Privacy Policy

Skejjy is a family schedule sharing tool. This policy describes what information we collect, how we use it, and the choices you have. Plain English, no surprises.

Information we collect

• Account information. When you sign up, we store your name, email address, and a hashed password.
• Family and activity data. The family member names, activities, locations, and dates you create.
• Photos. Images that you or your guests upload to an activity, stored in our object storage.
• RSVPs. Names and yes/no responses submitted via your share links.
• Connected calendar data. If you connect a Google Calendar account, we store encrypted OAuth tokens and the email address of the connected account. If you connect a calendar by URL, we store the URL encrypted at rest. We fetch event data from these sources only when you preview or import events — we do not run background syncs.
• Session and request data. IP address, user agent, and timestamps for sign-in sessions, used to keep your account secure.

How we use it

• To run the service: showing you your schedule, syncing imports, sending RSVP confirmations.
• To send you transactional email (e.g. password reset) via our email provider.
• To investigate abuse and protect the service.

We do not sell your data. We do not run advertising. We do not use your data to train AI models.

Google user data

When you connect a Google Calendar account, Skejjy requests read-only access to your calendar list and events. We use that access only to display events in the import picker and to copy events you explicitly select into Skejjy as activities. We do not create, modify, or delete events in your Google Calendar. We do not share Google user data with third parties, and we do not use it for advertising or for any purpose other than the import feature you initiated. Skejjy's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. You can disconnect your Google account at any time from the Calendar Import page; we then revoke the refresh token with Google and clear the stored credentials from our database.

Service providers

We use a small number of third parties to run Skejjy:

• Resend — to send transactional email.
• Google — only when you connect a Google Calendar; data flows are described above.
• Object storage — to store photos uploaded to activities.
• Hosting — to run the application servers and database.

How we protect your data

• Passwords are stored as salted hashes — never as plain text.
• Google OAuth tokens and connected calendar URLs are encrypted at rest using AES-256-GCM with a key kept separately from the database.
• All traffic to skejjy.com is served over HTTPS.
• Sessions are stored in HTTP-only cookies.

Sharing

Share links you create expose the activities and photos under that link to anyone who has the URL. Treat the URL as the access control — if you don't want someone to see the schedule, don't share the link with them. You can deactivate or delete a share link at any time.

Your choices

• You can edit or delete family members, activities, and photos at any time.
• You can disconnect any connected calendar source at any time.
• You can request deletion of your account by emailing us; we will remove your account, family data, activities, photos, and connected-calendar credentials.

Children

Skejjy is not directed to children under 13. The family member entries you create are simply names and colors; we don't treat them as separate accounts.

Changes

If we change this policy in a meaningful way, we'll update the date at the top and, where appropriate, notify you in the app or by email.

Contact

Questions or requests? Email us at jaredclambert@gmail.com.