Privacy Policy

1. Who we are and scope

This Privacy Policy describes how Carson Eisner and Macabee Ascher (“Meetly,” “we,” “us,” or “our”) — two individuals based in the State of North Carolina, United States, who together operate the Meetly scheduling service and website (collectively, the “Service”) — collect, use, disclose, and protect information about you. We run Meetly as a personal project, not through a company. For the purposes of applicable data-protection law, including the EU and UK General Data Protection Regulation (“GDPR”), the joint data controllers are Carson Eisner and Macabee Ascher, located in North Carolina, United States.

By accessing or using the Service, you acknowledge that you have read and understood this Policy. If you do not agree with it, do not use the Service.

2. No accounts

There are no user accounts, passwords, or profiles. A poll is reached through its link, and the ability to edit or delete it is controlled by secret tokens stored in your browser's local storage — not by a login. Anyone who has a poll link can view that poll; only someone holding the corresponding admin token can manage it. You are responsible for keeping poll links and tokens confidential. Anyone with whom you share a link or token may be able to view or change the associated poll.

3. Information we collect

We collect the following categories of information:

Information you provide

• Poll details entered by an organizer: event name, date range, time window, duration, and similar scheduling settings.
• Your response: the name you enter, the times you mark as available or preferred, any votes you cast on candidate slots, and an email address if you choose to provide one.
• Invitee information: if an organizer adds people to a “waiting on” list, the names and/or email addresses the organizer enters.

Calendar information (only if you connect a calendar)

• The time ranges during which you are busy — the start and end times of your events — used to fill in your availability.
• Depending on your provider, the title or name of each busy event, so we can display it back to you on your own availability grid. Event names are private to you: they are never shown to the organizer or to other participants, and only you, using the secret token saved in your browser, can retrieve them. We do not collect event descriptions, attendee or guest lists, locations, attachments, or notes.
• The email address associated with a connected calendar account, used to attribute your response and to contact you about the poll.
• An access/refresh token or credential for the connection (see “Calendar connections” below).

Information collected automatically

• Server and security logs: like virtually all web services, our infrastructure providers automatically process technical data such as IP address, browser/user-agent string, request timestamps, and error diagnostics. We use this to operate, secure, and debug the Service.
• Local storage: we store secret tokens and saved calendar-connection references in your browser's local storage so you can manage your poll or reuse a connection without re-authenticating. This stays on your device and is not an advertising or tracking cookie.

We do not knowingly collect special categories of data (such as health, biometric, or precise geolocation data). Please do not submit such information through the Service.

4. How we use information

We use the information described above to:

• operate the Service — create polls, record responses, and compute results;
• display your availability and recommend candidate meeting times;
• send transactional email related to a poll (confirmations, response alerts, the finalized time, and reminders) where an address is provided;
• secure the Service, prevent abuse, and debug errors; and
• comply with legal obligations and enforce our terms.

We do not use your information for behavioral advertising, and we do not sell or rent it. We do not use your calendar contents, responses, or email address to train artificial-intelligence models (see “AI recommendations” below).

5. Legal bases for processing (EEA/UK)

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR:

• Consent — for connecting a calendar and providing an optional email address. You may withdraw consent at any time (for example, by disconnecting the calendar), without affecting prior processing.
• Performance of a task you request — to create and run the poll you are participating in.
• Legitimate interests — to secure and maintain the Service, prevent abuse, and communicate about polls, balanced against your rights.
• Legal obligation — where processing is required to comply with applicable law.

6. Calendar connections

Connecting Google, Microsoft Outlook, Apple iCloud, or an imported calendar (via a read-only share link or an uploaded .ics file) is entirely optional. When you connect one, we read your busy time ranges (and, where available, event titles, kept private to you as described above) to populate your availability. We request the minimum scope necessary for this purpose and do not request write access to your calendar for participant responses.

For Google and Outlook we retain an OAuth refresh token; for Apple and imported share links we retain the app-specific password or URL you provide, so your availability can refresh without reconnecting each time. These credentials are stored in our database, are accessible only via a secret connection token, and are not exposed to other users. A one-time .ics file upload stores no credential and is never re-read. You can disconnect a calendar at any time to stop further syncing.

7. Google user data — Limited Use disclosure

Meetly's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, data obtained from Google APIs is used only to provide and improve the scheduling features you request, is not transferred to third parties except as necessary to provide those features or as required by law, is not used for advertising, and is not used to train generalized artificial-intelligence or machine-learning models. We retain Google user data only as long as needed for these purposes and delete it on request or when you disconnect.

