Privacy Policy
Last Updated: March 17, 2026
1. Introduction
Hetk Technologies OÜ (Registry Code: 17181483) operates the calendar synchronization service at hetk.io (“Service”). This policy explains how we handle your personal data.
Contact: privacy@hetk.io
2. Information We Collect
Account Information
When you sign in with Google, Microsoft, or Apple, we receive:
- Email address
- Display name
- Profile picture URL
Legal basis: Contract performance (to create and manage your account)
Calendar Data
To sync your calendars, we access:
- Event details (title, time, location, attendees)
- Calendar names
- Free/busy status
What we store: Event content (titles, descriptions, locations, attendees) is processed in memory during sync and not stored. We retain minimal sync metadata (event identifiers, change tokens, and event timing) to detect changes and prevent duplicates. This metadata is deleted when you remove a sync relationship.
Legal basis: Contract performance (to provide the sync service you requested)
Payment Information
Stripe processes payments. We only receive:
- Last 4 digits of your card
- Expiration date
- Billing address
We never see or store your full card number.
Legal basis: Contract performance (to process your subscription)
Usage Data
We collect basic usage data:
- Login timestamps
- Feature usage statistics
- Error logs
Legal basis: Legitimate interest (to improve the service and fix bugs)
3. Google Calendar Data
Hetk’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
What We Access
When you connect a Google Calendar account, we request access to:
- Your calendar list (names and identifiers)
- Calendar events (title, time, location, attendees, description, free/busy status)
- Event change notifications (via Google Calendar push notifications)
How We Use Google Data
We use Google Calendar data solely to provide the calendar synchronization service you requested. Specifically, we:
- Read events from your Google Calendar to sync them to your other connected calendars
- Write events to your Google Calendar when syncing from your other connected calendars
- Monitor for changes via webhooks to keep your calendars in sync
How We Store Google Data
- Google OAuth tokens are encrypted with per-user keys and stored in Azure SQL within the EU
- Event content (titles, descriptions, locations, attendees) is processed in memory during sync operations and not stored
- Sync metadata (event identifiers, change tokens, content hashes, event timing) is stored to detect changes and prevent duplicates while a sync relationship is active
- Sync metadata is deleted when you remove a sync relationship or disconnect your Google account
How We Share Google Data
Google Calendar data is shared only with the destination calendar provider(s) you have configured in your sync relationships (e.g., Microsoft Outlook, Apple iCloud). We do not share Google data with any other third party.
What We Do NOT Do with Google Data
- We do not use Google data for advertising, retargeting, or interest-based marketing
- We do not sell, lease, or trade Google data to third parties, data brokers, or information resellers
- We do not use Google data for purposes unrelated to the calendar sync functionality
- We do not allow humans to read your Google data unless you give explicit consent, it is necessary for security purposes, or it is required by law
Revoking Access
You can revoke Hetk’s access to your Google account at any time:
- From within Hetk: disconnect your Google Calendar account in Settings
- From Google: visit Google Account Permissions and remove Hetk
When you revoke access, we delete your Google OAuth tokens and stop all sync operations involving your Google Calendar within 24 hours.
4. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide calendar sync | Calendar data, OAuth tokens | Contract |
| Process payments | Payment info | Contract |
| Send service emails | Email address | Contract |
| Improve the service | Usage data | Legitimate interest |
| Prevent fraud | Account data, logs | Legitimate interest |
5. How We Share Your Information
We do not sell your personal data.
We share data only with:
| Recipient | Purpose | Data Shared |
|---|---|---|
| Google, Microsoft, Apple | Calendar sync | Calendar data via OAuth |
| Stripe | Payment processing | Payment details |
| Postmark | Transactional emails | Email address |
| Microsoft Azure | Hosting | All data (encrypted) |
| Cloudflare | Security & CDN | Traffic data |
We may also disclose data if required by law.
6. Data Storage & Security
Where We Store Data
- Primary: Microsoft Azure, EU West (Netherlands)
- Backups: Microsoft Azure, EU North (Ireland)
All data stays within the European Union.
Security Measures
- TLS 1.3 encryption in transit
- AES-256 encryption at rest
- OAuth tokens encrypted with per-user keys
- Regular security audits
7. Your Rights
Under GDPR, you have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your account and data
- Export your data (portability)
- Object to processing based on legitimate interest
- Withdraw consent (revoke OAuth access anytime)
To exercise your rights: Email privacy@hetk.io. We respond within 30 days.
To complain: You can lodge a complaint with the Estonian Data Protection Inspectorate:
- Website: aki.ee
- Email: info@aki.ee
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Active account data | While account is active |
| Cancelled account data | Deleted within 30 days |
| Sync metadata | While sync relationship is active; deleted on removal |
| Payment records | 7 years (legal requirement) |
| Server logs | 90 days |
9. Cookies & Tracking
We use minimal cookies:
- Essential cookies: Session management only
- Analytics: Cloudflare Web Analytics (privacy-focused, no personal data collected)
We do not use:
- Advertising cookies
- Third-party tracking pixels
- Cross-site tracking
10. Additional Information
Children
Our service is not for users under 16. We don’t knowingly collect data from children.
Third-Party Links
Our site may link to external services. We’re not responsible for their privacy practices.
Changes to This Policy
We’ll notify you of significant changes via email. Minor updates will be posted here with an updated date.
11. Contact Us
Hetk Technologies OÜ Registry Code: 17181483 Email: privacy@hetk.io
Supervisory Authority Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate) Website: https://www.aki.ee Email: info@aki.ee