Introduction

Hetk Technologies OÜ ("we", "us", "our") operates the website hetk.io and the web application app.hetk.io (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our calendar synchronization and booking service.

By using Hetk, you agree to the collection and use of information in accordance with this policy.

Information We Collect

1. Information You Provide Directly

When you sign up for Hetk using OAuth authentication, we collect:

• Email address (from your Google, Microsoft, or Apple account)
• Name (display name from your OAuth provider)
• Profile picture (optional, from your OAuth provider)

2. Calendar Data

With your explicit permission through OAuth consent, we access:

• Calendar events from your connected calendar accounts (Google Calendar, Microsoft Outlook, Apple iCloud)
• Event details: title, description, date, time, location, attendees
• Calendar metadata: calendar names, colors, time zones

3. OAuth Tokens

We securely store:

• Access tokens and refresh tokens from OAuth providers
• These tokens allow us to sync your calendars
• Tokens are encrypted using AES-256 encryption with unique per-user derived keys

4. Payment Information

For paid subscriptions:

• Payment details: processed and stored by Stripe (we do NOT store credit card numbers)
• Billing information: name, billing address, email
• Subscription status: trial, active, expired, cancelled

How We Use Your Information

We use your information to:

• Synchronize calendar events across your connected calendar accounts
• Detect and resolve conflicts between calendars
• Enable booking functionality for PROFESSIONAL tier users
• Send transactional emails (booking confirmations, trial reminders)
• Improve our service and fix technical issues
• Process subscription billing
• Protect against unauthorized access and fraud

How We Share Your Information

We DO NOT sell your personal information. We share data only in these limited circumstances:

Service Providers

• Stripe: Payment processing
• Postmark: Transactional email delivery
• Microsoft Azure: Cloud hosting and data storage (EU region for EU users)
• Cloudflare: Content delivery and DDoS protection

Calendar Providers

We send calendar events to your connected accounts (Google, Microsoft, Apple) as necessary for synchronization.

Data Storage and Security

Storage Location

• EU users: Data stored in EU (Azure West Europe)
• US users: Data stored in US (Azure East US 2)
• Backups: Encrypted backups in same region

Security Measures

• Encryption in transit: TLS 1.3 for all data transmission
• Encryption at rest: AES-256 encryption for sensitive data
• OAuth token encryption: Per-user derived encryption keys (HKDF-SHA256)
• Access controls: Role-based access, principle of least privilege
• Monitoring: 24/7 security monitoring and intrusion detection

Your Privacy Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update your profile information
• Deletion: Delete your account and all associated data
• Data Portability: Export your data in machine-readable format (JSON)
• Withdraw Consent: Revoke OAuth permissions and disconnect calendars

To exercise these rights, contact us at: privacy@hetk.io

Data Retention

• Active accounts: Data retained while your account is active
• Cancelled accounts: Data deleted within 30 days of cancellation
• Sync logs: Retained for 90 days
• Payment records: Retained for 7 years (tax compliance)

International Data Transfers

Hetk Technologies OÜ is based in Estonia (EU). We comply with:

• GDPR (European Union)
• ePrivacy Directive (EU)
• CCPA (California, USA)

Children's Privacy

Hetk is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us at privacy@hetk.io and we will delete it promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to your registered email address. Continued use of Hetk after changes constitutes acceptance of the updated policy.

Contact Us

For privacy-related questions or requests:

Email: privacy@hetk.io
Support: support@hetk.io
Company: Hetk Technologies OÜ, Estonia

We aim to respond within 30 days.

Data Protection Officer

For EU users, our Data Protection Officer can be reached at: privacy@hetk.io

Supervisory Authority

EU users have the right to lodge a complaint with the Estonian Data Protection Inspectorate (www.aki.ee) or their local data protection authority.