Home › Privacy Policy

Privacy Policy

Last updated: June 21, 2026

1. Information We Collect

ShootCal operates under a privacy-first model. The App only accesses data that is strictly necessary to perform its core functions.

A. Data Accessed via Google OAuth (With Your Explicit Permission)

Google Account Information: Your email address, used solely to authenticate and identify your connection with Google Calendar.
Google Calendar Events: The App reads and writes events to your selected Google Calendars. This includes event titles, dates, times, locations, color labels, recurrence rules, and attendee email addresses.
Attendee RSVP Status: When a client accepts, declines, or modifies a calendar invitation, their status flows back through the Google Calendar API and is displayed inside the App.
Google Contacts (Optional): If you enable the “Sync with Google Contacts” feature, the App reads and writes contacts within a single, isolated contact group label it creates, named ShootCal Clients. The App does not read or modify contacts outside of this label.
Google Tasks (Optional): If you use the to-do and follow-up features, the App reads and writes tasks within a single dedicated Google Tasks list it creates, named ShootCal. This lets your follow-up to-dos appear alongside your photography schedule and stay in sync across your devices and the web. The App does not read or modify tasks outside of this list.

B. Data Stored Locally on Your Device & Private iCloud

Location Metadata: A city name and geographic coordinates used strictly for computing local golden hour, sunrise, and sunset times.
Application Preferences: Your custom session types, default calendar selection, deposit-label prefixes, custom notification offsets, and UI preferences.
On-Device Event Cache: A localized encrypted cache of your recent Google Calendar events to ensure instant UI rendering and offline browsing.
Client List: Client names, phone numbers, addresses, and custom notes, stored securely inside your private Apple iCloud account via CloudKit.

2. Google API Services User Data Policy & Limited Use Disclosure

ShootCal’s use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Our practices strictly comply with these core privacy conditions:

Core Product Functionality: We request access to your Google Calendar (calendar) and permission to send emails on your behalf (gmail.send) strictly to provide user-facing scheduling features. gmail.send is used exclusively to dispatch automated, user-configured confirmation templates to clients scheduled within your app. ShootCal only sends messages triggered by your explicit button clicks. We do not have, and do not request, access to read, modify, or delete existing emails in your inbox.
Isolated Contact Syncing: We access Google Contacts (contacts) solely to keep your client list synchronized in both directions inside the dedicated ShootCal Clients label. We never access your other contacts.
Isolated Task Syncing: We access Google Tasks (tasks) solely to create, display, complete, and remove your follow-up to-dos inside a single dedicated Google Tasks list named ShootCal. We never access or modify tasks in your other lists.
No Advertising or Marketing: Google user data obtained via ShootCal is never used, transferred, or sold to third parties for serving advertisements, personalized marketing, retargeting, or interest-based profiling.
No Profiling or Advertising Data Sharing: Google user data obtained via our app is never transmitted to external servers or third-party systems for data logging, advertising, or algorithmic profiling. The only data sent to our own server (api.shootcal.com) is for explicit, opt-in features you turn on yourself, namely the Web Calendar feed and the optional AI Client Scan described in Section 4, and even then it is never sold or used for ads.
No Human Review: We do not allow human review of your Google user data. A human may only access your data if we have obtained your explicit, affirmative consent to view specific elements for technical troubleshooting or support requests.
Strict Transfer Safeguards: We only transfer your Google user data to others if it is explicitly necessary to provide or improve user-facing features visible inside the app’s interface (such as transferring availability metadata to api.shootcal.com for your optional Web Calendar publishing feature).

3. How We Use Your Information

Calendar Operations: Used exclusively to display, create, modify, and delete photography session events on your behalf.
Location Processing: Location queries entered into the App’s configuration are processed directly through Apple MapKit on-device. No location search queries or tracking details are transmitted to the developer.
Preferences Syncing: A subset of your app configurations (sunrise/sunset location, deposit prefixes, session types) is synced across your own personal devices using Apple iCloud Key-Value Storage. Notification preferences and calendar selection stay isolated on a per-device level.

4. Text Parsing: On-Device Quick Add & Optional AI Client Scan

On-device Quick Add. The native apps include an optional natural language event parser (e.g., typing “Smith wedding next Saturday at 3pm” to pre-fill your scheduling form).

