Back to Sign In

Privacy Policy

Last updated: April 21, 2026

1. Introduction

CalDAV Calendar ("we", "our", or "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, process, and protect your personal information in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data protection laws.

This policy applies to all users of our CalDAV calendar service and describes your privacy rights and how the law protects you.

2. Data Controller

Service Name: CalDAV Calendar

Email: support@servera.lt

Phone: +370 52 444443

Address: Lithuania, European Union

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Account Information

  • Full name
  • Username
  • Email address
  • Password (stored in encrypted form using salted MD5 hashing)
  • Account creation and last login dates

3.2 Calendar Data

  • Calendar events (titles, descriptions, dates, times, locations)
  • Event participants and attendees
  • Calendar sharing settings
  • Reminders and notifications

3.3 Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Access logs and timestamps
  • Session information

3.4 Communication Data

  • Support requests and correspondence
  • Email notifications you receive from us

4. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide calendar services you requested
  • Consent (Art. 6(1)(a)): You have given explicit consent for specific processing activities (e.g., marketing communications)
  • Legal Obligation (Art. 6(1)(c)): Processing required to comply with legal obligations (e.g., data retention for accounting)
  • Legitimate Interests (Art. 6(1)(f)): Processing necessary for our legitimate interests (e.g., security, fraud prevention) where not overridden by your rights

5. How We Use Your Data

We use your personal data for the following purposes:

  • To provide, maintain, and improve our calendar services
  • To create and manage your user account
  • To authenticate and authorize access to your account
  • To synchronize your calendar data across devices
  • To send you service-related notifications and updates
  • To respond to your support requests and inquiries
  • To detect, prevent, and address technical issues and security threats
  • To comply with legal obligations and enforce our Terms of Service
  • To analyze usage patterns and improve user experience (with anonymized data)

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Account Data: Retained while your account is active and for 30 days after account deletion
  • Calendar Data: Retained until you delete it or close your account
  • Access Logs: Retained for 90 days for security purposes
  • Email Verification Tokens: Retained for 24 hours
  • Password Reset Tokens: Retained for 1 hour
  • Support Communications: Retained for 2 years

After the retention period, personal data will be securely deleted or anonymized.

7. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right to Access (Art. 15)

You can request a copy of your personal data we hold about you.

Right to Rectification (Art. 16)

You can correct inaccurate or incomplete personal data.

Right to Erasure (Art. 17)

You can request deletion of your personal data ("right to be forgotten").

Right to Restriction of Processing (Art. 18)

You can request that we limit how we use your data.

Right to Data Portability (Art. 20)

You can receive your data in a machine-readable format and transfer it to another service.

Right to Object (Art. 21)

You can object to processing based on legitimate interests or direct marketing.

Right to Withdraw Consent (Art. 7(3))

You can withdraw consent at any time where processing is based on consent.

Right to Lodge a Complaint (Art. 77)

You can file a complaint with your local data protection authority.

To exercise any of these rights, please contact us at support@servera.lt. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption: All data transmitted is encrypted using TLS 1.2/1.3
  • Password Security: Passwords are hashed using salted MD5 and never stored in plain text
  • Access Controls: Strict access controls limit who can access personal data
  • Regular Backups: Data is regularly backed up to prevent loss
  • Security Monitoring: Continuous monitoring for security threats and vulnerabilities
  • Secure Infrastructure: Servers hosted in secure data centers with physical security measures

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry-standard practices.

9. Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your data only in the following circumstances:

  • With Your Consent: When you explicitly authorize us to share specific information
  • Service Providers: With trusted third-party service providers who assist in operating our service (e.g., email delivery, hosting) under strict data processing agreements
  • Legal Obligations: When required by law, court order, or regulatory authority
  • Protection of Rights: To protect our rights, property, or safety, or that of our users or the public
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)

10. International Data Transfers

Your data is stored and processed within the European Economic Area (EEA) on servers located in Lithuania. We do not transfer personal data outside the EEA. If such transfers become necessary in the future, we will ensure appropriate safeguards are in place in accordance with GDPR Chapter V (e.g., Standard Contractual Clauses, adequacy decisions).

11. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

Essential Cookies

Required for authentication and session management. Cannot be disabled.

Remember Me Cookie

Stores authentication token for 30 days if you select "Remember me" (optional).

Security Cookies

Used for CAPTCHA verification (Cloudflare Turnstile) and fraud prevention.

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the service.

12. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are under 16, please do not provide any information on our service. If we discover we have collected personal data from a child under 16, we will delete it immediately. If you believe we might have information from a child under 16, please contact us.

13. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

14. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33 and 34.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Email notification to your registered email address
  • Prominent notice on our service
  • Updating the "Last updated" date at the top of this policy

Your continued use of the service after changes become effective constitutes acceptance of the updated policy.

16. Supervisory Authority

If you have concerns about our data processing practices, you have the right to lodge a complaint with the State Data Protection Inspectorate of Lithuania:

Authority: State Data Protection Inspectorate

Address: L. Sapiegos str. 17, LT-10312 Vilnius, Lithuania

Phone: +370 5 271 2804

Email: ada@ada.lt

Website: https://vdai.lrv.lt

17. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: support@servera.lt

Phone: +370 52 444443

Subject Line: "Privacy Inquiry" or "GDPR Request"

Address: Lithuania, European Union

We will respond to your request within 30 days as required by GDPR.

Note: This Privacy Policy is compliant with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applies to all users within the European Economic Area (EEA). For users outside the EEA, this policy describes the privacy standards we apply globally.