SmartCal Privacy Policy

1. Overview

SmartCal is a calendar-automation product built by SR PRO Group ("SR PRO," "we," "our," or "us"). It allows event organizers to automatically send Google Calendar and Microsoft Outlook calendar invitations to webinar or event registrants at scale.

"SR PRO Group" refers collectively to SR Professional Marketing Inc (a Maryland, US corporation) and SR Professional Marketing Ltd (an Israeli company), both wholly owned by Ronen Wasserman. US clients are served under SR Professional Marketing Inc; Israeli clients are served under SR Professional Marketing Ltd. The data practices described in this policy apply equally across both entities.

This Privacy Policy explains what data SmartCal collects, why it collects it, how it is used, and the rights you have over your information. This policy applies specifically to SmartCal and is separate from SR PRO Group's general company Privacy Policy.

2. Google User Data — How We Access, Use, Store & Share It

SmartCal integrates with Google Calendar via the Google OAuth 2.0 protocol. Below is a comprehensive disclosure of how we handle Google user data, in compliance with Google's API Services User Data Policy.

2.1 What Google Data We Access

• Google account identity (name and email address) to identify the authorizing organizer
• Google Calendar read/write access (scope: https://www.googleapis.com/auth/calendar.events) — to create calendar events on behalf of the organizer
• No other Google data (Gmail, Drive, Contacts, etc.) is accessed or requested
  
  

2.2 How We Use Google User Data

• To create Google Calendar events in the organizer's calendar for scheduled webinars or events
• To generate and send individual Google Calendar invitations to registered attendees
• To notify registrants of event details and allow them to accept or decline the invitation
• Google data is used solely for the purposes above and for no other purpose
• We do not use Google user data to serve advertising, build user profiles, or sell to third parties
  
  

2.3 How We Store Google User Data

• OAuth tokens (access tokens and refresh tokens) are stored in encrypted form on our servers, hosted by Digital Ocean in Amsterdam, the Netherlands (European Union)
• Tokens are retained only for as long as necessary to fulfil authorized calendar operations
• Event and registrant metadata (title, date/time, attendee email) is stored temporarily to process and send invitations
• After the webinar or event has concluded, registrant data and event metadata are deleted within 30 days, unless retention is required by law
• We do not permanently store Google Calendar event content beyond operational necessity
  
  

2.4 How We Share Google User Data

• We do not sell, rent, or trade Google user data to any third party
• Registrant email addresses are not shared with other attendees or displayed publicly
• We do not share Google data with advertising networks or data brokers
• We may share data with trusted sub-processors (e.g., cloud hosting providers) solely to operate the service, under strict confidentiality obligations
• We may disclose data if required by law, court order, or to protect the rights and safety of our users
  
  

2.5 Limited Use Disclosure

SmartCal's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We access Google data only to provide and improve the SmartCal service directly requested by the user, and for no other purpose.

3. Microsoft/Outlook User Data — How We Access, Use, Store & Share It

SmartCal integrates with Microsoft Outlook Calendar via Microsoft OAuth 2.0. The data practices in this section mirror those for Google user data above.

3.1 What Microsoft Data We Access

• Microsoft account identity (display name, email address, and public profile information such as job title) to identify the authorizing organizer
• Microsoft Calendar read/write access — to create calendar events on behalf of the organizer
• No other Microsoft data (email content, OneDrive, Contacts, etc.) is accessed or requested
  
  

3.2 How We Use Microsoft User Data

• To create Outlook Calendar events in the organizer's calendar for scheduled webinars or events
• To generate and send individual Outlook Calendar invitations to registered attendees
• Microsoft data is used solely for the purposes above and for no other purpose
• We do not use Microsoft user data to serve advertising, build user profiles, or sell to third parties
  
  

3.3 How We Store Microsoft User Data

• OAuth tokens (access tokens and refresh tokens) are stored in encrypted form on our servers, hosted by Digital Ocean in Amsterdam, the Netherlands (European Union)
• Tokens are retained only for as long as necessary to fulfil authorized calendar operations
• Event and registrant metadata is stored temporarily and deleted within 30 days after the event date
  
  

3.4 How We Share Microsoft User Data

• We do not sell, rent, or trade Microsoft user data to any third party
• We may share data with trusted sub-processors solely to operate the service, under strict confidentiality obligations
• We may disclose data if required by law, court order, or to protect the rights and safety of our users

4. Information We Collect

4.1 Organizer Information

• Name and email address (via Google or Microsoft OAuth)
• Calendar OAuth tokens (access and refresh tokens)
• Account preferences and SmartCal configuration settings
  
  

4.2 Registrant Information

• Name and email address submitted via the webinar or event registration form
• Event title and scheduled date/time associated with the registration
  
  

4.3 Usage & Technical Data

• Log data: IP address, browser type, pages visited within SmartCal, and timestamps
• All current logs are retained for up to 72 hours and then deleted
• A transaction audit trail log is planned for future implementation; once live, those logs will be retained for 3 months
• Cookies and similar technologies (see Section 10)
• SmartCal does not currently use third-party error monitoring or analytics tools

5. User Consent & Control

SmartCal is built on explicit, informed consent at every step.

