Privacy Policy

SotiDo is operated by a private individual based in Indonesia.

Introduction

SotiDo (the “App”) is a calendar-sharing web application that allows users to create and manage events. This Privacy Policy explains what information we collect, how we use it, how it is stored, and under what circumstances it may be shared.

By using the App, you agree to the collection and use of information in accordance with this Privacy Policy.

Data We Collect

We collect only the data necessary to operate the App and provide its features:

• Identity Information. When you sign in via Google, Facebook, Apple, or Telegram, we receive basic profile information such as your name, display name, avatar/profile photo, and a unique user identifier (e.g., Telegram User ID, Google/Apple account ID). For Google and Apple sign-ins, we may also obtain your email address. This information is used to create and link your account across platforms and to display your identity within the App.
• Calendar Events. The App stores user-generated calendar events (event titles, descriptions, dates, times, locations, and participants you add). If you choose to import your Google Calendar data (via Google OAuth with your permission), we access your Google Calendar events and related details only when you request the import. These event details may be stored in our database so that you can view and manage them in the App.
• Usage Data (Minimal). We may record basic usage information (such as timestamps of when you create or edit events, or login times) to ensure the service is functioning properly and to troubleshoot issues. We do not collect location data beyond event information you provide, and we do not collect sensitive personal information unrelated to the calendar function.

We do not collect any financial information from you. Payments (if any) are handled by platform payment providers (see “Payment Processing”).

How We Use Your Data

We use the collected data solely to provide, maintain, and improve the core functionality of the App. Specifically:

• Providing Services. Identity information is used to authenticate you and allow you to securely access your calendar. Your display name and avatar may be shown to you and (only when you share events) to those specific people you share with. Calendar event data is used to display your schedule and enable sharing/collaboration when you request it.
• Synchronization. If you link Google Calendar, we use your OAuth authorization to fetch your calendar events and show them in the App. This data is used only to synchronize events when you ask us to.
• Operation and Improvements. We may use usage data and aggregated, non-personal information to debug issues, monitor performance, and improve features. This data is never used for marketing or profiling.

We do not use personal data for advertising or marketing. We do not sell or rent personal information.

Third-Party Service Providers

To operate the App, we rely on a few trusted third-party services. We share data with these providers only as needed:

• Google Cloud / Firebase. We use Firebase/Google Cloud as our database/backend infrastructure. User data (including account information and calendar events) may be stored in Google Cloud services to enable the App functionality.
• Google APIs (OAuth & Calendar API). Used for Google Sign-In and (if you request it) importing calendar events. We do not use Google data beyond what is necessary for these features.
• Facebook Platform. If you choose Facebook Login, we may receive basic profile data (for example account ID, name, and email if available) to authenticate your account and link your identity in the Service.
• Telegram Platform. If you use the App as a Telegram Mini App, Telegram provides your Telegram user ID and basic profile data. We use it to identify you. Telegram’s own privacy policy governs data Telegram collects.
• Apple Sign In (if used). Used to authenticate you. Apple may share your name and (optionally) email address, depending on your settings.
• Yandex Metrica. We use Yandex Metrica for traffic and performance analytics on selected Russian-language site pages. Session replay (Webvisor) is disabled.

We do not share your personal data with third parties beyond what is necessary to provide the Service.

Web Analytics (Yandex Metrica)

We use Yandex Metrica to measure visits, understand traffic sources, and improve page performance. Metrica may process technical data such as page URL, referrer, browser/device parameters, approximate region, and on-page interactions (for example clicks and navigation events). Metrica may use cookies or similar identifiers.

We have Webvisor (session replay) disabled and do not use Metrica to identify you personally. You can disable Yandex Metrica tracking in your browser via the official opt-out tool: https://yandex.com/support/metrica/general/opt-out.html.

Data Sharing and Disclosure

We do not sell or share your personal information for marketing or unrelated purposes.

We may disclose data only in these cases:

• Service operation — to the providers listed above, only as needed.
• Legal requirements — if required by law, regulation, or valid legal process.
• Protection of rights — to prevent fraud/abuse or protect users and the Service, in accordance with applicable laws.

If you share events with other users, event information you choose to share will be visible to those recipients. The App does not share your events with others by default.

Data Security

• Encryption in transit. Communications use HTTPS/TLS.
• Access controls. We apply authentication and access rules to prevent unauthorized access.
• No guarantee. No method of transmission or storage is 100% secure, but we work to protect your data.

Data Retention and Deletion

• Retention. We retain data as long as needed to provide the Service, unless deletion is requested.
• User-requested deletion. You can request deletion of your account and associated data by contacting us. We may need to verify your identity before processing the request.
• Google permissions. You can revoke Google access in your Google Account settings at any time. Revoking access stops future imports/sync; previously imported data may remain until you delete it or request deletion.
• Backups. Residual copies may persist in encrypted backups for a limited period before being purged.

Payment Processing

The App does not store payment card or banking details. If paid features exist, payments are processed by platform providers (for example, Telegram payment mechanisms). We may receive confirmation that a payment succeeded and an order identifier to grant purchased features.

Your Rights and Choices

• Access and update. You can manage your events in the App.
• Revoking permissions. You can revoke third-party access (Google/Apple/Telegram) in the respective account settings.
• Account deletion. You can request deletion by contacting us (see below).

Children’s Privacy

The App is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child provided information, contact us to request deletion.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will update the effective date at the top of this page. Continued use of the Service after changes means you accept the updated policy.

Contact Us

If you have questions or requests (including deletion), contact: support@sharedeventscalendar.app or privacy@sharedeventscalendar.app