Effective Date: March 24, 2026 · Last Updated: March 24, 2026
Wheni.sh is operated by CoeCode LLC. This Privacy Policy explains what information we collect, how we use it, how we share it, and the choices you have when you use Wheni.sh.
If you have privacy questions, contact [email protected].
We use Clerk to manage account registration, authentication, and session security. This includes identifiers such as your name, email address, account ID, and sign-in metadata.
If you connect Google Calendar or iCloud Calendar, we collect the calendar information needed to provide the service, such as event titles, descriptions, times, attendees, availability signals, and selected calendar metadata.
If you subscribe to a paid plan, Stripe processes your payment information. We receive billing status, subscription details, and limited transaction metadata, but not full payment card numbers.
We collect product usage information such as asks submitted, feature interactions, settings changes, and general product analytics needed to operate, debug, and improve Wheni.sh.
Sentry collects error data including device and browser information, request metadata, and performance traces. We have configured Sentry to minimize personal data collection.
If you participate in a shared group poll without a Wheni.sh account, we collect the name and email address you provide when submitting your availability response. This data is used solely for the poll and is retained with the poll record.
We use your information to provide and maintain Wheni.sh, including syncing calendars, generating availability intelligence, storing preferences, and returning recommendations based on your schedule.
We also use your information to power AI-assisted features through OpenAI and Anthropic, send product and account communications, improve reliability and usability, prevent abuse, and comply with legal obligations or safety requirements.
| Processing Activity | Legal Basis |
|---|---|
| Account management | Contract performance (Art. 6(1)(b)) |
| Calendar sync and recommendations | Contract performance (Art. 6(1)(b)) |
| Payment processing | Contract performance (Art. 6(1)(b)) |
| AI analysis | Contract performance (Art. 6(1)(b)) |
| Error monitoring / diagnostics | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance (tax records) | Legal obligation (Art. 6(1)(c)) |
| Security and abuse prevention | Legitimate interest (Art. 6(1)(f)) |
When you use recommendation features, calendar event text and related scheduling context may be sent to OpenAI and Anthropic so Wheni.sh can generate availability recommendations and related product output.
These providers are contractually prohibited from using your data to train or improve their AI models. Your calendar data is not retained by these providers beyond the duration of the individual API request. We do NOT use Google data to train AI/ML models.
Wheni.sh's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
We do not sell your personal information. We share information only with service providers and infrastructure partners that help us operate Wheni.sh, process payments, secure the product, deliver communications, and support AI-powered features.
| Service | Purpose | Region | Privacy Policy |
|---|---|---|---|
| Clerk | Authentication, account management, session security, and user profile data. | United States | View policy |
| Stripe | Subscription billing, payment processing, invoicing, and payment fraud prevention. | United States | View policy |
| OpenAI | AI-powered schedule analysis and recommendation generation from calendar event text. | United States | View policy |
| Anthropic | AI-powered schedule analysis and recommendation generation from calendar event text. | United States | View policy |
| Neon | Managed PostgreSQL database hosting for account, integration, and product data. | United States | View policy |
| Sentry | Application monitoring, error reporting, diagnostics, and abuse detection. | United States | View policy |
| Resend | Transactional email delivery, including account and product communications. | United States | View policy |
| Trigger.dev | Background job orchestration for product workflows and integrations. | United States | View policy |
| Vercel | Web application hosting, delivery, and edge infrastructure. | United States | View policy |
| Railway | Application infrastructure and deployment support for backend services. | United States | View policy |
| Cloudflare | DNS, security filtering, bot mitigation, and performance delivery services. | Global | View policy |
If you connect Google Calendar, you authorize Wheni.sh to access the Google calendar scopes needed to read and write events and calendar metadata you choose to connect. Google data is used only to provide the features you request, and our handling of that data is subject to Google's Limited Use requirements.
You can revoke Google access at any time from your Google Account permissions settings or by disconnecting the integration inside Wheni.sh.
If you connect iCloud Calendar, you provide an app-specific password so Wheni.sh can access your calendar data through the connection you authorize. We store that credential in encrypted form and use it only to sync calendar data for your account.
You can revoke iCloud access by deleting the app-specific password in your Apple ID settings or by disconnecting the integration inside Wheni.sh.
We retain account and calendar-related data while your account is active so the product can operate normally. If you delete your account, we will begin the process of deleting or de-identifying your account data within 30 days. Some data may persist in encrypted backups for an additional period before being permanently removed.
We retain payment and tax-related records for up to 7 years to comply with accounting, tax, and legal obligations.
AI request data is processed transiently and is not used for model training. Retention for abuse monitoring is governed by each provider's commercial API terms.
We use administrative, technical, and organizational safeguards designed to protect your information. Data in transit is protected with TLS, and supported data stores use encryption at rest.
Sensitive credentials, including iCloud app-specific passwords, are encrypted using AES-256-GCM. Access is limited to the systems and personnel who need it to operate the service.
In the event of a data breach, we will notify the relevant supervisory authority within 72 hours where required by GDPR, and will notify affected users without undue delay if the breach poses a high risk to their rights and freedoms.
Wheni.sh is based in the United States, and your information may be processed in the United States and other countries where our service providers operate.
Where applicable, we rely on recognized transfer mechanisms such as the EU-US Data Privacy Framework and Standard Contractual Clauses to support lawful international data transfers.
All users may request access to their personal information, request correction of inaccurate data, request deletion, and request a portable copy of the data they have provided to us, subject to applicable legal limits.
If you are in the European Economic Area, United Kingdom, or similar jurisdictions, you may also have rights to object to processing, restrict processing, and withdraw consent where processing is based on consent.
If you are a California resident, you may have rights under the CCPA or CPRA, including the right to know, delete, correct, and request information about our data practices. We do not sell personal information or share it for cross-context behavioral advertising.
Wheni.sh uses a minimal set of cookies for authentication, security, and bot protection. We do not use advertising or analytics cookies.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| __session | Clerk | Authentication session | Session |
| __client_uat | Clerk | Cross-tab auth sync | 1 year |
| __cf_bm | Cloudflare | Bot protection | 30 minutes |
| Cloudflare Turnstile widget | Cloudflare | CAPTCHA verification on guest poll forms | Session |
Wheni.sh is not directed to children. In the United States, the service is not intended for anyone under 13. In the European Union and similar jurisdictions, the service is not intended for anyone under 16 unless permitted by applicable law and authorized by a parent or guardian.
We may update this Privacy Policy from time to time. If we make material changes, we will provide at least 30 days' notice by posting the updated policy, sending an email, or providing an in-app notice before the changes take effect.
For privacy questions, requests, or complaints, contact [email protected].