Home › Privacy Policy
Privacy Policy
Last updated: June 14, 2026
1. Information We Collect
ShootCal operates under a privacy-first model. The App only accesses data that is strictly necessary to perform its core functions.
A. Data Accessed via Google OAuth (With Your Explicit Permission)
- Google Account Information: Your email address, used solely to authenticate and identify your connection with Google Calendar.
- Google Calendar Events: The App reads and writes events to your selected Google Calendars. This includes event titles, dates, times, locations, color labels, recurrence rules, and attendee email addresses.
- Attendee RSVP Status: When a client accepts, declines, or modifies a calendar invitation, their status flows back through the Google Calendar API and is displayed inside the App.
- Google Contacts (Optional): If you enable the “Sync with Google Contacts” feature, the App reads and writes contacts within a single, isolated contact group label it creates, named ShootCal Clients. The App does not read or modify contacts outside of this label.
B. Data Stored Locally on Your Device & Private iCloud
- Location Metadata: A city name and geographic coordinates used strictly for computing local golden hour, sunrise, and sunset times.
- Application Preferences: Your custom session types, default calendar selection, deposit-label prefixes, custom notification offsets, and UI preferences.
- On-Device Event Cache: A localized encrypted cache of your recent Google Calendar events to ensure instant UI rendering and offline browsing.
- Client List: Client names, phone numbers, addresses, and custom notes, stored securely inside your private Apple iCloud account via CloudKit.
- Apple Reminders Integration (Optional): If you grant explicit system permissions, the App accesses your local Apple Reminders to sync or display tasks directly alongside your photography schedule. This data is processed entirely on-device and via your private iCloud account; it is never transmitted to the developer or any third party.
2. Google API Services User Data Policy & Limited Use Disclosure
ShootCal’s use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Our practices strictly comply with these core privacy conditions:
- Core Product Functionality: We request access to your Google Calendar (
calendar) and permission to send emails on your behalf (gmail.send) strictly to provide user-facing scheduling features.gmail.sendis used exclusively to dispatch automated, user-configured confirmation templates to clients scheduled within your app. ShootCal only sends messages triggered by your explicit button clicks. We do not have, and do not request, access to read, modify, or delete existing emails in your inbox. - Isolated Contact Syncing: We access Google Contacts (
contacts) solely to keep your client list synchronized in both directions inside the dedicated ShootCal Clients label. We never access your other contacts. - No Advertising or Marketing: Google user data obtained via ShootCal is never used, transferred, or sold to third parties for serving advertisements, personalized marketing, retargeting, or interest-based profiling.
- No External Framework Data Sharing: Google user data obtained via our app is never transmitted over the network to external backend servers or third-party computing systems for data logging, parsing analysis, or algorithmic profiling.
- No Human Review: We do not allow human review of your Google user data. A human may only access your data if we have obtained your explicit, affirmative consent to view specific elements for technical troubleshooting or support requests.
- Strict Transfer Safeguards: We only transfer your Google user data to others if it is explicitly necessary to provide or improve user-facing features visible inside the app’s interface (such as transferring availability metadata to api.shootcal.com for your optional Web Calendar publishing feature).
3. How We Use Your Information
- Calendar Operations: Used exclusively to display, create, modify, and delete photography session events on your behalf.
- Location Processing: Location queries entered into the App’s configuration are processed directly through Apple MapKit on-device. No location search queries or tracking details are transmitted to the developer.
- Preferences Syncing: A subset of your app configurations (sunrise/sunset location, deposit prefixes, session types) is synced across your own personal devices using Apple iCloud Key-Value Storage. Notification preferences and calendar selection stay isolated on a per-device level.
4. On-Device Text Parsing (Natural Language Processing)
ShootCal includes an optional natural language event parser feature (e.g., typing “Smith wedding next Saturday at 3pm” to pre-fill your scheduling form).
- This processing occurs entirely on-device utilizing local, native platform text-processing architectures built into the operating system.
- The text you type, your calendar metadata, and your client details are never transmitted to the developer, to Google, or to any remote third-party cloud database system.
- This data is processed transiently in local memory and is never logged or stored externally.
5. Third-Party Services
The App interacts with the following official APIs to provide its native features:
- Google Calendar API & Google Sign-In: Authenticates your identity and processes your calendar data. Subject to the Google Privacy Policy.
- Apple MapKit (MKLocalSearchCompleter): Provides on-device location auto-complete for event coordinates. Subject to the Apple Privacy Policy.
- Apple iCloud Infrastructure: Syncs app configurations and back-end client details securely between your personal Apple devices. Subject to the Apple Privacy Policy.
- Apple Reminders (EventKit Framework): Connects to your device’s native reminders database to manage tasks. Subject to the Apple Privacy Policy.
6. Data Storage, Security & Backend Limitations
- Optional Web Calendar Service: The App does not transmit your private data to external servers, except for the official Google and Apple endpoints. If and only if you choose to enable the optional Web Calendar feature, the App sends specific, anonymized availability timelines to our service at api.shootcal.com to publish a live schedule to your website. This feed never contains your contacts, your email tokens, or client personal details.
- No Developer Telemetry: The developer does not collect, track, or monitor your personal data, calendar entries, or analytics. There are no third-party software development kits (SDKs), background trackers, ads, or telemetry engines in the App.
- Cryptographic Security: All API communications are strictly encrypted using HTTPS / TLS protocols. OAuth tokens are managed securely via Google’s native iOS/macOS Sign-In SDK and stored directly in your local device’s hardware-encrypted System Keychain.
7. Data Retention & Deletion
The developer stores none of your operational data on external infrastructure. Your data is maintained across three platforms entirely within your custody:
- Google Cloud Infrastructure: Persists in accordance with your personal Google Account data retention policies. Deleting an event in the App moves it to your Google Calendar trash, where it remains recoverable for 30 days.
- Local Device Storage: Your local cache and active login states are instantly wiped from the system keychain and disk space if you tap “Sign Out” within the App, or if you uninstall the App.
- Apple iCloud Storage: Synced configurations persist within your secure private iCloud allocation for as long as your Apple Account remains active and the App is installed on at least one associated device.
8. Your Rights
You can review, modify, or completely terminate ShootCal’s permissions at any time. To revoke access instantly, navigate to your Google Account Security settings and remove access for ShootCal. You can also purge local states by signing out of your profile inside the application settings.
9. Children’s Privacy
The App is not intended for use by individuals under the age of 13. The developer does not knowingly collect or request personal information from children.
10. Contact Information
If you have any questions or require legal or technical clarifications regarding this policy or how data is processed, please contact:
- Developer: Ryan Smith
- Email: [email protected]
- Mailing Address: 151 Empyrean Cir, Myrtle Beach, SC 29588
- Business Phone: 843-352-8640