PickaTime (“we”, “our”, “the app”) helps small groups find shared free time. This policy explains exactly what data we handle, why, and your rights over it. We've kept it short and concrete on purpose.
Operator: Operated by Lucius Liu, based in Taiwan. Contact: yoro2070@gmail.com.
The one thing to know first: We never see the contents of your imported Apple or Google Calendar events — no titles, locations, descriptions, attendees, or notes. What we share with your group is only anonymized busy intervals, expressed as (day of the week, start hour, end hour) — the minimum needed to compute when your group is mutually free. Separately, so your own manually-entered schedule can appear across your devices, we store that personal schedule (including any short labels you type yourself, such as “lunch”) privately under your account, readable only by you when signed in. Your imported calendar event contents are never stored on our servers — they stay on each device and are re-fetched directly from Apple or Google.
What we collect
When you create an account or use the app, we collect:
Account identifier — a stable user ID issued when you sign in with Apple or Google. We use this to load your groups and busy intervals.
Email address — provided by Apple or Google at sign-in. We use it to send transactional notifications (group invitations, account-related alerts) and to let you recover your account.
Busy time intervals — time ranges you mark as unavailable, either manually or by importing from your device calendar. As above: ranges only. No event content.
Personal schedule (for cross-device sync) — if you are signed in, the schedule you enter manually in the app (time blocks and recurring rules, including any short labels you add yourself such as “lunch” or “gym”) and your calendar-link settings (which Apple or Google accounts you connected and which calendars you enabled) are stored privately under your account so they appear on your other devices. Only you, when signed in, can read this — it is never shared with other group members. We do not store the contents of your imported calendar events here; those remain on each device and are re-fetched directly from Apple or Google.
Device push token — an Apple Push Notification service (APNs) token, used solely to deliver notifications you've opted into.
Diagnostic logs — anonymous error and performance logs. No personal data, no schedule data.
We do not collect: your contacts, your location, your photos, your calendar event details, your browsing activity, advertising identifiers, or any data we use to track you across apps or websites.
How we use it
App functionality: matching busy intervals across a group to surface shared free time.
Account management: signing you in, restoring your groups, sending invitations.
Notifications: only those you opt into (e.g., “someone joined your group”).
Product analytics: measuring onboarding, sign-in, paywall, purchase, invite, and account-deletion flows so we can improve the product and diagnose breakage.
Service health: anonymous logs to detect crashes and outages.
We do not use your data for advertising, profiling, or any form of tracking, ever.
Where it lives
PickaTime is operated from Taiwan and uses the following service providers to run the app:
Apple — Sign in with Apple for authentication.
Google — Google Sign-In and Google Calendar API for authentication and read-only calendar import.
Apple Push Notification service (APNs) — delivery of push notifications that you opt into.
PostHog — product analytics for feature usage and conversion funnels. We configure analytics to avoid calendar titles, notes, locations, attendees, and other sensitive schedule content.
Zeabur — application hosting infrastructure.
Data is encrypted in transit (HTTPS) and at rest where supported by the provider. We do not sell your data, rent it, or disclose it to advertisers or data brokers.
We do not sell your data. We do not rent it. We do not share it with advertisers or data brokers.
Cookies & Log Data
We do not use cookies inside the iOS app. The privacy site may rely on basic browser behavior to render pages, but we do not use advertising or tracking cookies there.
If product analytics are enabled, PickaTime may send app events such as onboarding progress, sign-in success or failure, invite opens, calendar connection status, paywall views, purchase state, and account deletion confirmation. Those events are tied to your PickaTime account ID only after you sign in, and they are never enriched with raw calendar event content.
Our backend keeps limited access logs such as IP address, user agent, request path, response status, and request timing for abuse prevention, reliability, and security investigation. These logs are rotated and deleted within 90 days.
How long we keep it
Busy intervals: kept while you have an active account. Deleted automatically when you delete the account or leave a group.
Personal schedule & calendar-link settings: kept while you have an active account. Deleted automatically when you delete your account.
Account record: deleted within 30 days of an account deletion request.
Diagnostic logs: retained for up to 90 days, then automatically purged.
Your rights
You can, at any time, from inside the app:
Leave a group (your busy intervals shared with that group are deleted immediately).
Delete your account (all your data is deleted within 30 days).
If you are in the EEA or UK, you may also have rights under GDPR Articles 15–22, including the rights to access, rectification, erasure, restriction, portability, and objection. You may exercise these rights by using the in-app deletion flow where applicable or by contacting us at yoro2070@gmail.com.
California Residents
PickaTime does not sell or share personal information as those terms are defined by the California Consumer Privacy Act (CCPA/CPRA). California residents may request to know what personal information we collect, request deletion, and exercise their rights without discrimination by contacting us at yoro2070@gmail.com.
Children
PickaTime is rated 4+ but is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe we have, please contact us and we'll delete it.
Sign-in providers
Sign in with Apple and Google Sign-In are governed by Apple's and Google's own privacy policies, respectively. We receive only the basic profile information (user ID, email) that you authorize at sign-in.
Google API Services User Data Policy
PickaTime's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, PickaTime uses the calendar.readonly scope only to read calendar busy intervals needed to compute shared free time. We do not use Google user data for advertising, profiling, data brokerage, or machine learning model training. We do not transfer Google user data to third parties except as needed to provide or secure the app, to comply with law, or with the user's explicit direction. Humans do not read Google Calendar data unless the user explicitly asks for support that requires it, or when necessary for security or legal compliance, and aggregated non-identifiable reporting may be used for service reliability only.
Changes to this policy
We'll post updates here and bump the “Last updated” date. Material changes will also be surfaced inside the app.