Privacy Policy

Last updated: April 12, 2026

1. Introduction

This Privacy Policy explains how ukix UG ("we", "us", or "our") collects, uses, stores, and protects your personal data when you use our scheduling and calendar service ("Service"). We are committed to protecting your privacy and handling your data in compliance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

2. Data Controller

The data controller responsible for processing your personal data is:

ukix UG
Email: [email protected]

3. Data Protection Officer

Our Data Protection Officer is:

Karl Miller
Email: [email protected]

4. What Data We Collect

4.1 Account Data

When you create an account, we collect:

  • Email address
  • Full name
  • Username (public booking page identifier)
  • Timezone preference
  • Password (encrypted using industry-standard hashing)

4.2 Calendar and Availability Data

To provide our Service, we store:

  • Your availability schedules and time preferences
  • Event types you create (title, duration, description, buffer times)
  • Date-specific availability overrides
  • Connected calendar information (Google Calendar IDs, sync status)

4.3 Booking Data

When someone books a meeting with you, we collect:

  • Booker's name and email address
  • Booker's timezone
  • Meeting date, time, and duration
  • Optional notes or messages
  • Google Calendar event IDs (if calendar sync is enabled)
  • Google Meet links (if auto-generated)

4.4 Usage Data

We collect minimal usage data for service improvement:

  • IP address (temporarily for security and rate limiting)
  • Browser type and version
  • Access timestamps
  • Pages visited within our application

Important: We do not use tracking cookies, analytics pixels, or third-party tracking services on our public booking pages. We respect Do Not Track signals.

5. Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6 GDPR:

  • Performance of a contract (Art. 6(1)(b) GDPR): Processing necessary to provide our scheduling service, including account management, booking coordination, and calendar synchronization.
  • Consent (Art. 6(1)(a) GDPR): Where you have explicitly consented, such as for optional marketing communications or connecting third-party services like Google Calendar.
  • Legal obligation (Art. 6(1)(c) GDPR): Processing required to comply with tax, accounting, or other legal requirements.
  • Legitimate interests (Art. 6(1)(f) GDPR): Processing for security, fraud prevention, and service improvement, provided your interests do not override ours.

6. How We Use Your Data

We use your personal data exclusively for:

  • Providing and maintaining the scheduling service
  • Coordinating meetings between you and your bookers
  • Sending transactional emails (booking confirmations, reminders, cancellations)
  • Synchronizing with your connected Google Calendar
  • Customer support and communication
  • Security monitoring and fraud prevention
  • Legal compliance and dispute resolution

7. Data Retention

We retain your personal data only as long as necessary:

  • Account data: Retained until you delete your account
  • Booking data: Retained for 2 years after the meeting date for legal and accounting purposes, then anonymized
  • Calendar sync data: Retained while your Google Calendar connection is active
  • Email logs: Retained for 30 days
  • Server logs: Retained for 7 days

Upon account deletion, we delete or anonymize your personal data within 30 days, except where legal obligations require longer retention.

8. International Data Transfers

Our infrastructure providers (Supabase, Resend) may process data in data centers outside the European Economic Area (EEA), including the United States. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements (DPAs) with all sub-processors
  • Verification that our providers maintain adequate security measures

9. Third-Party Services

We use the following sub-processors to provide our Service:

ProviderPurposeLocation
SupabaseDatabase, authentication, storageEU / US
ResendEmail deliveryUS
Google LLC Calendar synchronization (only when you connect your account) US

10. Cookies and Local Storage

We use minimal cookies and local storage:

  • Authentication session: Essential cookie to maintain your login session
  • Theme preference: Local storage for dark/light mode preference

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

11. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right to access (Art. 15 GDPR): Request a copy of your personal data we process
  • Right to rectification (Art. 16 GDPR): Correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten") (Art. 17 GDPR): Request deletion of your data
  • Right to restrict processing (Art. 18 GDPR): Limit how we use your data
  • Right to data portability (Art. 20 GDPR): Receive your data in a structured, machine-readable format
  • Right to object (Art. 21 GDPR): Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time (does not affect prior lawful processing)

To exercise these rights, contact us at [email protected]. We will respond within one month.

12. Right to Lodge a Complaint

If you believe we have violated your data protection rights, you have the right to lodge a complaint with a supervisory authority. In Germany, you can contact:

The Federal Commissioner for Data Protection and Freedom of Information (BfDI)
Graurheindorfer Str. 153
53117 Bonn
Germany
Website: www.bfdi.bund.de

Alternatively, you may contact your local state data protection authority.

13. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Regular security assessments and penetration testing
  • Access controls and principle of least privilege
  • Regular backups with encrypted storage
  • Incident response procedures

14. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant impacts on you.

15. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service. The "Last updated" date at the top indicates when this policy was last revised.

17. Contact Us

For questions about this Privacy Policy or our data practices, please contact:

ukix UG
Email: [email protected]