Privacy Policy

Last updated: 2026-02-09

At WhenTo, we take the protection of your personal data very seriously. This privacy policy explains how we collect, use, and protect your information when you use our service.

Data Collection

We collect the following types of data:

  • Account data: Email address, display name, encrypted password, language and timezone preferences.
  • Calendar data: Calendar names, descriptions, participants, availabilities, and configuration settings.
  • Technical data: Your IP address is used transiently for rate limiting (abuse protection) and is not stored in the database. No browsing activity, pages visited, or browser type is tracked.
  • Payment data: Payments are processed by Stripe. We do not store your credit card information.

Data Usage

We use your data to:

  • Provide and maintain the WhenTo service
  • Send you important notifications about your account
  • Improve and personalize your experience
  • Ensure security and prevent abuse
  • Comply with our legal obligations

Storage and Security

Your data is stored on secure servers located in the European Union. We use SSL/TLS encryption to protect data in transit and appropriate security measures to protect data at rest. Passwords are hashed with bcrypt and are never stored in plain text.

Third-Party Services

We use the following third-party services:

  • Stripe - Payment processing for subscriptions. Please refer to Stripe's privacy policy for more information.

Cookies

We use cookies strictly necessary for the operation of the service:

  • Essential cookies: Used for authentication and remembering your preferences. These cookies are necessary for the service to function.

Your Rights

In accordance with GDPR, you have the following rights:

  • Right of access: You can request a copy of your personal data.
  • Right to rectification: You can correct your data through your account settings.
  • Right to erasure: You can request deletion of your account and data.
  • Right to portability: You can export your data in a readable format.
  • Right to object: You can object to the processing of your data in certain cases.

Data Retention

We retain your data as long as your account is active. After account deletion, your data is permanently deleted within 30 days, unless we are legally required to retain it longer.

Minors

Minors may use WhenTo under the responsibility of their parents or legal guardians. For users under 15 years old in France, parental consent is required in accordance with GDPR.

Changes

We may update this privacy policy. Significant changes will be notified by email or through the service. We encourage you to review this page regularly.

Contact

For any questions about this privacy policy or to exercise your rights, contact us at privacy@whento.be.