8. AI recommendations

To suggest the best meeting times, candidate time slots and aggregate attendance counts may be sent to Google's Gemini API for ranking. This data describes times and how many people are free — it does not include your calendar event contents, titles, or email address. This data is not used to train Google's models. If the AI service is unavailable, Meetly falls back to a built-in deterministic ranking and works the same.

9. Email

If an email address is provided, we use it only to send transactional messages related to the poll — a confirmation to the organizer, alerts when someone responds, the final time once a slot is picked, and reminders to invitees who haven't replied. Email is delivered through our provider, Resend. We do not send marketing email and do not sell or rent email addresses.

10. Cookies and local storage

We do not use advertising cookies, analytics cookies, or cross-site tracking technologies. We use your browser's local storage for strictly necessary functionality — remembering the secret tokens that let you manage a poll or reuse a calendar connection. You can clear this at any time through your browser settings; doing so will remove the saved tokens from your device.

11. How we share information

We do not sell your personal information and do not share it for cross-context behavioral advertising. We disclose information only as follows:

• Other poll participants and the organizer: your name, the availability you submit, and any votes are visible to others viewing the same poll. Your email address and your private event titles are not shown to them.
• Service providers (subprocessors) who process data on our behalf to operate the Service, under contractual confidentiality and security obligations:
  • Supabase — database and hosting;
  • Resend — transactional email delivery;
  • Google, Microsoft, and Apple — calendar APIs you choose to connect;
  • Google (Gemini) — optional AI slot ranking;
  • Zoom, Google, and Microsoft — video-meeting link creation, only when an organizer chooses to generate one.
• Legal and safety: when we believe in good faith that disclosure is required by law, legal process, or to protect the rights, safety, or property of Meetly, our users, or the public.
• Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.

12. International data transfers

The Service and its providers are based in, and process data in, the United States and other countries. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, where data-protection laws may differ from those in your jurisdiction. Where required, such transfers are made under appropriate safeguards (such as the European Commission's Standard Contractual Clauses).

13. Data retention

We retain poll and response data for as long as the poll exists, so participants can keep viewing and updating it. Polls and their associated data do not currently expire automatically; they persist until the organizer deletes the poll or you request deletion. When a poll is deleted, its responses and stored calendar connections are removed. We may retain limited records longer where necessary to comply with legal obligations, resolve disputes, or enforce our agreements.

14. Security

We use reasonable technical and organizational measures designed to protect information, including transport encryption (HTTPS), database access controls, and token-gated access to credentials. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You use the Service at your own risk and are responsible for safeguarding the poll links and tokens shared with you.

15. Data breach notification

In the event of a data breach affecting your personal information, we will notify affected users and applicable regulators as and where required by applicable law.

16. Your privacy rights (EEA/UK and others)

Subject to applicable law, you may have the right to access, correct, delete, or receive a portable copy of your personal information; to restrict or object to certain processing; and to withdraw consent. To exercise these rights, contact us at the address in Section 20. We will respond within the timeframe required by applicable law. Because there are no accounts, we may need information to locate your data (such as the relevant poll link or the email address you provided) and may need to verify your request before acting. You also have the right to lodge a complaint with your local data-protection authority.

17. Your California privacy rights (CCPA/CPRA)

If you are a California resident, you may have the right to know what personal information we collect, use, and disclose; to request deletion or correction; and to not be discriminated against for exercising these rights. We do not sell or share your personal information as those terms are defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”), and we have not done so in the preceding twelve months. The categories of information we collect and our purposes are described above. To exercise your rights, contact us using Section 20; you may use an authorized agent, and we will verify requests as permitted by law.

18. Children's privacy

The Service is not directed to children under 13 (or under 16 in the EEA/UK), and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will delete it.

19. Other terms

Third-party services

The Service integrates with third parties (such as Google, Microsoft, Apple, Zoom, and Resend) that have their own privacy policies. We are not responsible for the privacy practices of third parties, and your use of their services is governed by their terms.

Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the “Last updated” date shown with it, and, for material changes, provide additional notice where required by law. Your continued use of the Service after an update constitutes acceptance of the revised Policy.

Governing law

This Policy is governed by the laws of the State of North Carolina, United States, without regard to its conflict-of-laws rules, except where superseded by mandatory data-protection law in your jurisdiction.

20. Contact us

Questions about this Policy or your data, or to exercise your privacy rights, contact:

Carson Eisner & Macabee Ascher
Meetly — North Carolina, United States
carmac.enterprises@outlook.com