servers, including our own, outside of your device.

Office 365 / Exchange Web Services

BusyCal and BusyContacts communicate with O365 and Exchange accounts via Microsoft's Exchange Web Services protocol and do not support ActiveSync. Our apps do not communicate any information outside of your device with any other server other than the one connected for the purpose of sync.

1) Delegate and Shared Calendars

BusyCal and BusyContacts offer a full replacement of Outlook in their own rights and so in order to sync with Exchange / O365, our apps need to be able to see delegate and shared calendars and address books (only related to the connected account) so that the user is able to manage calendars they own, including ones shared them.

2) Basic profiles

Our applications do not probe, discover, or access the profiles of others within your organization. They only request the email addresses of users from the server when adding an "attendee" to an event or when setting up a shared calendar. This is also necessary when using the Availability Viewer to conduct Free/Busy lookups.

3) Full Access to User Calendars/Address Books

Without full access, our apps cannot read, write, or delete events and contacts based on user actions. Access is limited to the connected user's calendars and address books, not extending to the entire organization.

Licensing

When you place an order or purchase a copy of our software, you are required to share your email address with us. This email is linked to the serial number generated to uniquely identify your installation(s). This information is stored and used exclusively for licensing and invoicing purposes. When you register your Mac for the first time, your Mac-ID, IP address, and serial number are sent to our servers to validate and activate your copy. This process is necessary solely for licensing purposes and to validate your installation.

Automatic Updates

BusyCal and BusyContacts on macOS periodically check for updates by contacting our servers. This process involves sending anonymous information about your installation, including the version of BusyCal/BusyContacts and macOS, to determine if an update is available for your software.

Mailing List

If you have subscribed to our mailing list, you will receive infrequent emails from us about important software updates, new product announcements (which may or may not be developed in association / collaboration with another company) or special offers. We will protect your privacy and not share / sell your email addresses to anyone. You may unsubscribe from our mailing list at any time.

Application Logs

If you contact us and choose to send your private logs for diagnostic purposes (with your consent), we retain these logs only as long as necessary to resolve the issue. No one outside of BusyMac has access to this information. You have the right to request the immediate deletion of these logs, even before the issue is fully resolved. You maintain complete control over these logs and are free to manually purge them or adjust the default logging level at any time.

Non-Personal Information

Non-personal information refers to data that cannot be used on its own to uniquely identify an individual. This typically includes crash logs and performance-related analytics. We utilize Google Firebase (http://firebase.google.com) —formerly known as Fabric/Crashlytics—for receiving automatic crash reports and optional performance metrics. This helps us identify bugs and performance bottlenecks. This data is used solely for these purposes and not for tracking individuals or for any other use. The exception is when users voluntarily send their application logs for support-related diagnostics, after being informed that these logs may contain sensitive information.

Internet Access Policy

Apart from third-party CalDAV, Exchange, and WebDAV servers that you may configure with our apps, here is a list of domains our apps communicate with. No personal information is ever collected, tracked, stored, or shared, especially anything you enter or store within the apps. This applies to all our apps.

news.busymac.com

Our apps connect to this server to check for updates and occasional related announcements.

versioncheck.busymac.com

Our apps connect to this server to validate your license. Your serial number and the device UUID it is licensed to are frequently validated to ensure you haven't exceeded your allocated device quota and to thwart illegal piracy attempts. If this connection is blocked for a prolonged period while the app continues to function and sync otherwise, the app may prevent further usage as it can no longer validate your license.

*.busymac.workers.dev, *.on.aws

We protect our weather API behind a secure proxy server, hosted by CloudFlare / AWS Lambda functions. This domain is solely responsible for servicing weather and W3W (What3Words.com) lookups securely. No location data is stored, collected, saved, transferred, sold, or communicated with other services.

*.cloudfunctions.net

Our apps connect to Google Cloud Functions to enable Push Sync for Google Calendar accounts. This domain is solely responsible for securely registering for automatic, push sync when enabled. No personal data, including account information or credentials, are transferred or communicated outside of the app.

*.crashlytics.com, crashlyticsreports-pa.googleapis.com

Our apps send crash reports to Google Firebase (Crashlytics) to assist in identifying bugs and crashes. Crash logs are generated by macOS each time an app may abruptly close or crash due to user interaction or a memory leak. These crash stack traces help developers improve the app's overall stability.

firebaselogging-pa.googleapis.com, *.app-measurement.com

Our apps occasionally send entirely anonymous app-usage and licensing-related events to Firebase to correlate these with Crashlytics reports and to help identify general performance issues and usage trends. Analytics are turned off by default, however, under App Settings > Advanced > Other. These analytics also help us identify areas that are under-utilized and need greater attention. Any data collected here strictly complies with the General Data Protection Regulation (GDPR). Data collection is also automatically purged periodically and contains absolutely no information related to events, calendars, and accounts, personal or otherwise.

googleapis.com

This domain is used for Google Calendar, Tasks, Contacts, and Workspace APIs (for free/busy discovery).

dns.google

This is Google's public DNS, used internally by Google APIs (Calendar, Tasks, Contacts, Firebase, Crashlytics, etc.) for sending queries to authoritative servers from Core data centers and Google Cloud region locations.

Cookies and Other Technologies

Our website, services, apps, email communications, and advertisements may use "cookies" and other technologies such as "pixel tags" and "click-through URLs". We use the information we collect in this manner to better understand our users' interactions with our website and to optimize the user experience. You can disable cookies in your browser settings, but please note that certain features on our website may not be available as a result.

As you access our services, we gather some information automatically on our servers and store it in log files. This information includes your browser type, version, and language, your operating system, the referring and exit websites, IP address, a date/time stamp of the request, and the requested resource (file name and URL). We use this information in anonymized form for statistical analysis, to administer our site, and to improve our product and services, without directly associating this data with individual users.