On iPhone, iPad, and Mac this processing occurs entirely on-device using local, native platform text-processing built into the operating system.
The text you type, your calendar metadata, and your client details are never transmitted to the developer, to Google, or to any remote third-party for this on-device feature.
This data is processed transiently in local memory and is never logged or stored externally.

Optional AI Client Scan. ShootCal offers a separate, opt-in “Scan for Clients” feature that reads your calendar event titles to suggest client names for your client list.

When you choose to run a scan, the event titles within the date range you select are sent to our server at api.shootcal.com and then to Anthropic (the Claude AI provider) for the sole purpose of extracting suggested client names. Only the titles and the date range are sent for this purpose, not attendees, notes, or other event details.
If you additionally enable “Find client emails,” ShootCal reads your Google “Other contacts” (names and email addresses Google auto-saved from people you have emailed) to match an email to a scanned name. You review and confirm every suggestion before anything is saved.
This data is used only to return suggestions to you. It is not used to train AI models, and it is never sold or used for advertising. The web version of Quick Add also uses this same server-side AI rather than the on-device parser.

5. Third-Party Services

The App interacts with the following official APIs to provide its native features:

Google Calendar API & Google Sign-In: Authenticates your identity and processes your calendar data. Subject to the Google Privacy Policy.
Apple MapKit (MKLocalSearchCompleter): Provides on-device location auto-complete for event coordinates. Subject to the Apple Privacy Policy.
Apple iCloud Infrastructure: Syncs app configurations and back-end client details securely between your personal Apple devices. Subject to the Apple Privacy Policy.
Google Tasks API: Reads and writes your follow-up to-dos within the dedicated ShootCal Tasks list. Subject to the Google Privacy Policy.
Anthropic (Claude AI): If and only if you run the optional AI Client Scan (or web Quick Add), your event titles are processed by Anthropic via api.shootcal.com to suggest client names. Anthropic does not use API data to train its models. Subject to the Anthropic Privacy Policy.

6. Data Storage, Security & Backend Limitations

Optional Web Calendar Service: Apart from the official Google and Apple endpoints and the opt-in AI Client Scan described in Section 4, the App transmits your private data to our own server only for the optional Web Calendar feature. If and only if you enable it, the App sends specific, anonymized availability timelines to api.shootcal.com to publish a live schedule to your website. This feed never contains your contacts, your email tokens, or client personal details.
No Developer Telemetry: The developer does not collect, track, or monitor your personal data, calendar entries, or analytics. There are no third-party software development kits (SDKs), background trackers, ads, or telemetry engines in the App.
Website Analytics (Marketing Site Only): Our public marketing website at shootcal.com uses Google Analytics to understand aggregate visitor traffic, such as page views and where visitors come from. This is standard, anonymous website analytics — it is entirely separate from the App, applies only to the marketing pages, and never has any access to your in-app data, your Google Calendar, your contacts, or your clients. It is not present in the iPhone, iPad, Mac, or Watch apps.
Cryptographic Security: All API communications are strictly encrypted using HTTPS / TLS protocols. OAuth tokens are managed securely via Google’s native iOS/macOS Sign-In SDK and stored directly in your local device’s hardware-encrypted System Keychain.

7. Data Retention & Deletion

The developer stores none of your operational data on external infrastructure. Your data is maintained across three platforms entirely within your custody:

Google Cloud Infrastructure: Persists in accordance with your personal Google Account data retention policies. Deleting an event in the App moves it to your Google Calendar trash, where it remains recoverable for 30 days.
Local Device Storage: Your local cache and active login states are instantly wiped from the system keychain and disk space if you tap “Sign Out” within the App, or if you uninstall the App.
Apple iCloud Storage: Synced configurations persist within your secure private iCloud allocation for as long as your Apple Account remains active and the App is installed on at least one associated device.

8. Your Rights

You can review, modify, or completely terminate ShootCal’s permissions at any time. To revoke access instantly, navigate to your Google Account Security settings and remove access for ShootCal. You can also purge local states by signing out of your profile inside the application settings.

9. Children’s Privacy

The App is not intended for use by individuals under the age of 13. The developer does not knowingly collect or request personal information from children.

10. Contact Information

If you have any questions or require legal or technical clarifications regarding this policy or how data is processed, please contact:

Developer: Ryan Smith
Email: [email protected]
Mailing Address: 151 Empyrean Cir, Myrtle Beach, SC 29588
Business Phone: 843-352-8640