Privacy Policy

This Privacy Policy describes what personal data Callday collects, how it is processed, and what rights you have regarding your data. It applies to the callday.io website and the Callday iOS app.

Callday is operated from Germany. Because of that, the EU General Data Protection Regulation (GDPR) is the legal framework for everything we do with your data — even if you live in the US. We've translated the legal references below for an English-speaking audience, but they refer to the same statutes cited in the German version.

1. Data Controller

Controller within the meaning of Article 4(7) GDPR:

Jan Bettermann Bensberger Marktweg 338 51069 Cologne Germany

Email: hello@callday.io


2. What Data We Collect

2.1 When You Visit This Website

When you access this website, your browser automatically transmits information to our hosting provider, which is stored temporarily in server logs:

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating a stable, secure website).

2.2 When You Join the Waitlist

If you sign up for the Callday waitlist or early access, we collect:

Purpose: Informing you about the launch and beta access. Legal basis: Art. 6(1)(a) GDPR (consent) or Art. 6(1)(b) GDPR (pre-contractual measures).

2.3 When You Use the iOS App

The Callday app stores lead data and call outcomes locally on your device first. When you sign in, we sync the following data to our database:

Purpose: Providing app functionality, cross-device synchronization, automatic email sending for booked appointments. Legal basis: Art. 6(1)(b) GDPR (contract performance).

2.4 When You Subscribe via the Website (Stripe)

If you subscribe to Callday through our website, payment processing runs through our payment provider Stripe. The following data is processed:

If you subscribe via Apple In-App Purchase, we only receive an Apple transaction ID and the subscription status — no payment method data.

Purpose: Contract performance, invoicing, recurring billing, statutory retention of accounting records. Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(c) GDPR (statutory bookkeeping obligations under § 147 German Fiscal Code (AO) and § 257 German Commercial Code (HGB)).


3. Recipients and Third-Party Processors

We use carefully selected data processors (Art. 28 GDPR):

We do not share your data with third parties for advertising purposes and we do not sell it.


4. Google API Services User Data Policy

When you connect your Google account (Gmail) with Callday, we use the OAuth scope gmail.send to send appointment confirmation emails on your behalf from your Gmail account. We do not read, store, or process any incoming emails, contacts, or other Gmail content. The OAuth refresh token is stored encrypted on the server side and is used exclusively to send the confirmation emails you trigger.

Callday's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In concrete terms: data received via Google APIs is used solely to provide the feature described above. It is not used for advertising, not used to train AI or machine-learning models, not transferred to third parties, and not read by humans — except with your explicit consent, for security purposes (e.g. abuse detection), for anonymized internal operations, or as required by law.


5. Data Retention


6. Your Rights

You have the right at any time to:

You can delete your account, including all data, directly in the app: Settings → Account → Delete account.

For other requests, please contact hello@callday.io.


7. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence, your place of work, or the place of the alleged infringement.

The authority responsible for our location in Germany is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia), Kavalleriestraße 2–4, 40213 Düsseldorf, Germany.


8. Data Security

We use technical and organizational measures to protect your data — in particular SSL/TLS encryption for every data transmission, encrypted storage of sensitive values (e.g. OAuth tokens), and access restrictions at the database level (Row-Level Security).


9. Changes to This Policy

We update this Privacy Policy when our feature set, legal requirements, or the third-party services we use change. The current version is always available at callday.io/privacy.

Last updated: 2026-06-11