Privacy Policy

Last updated: March 3, 2026

1. Introduction

skdul.ai ("we", "us", "our") is a scheduling tool that take the privacy of your information very seriously. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our website, application, and services (collectively, the "Service").

This policy applies to two types of users:

  • Account Holders — individuals who create a skdul account to manage their scheduling, availability, and booking pages.
  • Guests — individuals who book meetings through skdul without creating an account.

By accessing or using skdul, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the Service.

2. What information do we collect

Information you provide

  • Account information — your name, email address, timezone, bio, tagline, social links, brand customization preferences (colors, logos), and avatar. If you do not upload a custom avatar, we generate one using DiceBear, which receives your initials to create a default image.
  • Booking data — events you create (title, duration, description, location preferences, custom questions), bookings made through your pages, and guest information (name, email, phone number if provided, notes, answers to custom questions) submitted during booking.
  • Calendar connections — if you connect your Google or Outlook calendar, we store OAuth tokens to read your availability and sync events on your behalf.
  • Video conferencing — if you connect Zoom, we store your Zoom display name, Zoom email address, and OAuth tokens to create and manage meeting links on your behalf.
  • Data imports — if you import data from Calendly, we receive your events, availability rules, and past bookings. Calendly credentials are not retained beyond the import session.
  • Developer access — if you use the skdul API, we store API keys (hashed, never in plaintext) and OAuth 2.0 client registrations you create.
  • Payment information — payment processing is handled by Stripe. We store only your Stripe customer ID and subscription ID. We do not store your full payment card details on our servers.

Information collected automatically

  • Log data — IP address, browser type and version, timestamps of requests, and referring pages.
  • Usage data — pages visited, features used, and interactions with the Service.
  • Device information — operating system, screen resolution, and device type.
  • Product analytics — Mixpanel collects pageviews, feature interactions, and session recordings. When you are logged in, analytics data is linked to your account (user ID, email, name). Mixpanel uses localStorage (not cookies) and is proxied through the skdul.ai domain.
  • Booking metadata — we track the source channel of each booking (booking page, embed, API, MCP, email, or negotiation) for analytics and product improvement.
  • Cookies — authentication session cookies to keep you logged in. See the "Cookies and tracking" section below for more detail.

Information from third parties

  • Calendar data — event times and availability information from connected Google or Outlook calendars, used solely for computing your availability.
  • OAuth profile information — if you sign in with Google or another social login provider, we receive your name, email, and profile picture from that provider.
  • Referral information — if you sign up via a referral link, we record the referring user for attribution purposes.

3. How we use your information

  • Provide and maintain the scheduling service
  • Process and manage bookings on your behalf
  • Send notifications — booking confirmations, reminders, and cancellation notices to you and your guests
  • Authenticate your identity and secure your account
  • Analyze usage to improve features and user experience
  • Detect scheduling patterns such as preferred times, preferred days, and calendar health scores to provide smarter suggestions
  • Track per-contact scheduling statistics (meetings, no-shows, typical booking times) to improve your scheduling experience
  • Provide developer access to your scheduling data through the API and MCP server
  • Communicate product updates and important changes
  • Prevent fraud, abuse, and unauthorized access
  • Comply with legal obligations

4. How we share your information

Service providers

We use a small number of trusted services to operate skdul:

  • Supabase — database hosting and authentication.
  • Resend — transactional email delivery (booking confirmations, reminders).
  • Vercel — application hosting.
  • Mixpanel — product analytics: receives user ID, email, name, and in-app activity for usage analysis and product improvement.
  • Google — calendar sync and OAuth authentication, when you choose to connect your Google account.
  • Zoom — video meeting link creation, when you choose to connect your Zoom account.
  • Stripe — payment processing. Receives only the information necessary to manage your subscription. We store only Stripe customer and subscription IDs.
  • Calendly — data import only, when you choose to migrate. OAuth token is not retained beyond the import session.

Booking participants

When someone books a meeting with you, they can see your name, profile information, and event details. You can see the guest's name, email address, and any notes they provide during booking.

Scheduling requests

When you propose a meeting to another skdul user via scheduling requests, both parties can see the meeting title, proposed times, request status, and the audit log of actions taken on that request.

Legal requirements

We may disclose your information if required to do so by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

Business transfers

If skdul is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

We do not sell your personal information to anyone. We do not share it with advertisers.

5. Cookies and tracking

  • We use authentication session cookies to keep you logged in. These are essential for the Service to function.
  • Mixpanel uses localStorage (not cookies) to store a device ID and session data. It tracks pageviews, feature usage, and session recordings. When you are logged in, this data is linked to your account. Mixpanel is proxied through the skdul.ai domain and is not used for cross-site advertising or ad network data sharing.
  • We do not use advertising cookies.
  • We do not share data with ad networks or use cross-site tracking.
  • To clear Mixpanel analytics data, clear your browser's site data for skdul.ai (this removes localStorage entries).
  • Disabling cookies may affect your ability to stay logged in.

6. Data retention

  • Account data is kept for as long as your account is active.
  • Booking data is retained for record-keeping purposes even after individual bookings are completed or cancelled.
  • Guest data is retained as part of the booking record for as long as the host's account is active. Guests may request deletion of their data by contacting admin@skdul.ai.
  • Analytics data is retained in accordance with Mixpanel's data retention policies.
  • Learned preferences and insights (scheduling patterns, calendar health scores, contact statistics) are deleted when your account is deleted.
  • If you request account deletion, your data will be removed within 30 days of the request.
  • Some data may be retained beyond deletion if required for legal compliance or dispute resolution.

7. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion of your personal data
  • Export your data in a portable format
  • Withdraw consent for optional data processing
  • Object to automated profiling (see the AI and automated processing section)
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, contact us at admin@skdul.ai. We will respond to your request within 30 days.

Guests have the same rights over their booking data. If you booked a meeting through skdul without creating an account, contact admin@skdul.ai with the email address you used when booking, and we will process your request.

8. European and UK residents (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) and UK GDPR provide you with additional protections. This section supplements the rest of our Privacy Policy.

Legal basis for processing (GDPR Art. 6)

  • Contract performance — processing necessary to provide the scheduling service, including creating and managing bookings, sending confirmations and reminders, and syncing with connected calendars.
  • Legitimate interests — product analytics (Mixpanel), fraud prevention, and scheduling insights (pattern detection, calendar health scores). We balance these interests against your rights and freedoms.
  • Consent — optional integrations (Calendly import, Zoom connection) and marketing communications. You may withdraw consent at any time.
  • Legal obligation — data retention where required by applicable law.

Your GDPR rights

In addition to the rights listed in section 7, EEA and UK residents have the right to:

  • Restriction of processing — request that we limit how we process your data in certain circumstances.
  • Object to legitimate-interest processing — object to processing based on our legitimate interests, including analytics and profiling.
  • Data portability — receive your personal data in a structured, commonly used, machine-readable format.
  • Lodge a complaint — file a complaint with your local supervisory authority if you believe your rights have been violated.

International transfers

When your data is transferred outside the EEA or UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and equivalent UK transfer mechanisms. Our sub-processors (Supabase, Vercel, Mixpanel, Resend, Stripe) maintain their own GDPR compliance documentation.

To exercise your GDPR rights, contact us at admin@skdul.ai. We will respond within 30 days.

9. California residents

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • Right to know — you can request details about the categories and specific pieces of personal information we have collected about you.
  • Right to delete — you can request that we delete your personal information, subject to certain exceptions.
  • Right to opt out of sale — we do not sell your personal information, so there is nothing to opt out of.
  • Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights.

To exercise your rights under the CCPA, email us at admin@skdul.ai.

10. Google user data

What Google data we collect

When you sign in with Google or connect a Google account, we receive your name, email address, and calendar data. This information is used solely to provide the scheduling service — authenticating your identity, displaying your availability, and creating bookings on your behalf.

How Google data is shared

Google user data is shared only with the service providers necessary to operate skdul:

  • Supabase — your Google account email and name are stored for authentication and booking association.
  • Resend — your email address is shared to send booking confirmations and reminders.
  • Vercel — hosts the application. No Google personal data is shared with Vercel for tracking purposes.

We do not share Google user data with any other third parties. We do not sell or transfer Google user data to data brokers, advertisers, or information resellers.

Sharing your information

We do not disclose any information you provide to any third parties other than as follows: if you are an account holder, we will share information about your free and busy times from any third-party calendar account (e.g. Google Calendar account) which is linked with your account to anyone who is seeking to make a booking using the Service. Please note that any data held on any third-party calendar service will be subject to their privacy terms.

Limited Use disclosure

Use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

11. AI and automated processing

skdul uses automated processing to enhance your scheduling experience. No automated decisions with legal or similarly significant effects are made without human involvement.

Scheduling pattern learning

We analyze your completed bookings to detect scheduling patterns such as preferred meeting times, preferred days of the week, and per-contact habits. These patterns are stored with a confidence score and used to suggest optimal time slots. You can view and delete your learned preferences in your account settings.

Calendar health scoring

We generate a calendar health score (0–100) based on factors such as meeting density, back-to-back meeting sequences, buffer gaps between meetings, and available focus time. This score is shown only to you and is not shared with guests or other users.

No-show risk assessment

We derive no-show risk indicators from historical patterns, including past cancellations and no-shows associated with a contact. This information is visible only to the host and is used for reminder prioritization. It does not auto-cancel or reject bookings.

Contact statistics

We compile aggregate statistics for your frequent contacts, including total bookings, completed meetings, cancellations, and no-shows. These statistics are visible only to you and are not shared with the contacts themselves.

To object to automated processing or to disable learned preferences and clear your scheduling insights, contact us at admin@skdul.ai.

12. Children's privacy

skdul is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected data from a child, please contact us at admin@skdul.ai and we will promptly delete it.

13. Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • Encrypted connections — all data is transmitted over HTTPS.
  • Secure authentication — powered by Supabase Auth with support for OAuth 2.0.
  • Access controls — least-privilege principles are applied to system and data access.

No system is 100% secure. We are continuously improving our security practices as skdul grows.

Data breach notification

In the event of a data breach that affects your personal information, we will notify affected users by email within 72 hours of becoming aware of the breach, consistent with GDPR Article 33 requirements. We will also notify the relevant supervisory authority where applicable.

14. Third-party links and services

Booking pages and other parts of the Service may contain links to external websites or integrate with third-party services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies independently.

15. International data transfers

Your information may be processed and stored in the United States, where our servers and service providers are located. For transfers of personal data from the EEA or UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and equivalent UK transfer mechanisms. See the European and UK residents section for more details.

Our sub-processors — including Supabase, Vercel, Mixpanel, Resend, Stripe, Google, and Zoom — each maintain their own data transfer compliance documentation.

16. Changes to this policy

We may update this Privacy Policy as skdul evolves. If we make significant changes, we will notify you via email or an in-app notice. The "Last updated" date at the top will always reflect the most recent version.

17. Contact

Questions about your privacy? Reach out at admin@skdul.ai.

Ask AI about skdul