• Organizers must authorize SmartCal by completing the Google or Microsoft OAuth consent flow before any calendar access is granted. This authorization can be revoked at any time via your Google account at myaccount.google.com/permissions or via your Microsoft account settings.
• Registrants must opt in through the event registration form before any calendar invitation is sent to them.
• Organizers can disconnect their Google or Microsoft account from SmartCal at any time via the SmartCal settings panel, which immediately revokes our access to their calendar.
• Upon account deletion, all associated OAuth tokens, event data, and registrant records are permanently deleted within 30 days.

6. Data Retention

• Google and Microsoft OAuth tokens: retained until the organizer revokes access or deletes their SmartCal account
• Event and registrant data: deleted within 30 days after the event date
• All current logs: deleted after 72 hours
• Transaction audit trail logs (planned, not yet live): will be retained for 3 months once implemented
• If an account is inactive for 12 or more months, we may delete all associated data after providing advance notice to the registered email

7. Security

We take reasonable and appropriate technical and administrative measures to protect personal information, including:

• Encryption of OAuth tokens and sensitive data at rest using AES-256-CBC
• Encrypted data in transit using TLS 1.2 (minimum) and TLS 1.3
• Server access restricted to the SR PRO IT team via IP address whitelisting
• Access controls limiting data access to authorized personnel on a need-to-know basis
• Incident response procedures to address any unauthorized access or data breach
• 24-hour cyber incident response coverage through CFC Underwriting (Lloyd's of London syndicate)
  
  

No system is completely secure. If you believe your data may have been compromised, please contact us immediately at info@srpro.marketing.

8. Children's Privacy

SmartCal is not directed at children under the age of 13. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected such information, we will delete it promptly.

9. Sub-Processors

SmartCal uses the following sub-processors to operate the service. All sub-processors are contractually bound to handle data in compliance with applicable privacy laws and our data protection obligations.

10. Cookies & Similar Technologies

SmartCal uses cookies and similar technologies to operate the service and improve user experience. Types of cookies used:

• Essential cookies - Required for authentication and core functionality (e.g., maintaining your login session)
• Preference cookies - Remember your settings and configurations
  
  

SmartCal does not use analytics or tracking cookies. No third-party tracking tools are active on smartcal.srpro.marketing.

You may disable cookies in your browser settings. Note that disabling essential cookies may prevent SmartCal from functioning correctly. We do not use cookies to serve interest-based advertising.

11. International Data Transfers

SmartCal's servers are located in Amsterdam, the Netherlands (European Union), operated by SR Professional Marketing Inc, a US company headquartered in Rockville, Maryland.

EU/EEA users: Your data is stored within the EU on our Digital Ocean Amsterdam servers. Access to that data by SR PRO staff in the United States constitutes a transfer from the EU to the US. We rely on Standard Contractual Clauses (SCCs) as the legal mechanism for such transfers.

UK users: Transfers of personal data from the United Kingdom to the United States are covered by the UK-US Data Bridge framework and/or the UK International Data Transfer Agreement (UK IDTA).

US users: Your data is processed by a US company and stored on EU servers. No additional transfer mechanism is required for US-to-EU data flows.

Israeli users: Served under SR Professional Marketing Ltd (Israeli entity). Israel has been recognized by the EU as providing adequate data protection, and data transfers between Israel and the EU do not require additional transfer mechanisms.

12. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data. To exercise any of these rights, contact us at privacy@srpro.marketing. We will respond within 30 days.

All users:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Withdrawal of Consent: Withdraw consent at any time (e.g., by revoking Google or Microsoft OAuth access)
  
  

EU/EEA and UK users (GDPR / UK GDPR):

• Portability: Request a machine-readable copy of your data
• Objection / Restriction: Object to or restrict certain processing activities
• Right to lodge a complaint with your supervisory authority (EU: your national DPA; UK: the Information Commissioner's Office at ico.org.uk)

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Revised" date at the top of this page. If changes materially affect how we use your Google or Microsoft user data, we will notify organizers by email (using the address associated with their account) at least 14 days before the changes take effect.

Continued use of SmartCal after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

SR Professional Marketing Inc 6903 Tilden Lane, Rockville, MD 20852, United States Email: privacy@srpro.marketing Phone: +1 917 775 6516 Website: https://smartcal.srpro.marketing

© 2026 SR Professional Marketing Inc. All Rights Reserved.