Legal

1. Acceptance of Terms

By accessing or using Krets ("the Service"), you agree to be bound by these Terms of Service. If you do not agree to these terms, do not use the Service.

2. Description of Service

Krets is a chat-to-calendar scheduling application that helps users coordinate meetings by analyzing participants' free/busy availability. The Service uses natural language processing to understand scheduling requests and proposes meeting times accordingly.

3. User Accounts

You are responsible for maintaining the security of your account credentials. You must provide accurate information when creating an account. You may not use another person's account without permission.

4. Calendar Access

Krets requires access to your calendar to provide its core scheduling functionality. By connecting your calendar, you authorize Krets to read your free/busy information and create events on your behalf. Krets requests only the minimum permissions necessary to deliver its features.

5. Acceptable Use

You agree not to misuse the Service, including but not limited to: attempting to access other users' calendar details beyond free/busy status, interfering with the Service's operation, or using the Service for any unlawful purpose.

6. Intellectual Property

The Service, including its design, features, and content, is owned by Krets. You retain ownership of any data you provide to the Service.

7. Limitation of Liability

The Service is provided "as is" without warranties of any kind. Krets shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of data, revenue, or business opportunities, arising from your use of the Service. Krets does not guarantee the accuracy of AI-generated suggestions or scheduling outcomes.

8. Termination

We reserve the right to suspend or terminate your access to the Service at our discretion, with or without notice, for conduct that we believe violates these Terms or is harmful to other users or the Service.

9. Changes to Terms

We may update these Terms from time to time. We will notify you of material changes through the Service. Continued use of the Service after changes constitutes acceptance of the modified Terms.

10. Governing Law

These Terms shall be governed by and construed in accordance with the laws of Sweden. Any disputes arising under or in connection with these Terms shall be resolved in the courts of Stockholm, Sweden.

11. Dispute Resolution

Before initiating any legal proceedings, both parties agree to attempt to resolve disputes through good faith negotiation. If the dispute cannot be resolved through negotiation within 30 days, it shall be submitted to the jurisdiction of the Stockholm District Court.

1. Information We Collect

We collect the following types of information:

• Account information: name, email address, and profile data from your authentication provider.
• Calendar data: free/busy intervals from your connected calendars. We do not store event titles, descriptions, attendees, or other calendar details.
• Chat messages: messages you send within the Service for scheduling purposes.
• Usage data: anonymized, aggregate analytics via Vercel Web Analytics (cookieless).
• Payment data: processed by Stripe. We do not store full card numbers.

2. Legal Basis for Processing (GDPR Art. 6)

We process your data under the following legal bases:

• Contract (Art. 6(1)(b)): account creation, calendar access, scheduling, event creation — necessary to provide the Service you signed up for.
• Legitimate interest (Art. 6(1)(f)): error tracking (Sentry), web analytics (Vercel, cookieless), security monitoring — necessary for service reliability without overriding your rights.
• Consent (Art. 6(1)(a)): session replay recording, marketing communications — you can withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): billing/tax records retained as required by law (processed by Stripe).

3. How We Use Your Information

• To provide and operate the scheduling Service.
• To analyze free/busy availability and suggest meeting times.
• To create calendar events on your behalf when requested.
• To process natural language scheduling requests via AI.
• To monitor and improve service reliability.
• To send transactional emails (event confirmations, invitations).

4. Privacy by Design

Krets is built with a privacy-first approach. When coordinating schedules between users, only free/busy intervals are shared — never calendar event details such as titles, descriptions, or locations. Free/busy data is cached for a short period (under 60 seconds) and is not stored long-term.

5. Third-Party Data Processors

We share data with the following processors, each under appropriate data processing agreements:

6. International Data Transfers

Some of our processors are located outside the EU/EEA. We ensure adequate protection through Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework. Our primary database (Supabase) is hosted in the EU region.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including secure token handling, encrypted connections (TLS), and least-privilege access principles. Calendar OAuth tokens are encrypted at rest.

8. Data Retention

We retain your data as follows:

• Account data: retained while your account is active. Deleted within 30 days of account deletion.
• Chat messages: retained while your account is active.
• Free/busy data: ephemeral, cached for under 60 seconds, not stored long-term.
• Calendar OAuth tokens: deleted immediately upon calendar disconnection.
• Billing records: retained as required by applicable tax law (typically 7 years).
• Consent records: retained for the lifetime of the account plus 3 years for compliance.

9. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of access (Art. 15): export your data from the Privacy Dashboard.
• Right to rectification (Art. 16): update your information in Settings > Profile.
• Right to erasure (Art. 17): delete your account from Settings > Delete Account.
• Right to restrict processing (Art. 18): contact us to restrict specific processing.
• Right to data portability (Art. 20): download your data as JSON from the Privacy Dashboard.
• Right to object (Art. 21): contact us to object to processing based on legitimate interest.
• Right to withdraw consent (Art. 7(3)): manage cookie consent via the banner or Settings > Privacy Dashboard.

10. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. For Sweden, this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY): imy.se.

11. Children's Privacy

The Service is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the Service and prompt you to review and accept the updated policy.

1. What Are Cookies

Cookies are small text files stored on your device when you visit a website. They serve various purposes such as remembering your preferences and maintaining your session.

2. Cookies We Use

The following table lists all cookies used by Krets:

3. Vercel Web Analytics

Krets uses Vercel Web Analytics, which is a cookieless analytics solution. It collects only anonymized, aggregate data (page views, visitor counts) and does not use cookies or track individual users. This is processed under our legitimate interest in understanding service usage.

4. Managing Your Preferences

You can manage your cookie preferences at any time through the cookie consent banner (shown on first visit) or from the Privacy Dashboard in your account settings.

5. Changes

We may update this Cookie Policy when we add or remove cookies. Changes will be reflected in the "Last updated" date.