Privacy Policy

Effective date: March 7, 2026 · Last updated: March 7, 2026

Short version: DashCal stores only what is strictly necessary to run your dashboard — your email, a hashed password, your calendar tokens, and the content you create (chores, meals, grocery items, notes, photos). We never sell your data, never serve ads, and you can delete everything permanently at any time.

1. Who we are

DashCal ("we", "us") is a privately run family dashboard service. For questions about this policy, contact us at abhilam@gmail.com.

2. Information we collect

We collect only what is necessary to provide the service:

Account information — your email address and a bcrypt-hashed (never plain-text) copy of your password if you register with email/password.
Google OAuth tokens — if you connect Google Calendar, we store an OAuth access/refresh token issued by Google. We use it only to read and display your calendar events on your dashboard. We request the minimum necessary scopes: calendar read and the ability to create/edit events you initiate.
Dashboard content you create — chore assignments, grocery list items, meal plans, family notes, and photos you upload. This is your data; it lives in our database solely to power your dashboard.
Settings and preferences — timezone, weather city, display theme, and similar configuration values.
Billing identifiers (Pro/Lifetime plan users only) — a Stripe customer ID and subscription ID. We do not store payment card numbers; Stripe handles all card data on its own PCI-compliant infrastructure.
Usage logs — standard server access logs (IP address, request path, timestamp) retained for up to 30 days for security and debugging purposes.

We do not collect: browsing history, advertising identifiers, precise device location, your contacts, or any data beyond what is listed above.

3. How we use your information

Authenticate you and keep your session secure.
Display your calendar events, weather, and other dashboard widgets.
Store and retrieve your created content (chores, meals, grocery items, notes, photos).
Process and manage your Pro subscription via Stripe.
Respond to your support requests.
Detect and prevent abuse or security incidents.

We do not use your data for advertising, profiling, or sale to third parties.

4. Photo uploads

Photos you upload are stored in our database as compressed JPEG images. Before storage, we strip all EXIF metadata — including GPS location data — from every photo. Photos are served back only to your dashboard and are not publicly indexed or shared.

5. Google Calendar data

DashCal's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We access your calendar data only to display events on your dashboard. We do not share Google user data with any third parties, and we do not use it for advertising or any purpose other than providing the core dashboard features.

6. Data sharing

We share data only with the following sub-processors, strictly to operate the service:

Railway — application hosting and execution (United States)
Supabase / PostgreSQL — database storage (United States)
Stripe — payment processing (United States). Stripe's privacy policy governs payment data: stripe.com/privacy
Google — calendar API and OAuth sign-in. Google's privacy policy: policies.google.com/privacy
OpenWeatherMap — your configured city name is sent to fetch weather data. No account data is included in these requests.

We do not sell data to, or share data with, any advertising networks or data brokers.

7. Data retention

We retain your data for as long as your account is active. If you delete your account, all associated data — your email, content, Google tokens, and photos — is permanently and irreversibly deleted from our database immediately. Stripe may retain billing records for legal compliance purposes under their own retention policy.

8. Your rights and account deletion

You have the right to:

Access the data we hold about you (contact us at the email below).
Delete your account — you can do this yourself at any time from your Account Settings page → "Delete my account". This permanently removes all your data immediately with no waiting period.
Disconnect Google — revoke DashCal's access to your Google Calendar at any time via your Google Account Permissions page.
Data portability — contact us to request an export of your data.

9. Cookies and local storage

We use a single session cookie to keep you logged in. If you choose "remember me", a longer-lived authentication cookie is set. We do not use advertising cookies or third-party tracking cookies. We also use browser localStorage to store your display preferences (theme, calendar style) so the dashboard loads without flash.

10. Security

Passwords are hashed with bcrypt (cost factor 10) — we cannot recover your plain-text password. All traffic is served over HTTPS. Google OAuth tokens are stored encrypted at rest in our database. We apply rate limiting and input validation throughout the application.

11. Children's privacy

DashCal is intended for use by adults managing a household. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently done so, please contact us immediately.

12. Changes to this policy

We may update this policy occasionally. Material changes will be noted by updating the "Last updated" date above. Continued use of the service after changes constitutes acceptance of the revised policy.

13. Contact

Questions about this privacy policy? Email us at abhilam@gmail.com or use the contact form on our homepage.