Usage of our software allows you and your organization to fulfill the regulatory requirements of GDPR. It is important to note that we do not retain or store any data you add to our software, including anything in relation to PII (Personally Identifiable Information) or PHI (Protected Health Information). None of this data / information is transferred or synced to any of our servers, or any other third party servers or services we may use. Instead, all accounts / services you add to BusyCal / BusyContacts results in direct, secure communication between the app and the service in question, thus it is important to realize that the service you're using our software with needs to comply with GDPR regulations.
Contacts Access Permission
At launch, our apps will prompt you to allow access to your Contacts. BusyCal requires access to Contacts for displaying birthdays and anniversaries, and for scheduling meetings. Your contacts are also used when auto-filling addresses when adding a location to an event. Your name and email addresses from your Me Card are used for sending invites, managing shared calendars as well as saving this information alongside changes you make to events in order to trace its last modified state. BusyCal does not collect or upload your contact details to its servers. Only contacts that you explicitly choose to attach to events are uploaded to the CalDAV server you're syncing with.
BusyContacts requires access to Contacts for auto-filling addresses, names & numbers where needed. It is also required to access your Me card so that the app can correctly identify you and allow you to make changes to your contact card. BusyContacts does not collect or upload your contact details to its servers.
BusyCal and BusyContacts use your username and password to sync, manage and display your calendars, events, reminders and contacts. When adding Office 365, Google Calendar or Contacts accounts to BusyCal and BusyContacts, we instead rely on industry standards such as OAuth to authenticate you. Your username, password or OAuth tokens are stored securely in the system Keychain. The Keychain is part of macOS and iOS, where credentials from system apps as well as third party apps are stored securely. Your account information, including the data you sync, is never transferred or shared outside of your machine or mobile to any third party server neither our own.
Office 365 / Exchange Web Services
BusyCal and BusyContacts communicate with O365 and Exchange accounts via Microsoft's Exchange Web Services protocol and do not support ActiveSync. Our apps do not communicate **any** information outside of your device with any other server other than the one connected for the purpose of sync.
1) Delegate and Shared Calendars
BusyCal and BusyContacts offer a full replacement of Outlook in their own rights and so in order to sync with Exchange / O365, our apps need to be able to see delegate and shared calendars and address books (only related to the connected account) so that the user is able to manage calendars they own, including ones shared them.
2) Basic profiles
Our apps do not probe, discover or read profiles of others in your organization. The only time it needs to ask the server for email addresses of users is when adding an "attendee" to an event (i.e. meeting) or when setting up a shared calendar with others.
3) Full access to user calendars / address books
Without full access, our apps cannot read / write / delete events and contacts (upon user action). It only has access to the connect user's calendars and address books and not the whole organization.
Placing an order or purchasing a copy of our software requires you to share your email address with us, which is then tied to the serial number generated in order to uniquely identify your installation(s). This information is stored and used solely for licensing and invoicing purposes. When registering your mac for the first time, your mac-id, IP address and serial number and sent to our servers to validate and activate your copy. This is required solely for the purpose of licensing and to validate your installation.
BusyCal and BusyContacts on macOS periodically check for updates by contacting our servers. This includes anonymous information about the installation of BusyCal / BusyContacts, as well as the version of macOS, in order to determine if there is an update available for you.
If you have subscribed to our mailing list, you will receive infrequent emails from us about important software updates, new product announcements (which may or may not be developed in association / collaboration with another company) or special offers. We will protect your privacy and not share / sell your email addresses to anyone. You may unsubscribe from our mailing list at any time.
In case you contact us and choose to send us your private logs (with consent) in order to diagnose something for you, we retain these only for the length of the time required to solve the issue. No one outside of BusyMac is given access to this information. You are entitled to request that these logs be immediately deleted, even before the matter is fully resolved. You have complete control over these. You are free to manually purge these or change the default logging level.
Non-personal information is data that cannot, on its own, be used to uniquely identify a specific individual in any way or form. This information is usually in the form of crash logs and performance related analytics. We use Google Firebase (http://firebase.google.com) (previously known as Fabric / Crashlytics) for receiving automatic crash reports (in the event of a crash) and (optional) performance metrics that would help identify bugs and performance bottlenecks in code. This data is not used for any other purpose. We do not track any individual nor do we collect, transfer or share any information you may store within our apps (with the only exception to users sending their application logs willingly for running support related diagnostics, upon being notified that the logs may contain sensitive information.)
Internet Access Policy
Other than 3rd party CalDAV / Exchange / WebDAV servers that you may configure our apps with, here is a list of domains our apps communicate with. Absolutely no personal information is ever collected, tracked, stored or shared, especially anything you may enter or store within the apps. This applies to all our apps.
Our apps connect to the this server to check for updates and occassional, related accouncements.
Our apps connect to the this server to validate your license. Your serial number as well as the device UUID (i.e. seat) it's licensed to is frequently validated to ensure you haven't exceeded your allocated device quota and in order to thwart illegal piracy attempts. If you block this connection for a prolonged period of time while the app continues to function and sync otherwise, the app may prevent further usage as it is no longer able to validate your license.
We protect our weather API behind a secure proxy server, hosted by CloudFlare. This domain is solely responsible for servicing weather lookups securely. No location data is stored, collected, saved, transferred or communicated with other services.
Our apps connect to Google Cloud Functions to enable Push Sync for Google Calendar accounts. This domain is solely responsible for securely registering for automatic, push sync when enabled. No personal data, including account information or credentials are transferred or communicated outside of the app.
Our apps send crash reports to Google Firbase (Crashlytics) to help with the identification of bugs and crashes. Crash logs are generated by macOS every time an app may abruprtly close or crash due to user-interaction or a memory leak. These crash stack traces help developers improve the app's overall stability.
Our apps occassionally send entirely anonymous usage and licensing related events to Firebase in order to correlate these with Crashlytics reports and to help identify general performance issues and usage trends - analytics are turned off by default however, under App Settings > Advanced > Other. These analytics also help us identify areas that are under-utilized and need greater attention. Any data collected here strictly satisfies the General Data Protection Regulation (GDPR).
This domain is used for Google Calendar / Tasks / Contacts / Workspace APIs (for free / busy discovery)
This is Google's public DNS - used internally by Google APIs (Calendar / Tasks / Contacts / Firebase / Crashlytics and so on) for sending queries to authoritative servers from Core data centers and Google Cloud region locations.
Cookies and Other Technologies
Our website, services, apps, email communications and advertisements may use "cookies" and other technologies such as "pixel tags" and "click-through URLs". We use the information we collect in this manner to better understand our users' information with our website and to optimize the user experience. You can disable cookies in your browser settings, but please note that certain features on our website may not be available as a result.
As you access our services, we gather some information automatically on our servers and store it in log files. This information includes your browser type, version, and language, your operating system, the referring and exit websites, IP address, a date/time stamp of the request, and the requested resource (file name and URL). We use this information in anonymized form for statistical analysis, to administer our site, and to improve our product and services, without directly associating this data with individual users.