Privacy Policy

Last updated: March 28, 2026

At Croodle, your privacy matters. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and what choices you have. We've written this to be as clear and plain-language as possible.

Quick Summary

  • We collect only the information needed to run the scheduling service.
  • We never sell your personal data to advertisers or third parties.
  • Google Calendar data is used only to prevent double-bookings and to add/remove calendar events.
  • Guest booking details (name, email) are shared with the Host — that is the core purpose of the Service.
  • You can request deletion of your account and data at any time.

1. Who We Are

Croodle is a free online scheduling platform operated by its creators. You can reach us at vijay.chouhan490@gmail.com. When this Privacy Policy refers to "Croodle", "we", "us", or "our", it means the team operating the Service.

This policy applies to all users of our website and platform, including:

  • Hosts — people who create accounts, configure event types, and share booking links.
  • Guests — people who use a Host's booking link to schedule a meeting (no account required).

2. Information We Collect

We collect three categories of information:

A. Information You Provide to Us

CategoryExamplesWhy we collect it
Account infoFull name, email address, username, password (hashed)Create and secure your account
Profile infoBio, timezone, cover image URL, social links (optional)Populate your public booking profile
Branding settingsBrand name, logo URL, brand colour, footer textCustomise the look of your booking pages
Event type configEvent title, duration, description, availability rulesPower your booking page and scheduling logic
Out-of-office datesBlocked single dates and date rangesExclude unavailable days from your booking calendar
Bug reportsReport summary, category, description, reproduction stepsInvestigate and fix product issues

B. Information Collected During Bookings

CategoryExamplesWhy we collect it
Guest identityGuest full name, email addressConfirm the booking and send notifications to both parties
Booking detailsSelected date and time, event type, any notes the Guest submitsCreate the booking record and calendar event
Cancellation / reschedule reasonOptional note provided when cancelling or reschedulingNotify the Host or Guest of the reason for the change

C. Information Collected Automatically

CategoryExamplesWhy we collect it
Session dataHTTP-only session cookie, session tokenKeep you securely logged in
Server logsIP address, browser type, pages visited, error logsMonitor uptime, debug errors, and detect abuse

D. Google OAuth & Calendar Data

When you choose to connect Google Calendar, we receive and store OAuth tokens from Google. These tokens allow Croodle to read and write to your calendar on your behalf. See Section 5 for full details.

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service — show your public booking page, check availability, create and manage bookings.
  • Send transactional emails — booking confirmations, cancellation notices, rescheduling updates, and account emails (verification, password reset).
  • Sync with Google Calendar — add booked events to your calendar and remove them when cancelled, and read busy/free times to prevent double-bookings.
  • Improve the platform — diagnose bugs, monitor performance, and understand how the Service is used.
  • Enforce our Terms — detect and prevent abuse, fraud, or violations of our Terms of Service.
  • Comply with legal obligations — respond to lawful requests from authorities where required.

We do not use your data for targeted advertising, and we do not sell or rent your personal information to any third party.

4. Who We Share Data With

We share personal data only in the following limited circumstances:

Hosts (when a Guest books)

When a Guest books a meeting, their name, email address, selected time, and any optional notes are shared with the Host. This is the core function of the Service — the Host needs this information to conduct the meeting.

Guests (when a booking is made)

Guests receive confirmation emails and, if connected, a Google Calendar invite that includes the Host's name and the meeting details.

Service providers (infrastructure)

We use third-party providers for hosting, database management, and email delivery. These providers process data on our behalf under strict confidentiality obligations and are not permitted to use your data for their own purposes.

Legal requirements

We may disclose information if required to do so by law, court order, or governmental authority, or where we believe disclosure is necessary to protect our rights, prevent fraud, or protect the safety of any person.

5. Google Calendar Data

If you choose to connect Google Calendar, Croodle requests the following OAuth scopes:

  • https://www.googleapis.com/auth/calendar.events — to create and delete calendar events when bookings are confirmed or cancelled.
  • https://www.googleapis.com/auth/calendar.readonly — to read busy/free information and prevent double-bookings.

What we do with Google data:

  • OAuth access and refresh tokens are stored securely in our database.
  • We read calendar busy/free data solely to calculate your available time slots.
  • We write calendar events only to record confirmed bookings.
  • We do not read the content, title, or description of your existing calendar events — only free/busy status.
  • We never share your Google Calendar data with any third party.

Croodle's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

You can disconnect Google Calendar at any time from Dashboard → Settings → Google Calendar. Upon disconnection, we delete your stored OAuth tokens immediately.

6. Cookies & Session Storage

Croodle uses a single, secure, HTTP-only cookie to maintain your logged-in session. This cookie:

  • Is essential for the Service to function — without it you cannot stay logged in.
  • Does not track you across other websites.
  • Is deleted when you log out or your session expires.

We do not use advertising cookies, tracking pixels, or third-party analytics scripts that identify individual users.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service:

  • Account and profile data — retained while your account exists. Deleted within 30 days of account deletion request.
  • Booking records — retained for up to 12 months after the booking date for record-keeping, then permanently deleted.
  • Google OAuth tokens — deleted immediately when you disconnect Google Calendar or delete your account.
  • Server logs — retained for up to 90 days for security and debugging purposes.

8. Security

We take reasonable technical and organisational measures to protect your personal data against accidental loss, unauthorised access, disclosure, alteration, and destruction. These measures include:

  • Passwords are stored as bcrypt hashes — never in plain text.
  • All data in transit is encrypted using HTTPS/TLS.
  • Session cookies are HTTP-only and Secure-flagged.
  • OAuth tokens are encrypted at rest in our database.
  • Access to production systems is restricted to authorised personnel only.

No method of transmission over the internet or electronic storage is 100% secure. If you believe your account has been compromised, please contact us immediately at vijay.chouhan490@gmail.com.

9. Children's Privacy

Croodle is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at vijay.chouhan490@gmail.com and we will delete that information promptly.

10. Your Rights & Choices

You have the following rights with respect to your personal data:

Access

You can view and update most of your profile data directly from your Dashboard.

Correction

You can edit your name, username, bio, timezone, and other profile fields at any time in Dashboard → Profile.

Deletion (Right to be Forgotten)

You can request deletion of your account and all associated personal data by emailing us. We will process the request within 30 days.

Disconnect Google Calendar

You can revoke Croodle's access to your Google Calendar at any time from Dashboard → Settings → Google Calendar.

Data portability

You may request a copy of the personal data we hold about you by emailing us.

To exercise any of these rights, email us at vijay.chouhan490@gmail.com. We will respond within a reasonable timeframe.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the Service after any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to us:

Croodle — Privacy Enquiries

vijay.chouhan490@gmail.com

We aim to respond to all enquiries within 5 business days.