Privacy Policy
Effective date: February 27, 2026
Wolfgang Solutions, LLC ("Company," "we," "us," or "our") operates allmymeetings ("Service"). This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use the Service. It also describes your rights under the General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act as amended by the CPRA ("CCPA"), and other applicable data protection laws.
By using the Service you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Account Information
When you register we collect your:
- Name
- Email address
- Password (stored in hashed form only)
If you enable two-factor authentication we additionally store an encrypted TOTP secret and recovery codes.
1.2 Calendar Account Data
When you connect a calendar provider we collect:
- Google & Microsoft (OAuth) — provider account ID, email address, display name, OAuth access token, and refresh token (both encrypted at rest).
- Apple iCloud (CalDAV) — email address, app-specific password (encrypted at rest), and CalDAV server URL.
1.3 Calendar Event Data
To perform synchronization we read and store event data including:
- Event title, description, and location
- Start time, end time, timezone, and recurrence rules
- Organizer email address
- Attendee names and email addresses
- Event status and visibility
- Raw provider-specific event data (JSON)
1.4 Scheduling Data
When someone books a meeting through your scheduling page, we collect from the invitee:
- Name
- Email address
- Selected time slot and timezone
- Optional notes
1.5 AI Assistant Data
If you use the AI scheduling assistant, we process:
- Email thread content (subject, body, sender, recipients)
- Scheduling intent and proposed times extracted by the AI
- Full conversation logs between you and the assistant
1.6 Payment Information
We use Stripe to process payments. We store your Stripe customer ID and the last four digits and type of your payment method. We do not store full credit card numbers, CVVs, or bank account details — Stripe handles those directly. Please review Stripe's Privacy Policy.
1.7 Usage and Analytics Data
We collect usage data through PostHog (server-side) and may collect data through Google Analytics, including:
- Pages visited and features used
- Events such as calendar account connections, sync completions, and booking activity
- Browser type, operating system, and device information
- IP address (which may be anonymized)
- Referring URLs and search terms
1.8 Cookies and Tracking Technologies
We use cookies and similar technologies as described in our Cookie Policy. This includes strictly necessary cookies, analytics cookies (PostHog, Google Analytics), and advertising cookies (Google Ads).
1.9 Session Data
We store session data (IP address, user agent, and last activity timestamp) in our database to manage authenticated sessions.
2. How We Use Your Information
We use the information we collect to:
- Provide the Service — synchronize calendars, process scheduling bookings, operate the AI assistant, and manage your account.
- Process payments — manage subscriptions, handle billing, and process refunds.
- Communicate with you — send email verification, password resets, AI assistant replies, and service-related announcements.
- Improve the Service — analyze usage patterns, monitor performance, and develop new features.
- Ensure security — detect fraud, prevent abuse, and enforce our Terms of Service.
- Advertising — measure the effectiveness of our advertising campaigns through Google Ads conversion tracking and serve relevant ads to potential users through remarketing (see Section 5).
- Comply with legal obligations — respond to lawful requests and enforce our rights.
3. Legal Bases for Processing (GDPR)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, our legal bases for processing your personal data under GDPR Article 6 are:
| Legal Basis | Processing Activity |
|---|---|
| Performance of a contract (Art. 6(1)(b)) | Account creation, calendar synchronization, scheduling, AI assistant, payment processing |
| Legitimate interests (Art. 6(1)(f)) | Service improvement, analytics (PostHog), security monitoring, fraud prevention |
| Consent (Art. 6(1)(a)) | Google Analytics, Google Ads cookies, marketing communications |
| Legal obligation (Art. 6(1)(c)) | Compliance with applicable laws, responding to legal process |
Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
4. How We Share Your Information
We do not sell your personal information. We share data with the following categories of third parties solely to operate the Service:
| Third Party | Purpose | Data Shared |
|---|---|---|
| Google (Calendar API) | Calendar synchronization, webhooks | OAuth tokens, calendar events |
| Google (Analytics) | Website analytics | Usage data, IP address, device info (via cookies) |
| Google (Ads/AdWords) | Advertising conversion tracking, remarketing | Anonymized usage data, conversion events (via cookies) |
| Microsoft (Graph API) | Calendar synchronization, webhooks | OAuth tokens, calendar events |
| Apple (iCloud CalDAV) | Calendar synchronization | CalDAV credentials, calendar events |
| Stripe | Payment processing | Payment method details, billing info, subscription data |
| OpenAI | AI scheduling assistant | Email content, scheduling context, conversation data |
| PostHog | Product analytics (server-side) | Usage events, user properties |
We may also disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Wolfgang Solutions, LLC, our users, or others.
