Privacy Policy
We built Musubi because a calendar should be a quiet room, not a data farm. This policy tells you exactly what we collect, why, and what we don't do with it. No legalese — just plain words.
What we collect.
The minimum to run the service. We don't sell it. End-to-end encryption of calendar content is on our roadmap — until then, data is encrypted in transit and at rest on our servers.
Account information
When you create an account we collect your email address and the display name you choose.
Calendar data
Event titles, dates, times, and notes you enter into Musubi are stored on our servers encrypted at rest. End-to-end encryption (where we cannot read the content at all) is a planned feature and is not yet active.
Usage data
We do not currently collect usage analytics or crash reports. We plan to introduce self-hosted, open-source analytics and error monitoring in the future. This policy will be updated before that happens.
Device information
We store a push notification token (Apple APNs or Google FCM) to deliver reminders you have set. We do not store your device model or OS version.
How we use it.
To run the app, send you the notifications you asked for, and fix things when they break. That's it.
We use your data to: create and authenticate your account; sync your calendars across your devices; deliver push notifications for reminders you have configured; respond to support requests; and detect and prevent abuse of the Service.
We do not use your data to build advertising profiles, sell to third parties, or train AI models.
Storage & security.
Your data lives on servers in Germany (EU). Data is encrypted in transit and at rest. We hold it only as long as you need us to.
Where
Hetzner Online GmbH, data centres in Germany (EU). Your data does not leave the European Union.
How long
We keep your account data as long as your account is active. After you delete your account, all associated personal data is permanently deleted within 30 days.
Encryption
All data in transit uses TLS 1.3. Data at rest is encrypted on our servers. End-to-end encryption — where only the members of a calendar can read its content — is planned and not yet active. We will update this policy when it ships.
Who we share with.
Nobody buys your data from us. Ever. We use a small number of sub-processors to run the service, listed below.
We do not sell personal data. We do not share it with advertisers, data brokers, or analytics platforms.
We may share the minimum necessary information with the following categories of service providers, solely to operate Musubi:
- Hosting & infrastructure — Hetzner Online GmbH (Germany)
- Push notifications — Apple APNs and/or Google FCM (no event content is passed)
- Payments — no payment processing currently; future subscriptions will use Apple In-App Purchase and/or Google Play Billing
- Error monitoring — none currently; any future solution will be self-hosted and open-source
We may disclose data if required by law, but we will tell you when we can and will push back on overly broad requests.
Your rights.
You can see, correct, export, or delete your data at any time. Just ask.
Depending on where you live you may have the right to:
- Access — know what personal data we hold about you
- Correction — fix inaccurate information
- Deletion — ask us to delete your account and data
- Portability — export your calendars as standard
.icsfiles any time from the app - Objection — object to certain types of processing
To exercise any of these rights, email us at [email protected]. We will respond within 30 days.
We are subject to the EU General Data Protection Regulation (GDPR). Our legal bases for processing are: contract performance (Art. 6(1)(b) GDPR) for account data and calendar sync; legitimate interest (Art. 6(1)(f) GDPR) for abuse prevention. You have the right to lodge a complaint with the Czech data protection authority (Úřad pro ochranu osobních údajů, uoou.cz).
Cookies & analytics.
This website uses no cookies. The mobile app does not use cookies at all.
This website does not set any cookies. We do not use any tracking or advertising cookies.
We plan to add Rybbit Analytics — a self-hosted, open-source, cookie-free analytics tool — to understand how visitors use this website. No personal data is collected and no cookies are used. This policy will be updated when it is enabled.
Children.
Musubi is not intended for children under 16. We don't knowingly collect their data.
Musubi requires users to be at least 16 years old. If we learn that we have collected personal data from a person under 16 without appropriate consent, we will delete it promptly. If you believe this has happened, please contact us at [email protected].
Changes to this policy.
We'll tell you before anything meaningful changes. You won't wake up to a surprise.
We will notify you of material changes by posting a notice in the app and, where required by law, by email at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the latest revision.
Contact.
One email. Real humans read it.
Questions about this policy or your data? Write to us:
Email: [email protected]
Company: forgotten s.r.o., IČO 23642467
Address: Nové sady 988/2, Staré Brno, 602 00 Brno, Czech Republic
forgotten s.r.o. does not have a designated Data Protection Officer. For all data-related enquiries please use the email above.