WhenCanWeBuy me a coffee

Privacy Policy

Last updated: March 29, 2026

What WhenCanWe does

WhenCanWe is a group scheduling tool. You describe an event, share a link with your group, and everyone marks their availability. We find the best time that works for everyone.

No accounts required

WhenCanWe does not require user accounts. Your identity is tied to a browser cookie (via iron-session) that stores a random participant ID. We don't collect your name, email, or any personal information unless you choose to provide it.

Google Calendar data

We request read-only access to your Google Calendar events through the calendar.events.readonly scope. Here's exactly what we do with it:

  • What we read: Event titles, start/end times, and busy/free status for the date range relevant to the event being scheduled.
  • How it's used: Server-side only, to detect time conflicts and find when everyone is free. Your calendar events are never shown to other participants.
  • What we store:Encrypted OAuth tokens (AES-256-GCM) so you don't have to re-authorize every visit. We do not store your calendar event details.
  • What we share: Only your availability windows (free/busy times) are shown to the group. Event titles and details stay private.

Nudge system

When a near-perfect time is blocked by one person's conflict, we may generate a friendly nudge asking if that conflict is movable. The nudge message may reference the conflict's title, but this is only shown to the person who owns that calendar event — never to other participants.

Data we store

  • Event details you create (title, description, constraints)
  • Participant names (if provided) and availability windows
  • Encrypted Google OAuth tokens
  • AI-generated time suggestions and nudge messages

All data is stored in a PostgreSQL database hosted on Neon. We do not sell, share, or transfer your data to third parties.

AI processing

We use large language models (via OpenRouter) for three tasks: parsing natural-language event descriptions, ranking time suggestions, and generating nudge messages. Your calendar event details are never sent to AI models — only availability information and event constraints.

Cookies

We use a single encrypted session cookie to identify you as a participant. No tracking cookies, no analytics cookies, no third-party cookies.

Deleting your data

Since there are no user accounts, your data is tied to the events you participate in. If you want your data removed, contact us and we'll delete it.

Contact

Questions about this policy? Reach out at connie@epiloguelabs.ai