5. Advertising and Remarketing
We may use Google Ads (formerly AdWords) to advertise the Service across the web. This involves:
- Conversion tracking — when you arrive at our Service after clicking a Google ad, a conversion cookie is placed on your device to help us measure ad effectiveness.
- Remarketing — we may show targeted ads to people who have previously visited our website as they browse other sites in the Google Display Network.
Google uses cookies (including _gcl_au, _gcl_aw, and DoubleClick cookies) to serve ads based on your prior visits. You can opt out of personalized advertising through:
- Google Ads Settings
- Network Advertising Initiative (NAI) Opt-Out
- Digital Advertising Alliance (DAA) Opt-Out
For more information, see Google's Privacy Policy.
6. International Data Transfers
Wolfgang Solutions, LLC is based in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the United States and potentially other countries where our sub-processors operate.
For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on:
- The EU-U.S. Data Privacy Framework (where applicable)
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Supplementary measures where required by applicable law
7. Data Retention
We retain personal data only as long as necessary for the purposes described in this Privacy Policy:
| Data Category | Retention Period |
|---|---|
| Account information | Until you delete your account, plus 30 days for backup removal |
| Calendar event data | Duration of your sync pair configuration; deleted upon disconnection or account deletion |
| OAuth tokens | Until you disconnect the calendar account or delete your account |
| Scheduling bookings | 12 months after the booked event date, or until account deletion |
| AI conversation data | 90 days after the last message, or until account deletion |
| Sync logs | 30 days |
| Payment records | As required by tax and financial regulations (typically 7 years) |
| Session data | Automatically purged after session expiration |
8. Your Rights Under the GDPR
If you are located in the EEA, UK, or Switzerland, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate or incomplete data.
- Right to erasure ("right to be forgotten") — request deletion of your personal data, subject to legal retention obligations.
- Right to restriction of processing — request that we limit how we use your data in certain circumstances.
- Right to data portability — receive your data in a structured, commonly used, machine-readable format.
- Right to object — object to processing based on legitimate interests, including profiling.
- Right to withdraw consent — where processing is based on consent, withdraw it at any time.
- Right not to be subject to automated decision-making — we do not make decisions based solely on automated processing that produce legal or similarly significant effects on you.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or sooner if required by law). You also have the right to lodge a complaint with your local data protection authority.
9. Your Rights Under the CCPA
If you are a California resident, please see our CCPA Notice for a detailed description of your rights, the categories of personal information we collect and share, and how to exercise your rights.
10. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly. If you believe we have collected information from a child under 13, please contact us at [email protected].
11. Security
We implement industry-standard security measures to protect your data, including:
- Encryption of OAuth tokens and sensitive credentials at rest
- Passwords hashed using bcrypt
- HTTPS/TLS encryption for all data in transit
- CSRF protection on all forms
- HTTP-only, secure session cookies
- Optional two-factor authentication
- Database-backed sessions with automatic expiration
No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
12. Do Not Track
Some browsers transmit a "Do Not Track" (DNT) signal. There is no industry standard for how websites should respond to DNT signals. Currently, we do not alter our data practices in response to DNT signals.
13. Third-Party Links
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing personal information.
14. Changes to This Privacy Policy
We may update this Privacy Policy periodically. If we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect. The "Effective date" at the top of this page indicates when this policy was last revised.
15. Data Protection Contact
For any questions, requests, or complaints about this Privacy Policy or our data practices, contact us at:
Wolfgang Solutions, LLC
Attn: Data Protection
Email: [email protected]
If you are located in the EEA and believe our processing of your personal data violates the GDPR, you have the right to lodge a complaint with your local supervisory authority.