Privacy Policy
1. Introduction
Hetk Technologies OÜ (Registry Code: 17181483) operates the calendar synchronization service at hetk.io ("Service"). This policy explains how we handle your personal data.
Contact: privacy@hetk.io
2. Information We Collect
Account Information
When you sign in with Google, Microsoft, or Apple, we receive:
- Email address
- Display name
- Profile picture URL
Legal basis: Contract performance (to create and manage your account)
Calendar Data
To sync your calendars, we access:
- Event details (title, time, location, attendees)
- Calendar names
- Free/busy status
What we DON'T store: We don't permanently store your full calendar history. We only process events needed for active sync relationships.
Legal basis: Contract performance (to provide the sync service you requested)
Payment Information
Stripe processes payments. We only receive:
- Last 4 digits of your card
- Expiration date
- Billing address
We never see or store your full card number.
Legal basis: Contract performance (to process your subscription)
Usage Data
We collect basic usage data:
- Login timestamps
- Feature usage statistics
- Error logs
Legal basis: Legitimate interest (to improve the service and fix bugs)
3. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide calendar sync | Calendar data, OAuth tokens | Contract |
| Process payments | Payment info | Contract |
| Send service emails | Email address | Contract |
| Improve the service | Usage data | Legitimate interest |
| Prevent fraud | Account data, logs | Legitimate interest |
4. How We Share Your Information
We do not sell your personal data.
We share data only with:
| Recipient | Purpose | Data Shared |
|---|---|---|
| Google, Microsoft, Apple | Calendar sync | Calendar data via OAuth |
| Stripe | Payment processing | Payment details |
| Postmark | Transactional emails | Email address |
| Microsoft Azure | Hosting | All data (encrypted) |
| Cloudflare | Security & CDN | Traffic data |
We may also disclose data if required by law.
5. Data Storage & Security
Where We Store Data
- Primary: Microsoft Azure, EU West (Netherlands)
- Backups: Microsoft Azure, EU North (Ireland)
All data stays within the European Union.
Security Measures
- TLS 1.3 encryption in transit
- AES-256 encryption at rest
- OAuth tokens encrypted with per-user keys
- Regular security audits
6. Your Rights
Under GDPR, you have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your account and data
- Export your data (portability)
- Object to processing based on legitimate interest
- Withdraw consent (revoke OAuth access anytime)
To exercise your rights: Email privacy@hetk.io. We respond within 30 days.
To complain: You can lodge a complaint with the Estonian Data Protection Inspectorate:
- Website: aki.ee
- Email: info@aki.ee
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Active account data | While account is active |
| Cancelled account data | Deleted within 30 days |
| Payment records | 7 years (legal requirement) |
| Server logs | 90 days |
8. Cookies & Tracking
We use minimal cookies:
- Essential cookies: Session management only
- Analytics: Cloudflare Web Analytics (privacy-focused, no personal data collected)
We do not use:
- Advertising cookies
- Third-party tracking pixels
- Cross-site tracking
9. Additional Information
Children
Our service is not for users under 16. We don't knowingly collect data from children.
Third-Party Links
Our site may link to external services. We're not responsible for their privacy practices.
Changes to This Policy
We'll notify you of significant changes via email. Minor updates will be posted here with an updated date.
10. Contact Us
Hetk Technologies OÜ
Registry Code: 17181483
Email: privacy@hetk.io
Supervisory Authority
Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate)
Website: aki.ee
Email: info@aki.ee