Privacy Policy

Last updated: April 22, 2026

1. Who We Are

HashCal is a scheduling and booking platform operated by HashBoard (hashboard.in). We provide tools that allow individuals and businesses to share their availability and accept meeting bookings. Our service is available at cal.hashboard.in.

If you have questions about this policy, contact us at connect@triplehash.in.

2. Information We Collect

Account information

When you sign up, we collect your name, email address, and a username. If you sign in with Google, we receive your name, email address, and profile photo from Google.

Booking page content

We store the details you enter when creating booking pages: title, description, availability schedules, location preferences, and custom questions.

Booking submissions

When someone books a meeting through your HashCal page, we collect their name, email address, the selected time slot, and any answers they provide to your custom questions.

Google Calendar data

If you connect your Google Calendar, we access your calendar availability (busy/free times) using the Google Calendar API. We use this data solely to generate accurate available slots for your booking page and to create calendar events when a meeting is booked. We do not read, store, or share the content of your calendar events beyond what is necessary to check availability.

Zoom data

If you connect Zoom, we use the Zoom API to create meeting links for bookings on your behalf. We store an encrypted OAuth token to perform this action. We do not access your Zoom recordings, contacts, or any data beyond creating scheduled meetings.

Usage data

We may collect standard server logs including IP addresses, browser type, and pages visited for security and debugging purposes. We do not use third-party analytics or advertising trackers.

3. How We Use Your Information

  • To provide and operate the HashCal service.
  • To check your calendar availability and generate bookable time slots.
  • To create Google Calendar events and Zoom meetings when a booking is confirmed.
  • To send booking confirmation and cancellation emails via Google Calendar's built-in invite system.
  • To allow you to manage your booking pages, review past bookings, and cancel meetings.
  • To fire webhooks to endpoints you configure, with booking event data.
  • To detect and prevent abuse or unauthorized access.

We do not sell your personal data. We do not use your data for advertising.

4. Google API Disclosure

HashCal's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we access your Google Calendar data only to:

  • Check free/busy availability to generate bookable slots.
  • Create, update, and delete calendar events for confirmed or cancelled bookings.

We do not use Google user data to serve advertisements, and we do not allow humans to read your Google data except where you have given explicit permission or where required by law.

5. Data Sharing

We share data only in the following limited circumstances:

  • Google: Calendar availability and event data is exchanged with Google's servers as part of the Calendar integration.
  • Zoom: Meeting creation requests are sent to Zoom's API on your behalf.
  • Webhooks you configure: When a booking event occurs, we POST booking details to any webhook URLs you have set up. You control these endpoints.
  • Legal requirements: We may disclose information if required by law or to protect the rights and safety of users.

6. Data Storage and Security

Your data is stored on servers hosted by Hostinger in a VPS environment. OAuth tokens for Google Calendar and Zoom are encrypted at rest using AES-256-GCM before being stored in our database. Session cookies are HTTP-only and expire after 7 days.

While we take reasonable technical measures to protect your data, no system is completely secure. Use HashCal at your own risk and notify us immediately if you suspect unauthorized access.

7. Data Retention

We retain your account data and booking history for as long as your account is active. You can delete your booking pages and individual bookings at any time from the dashboard. To request full account deletion, email us at connect@triplehash.in.

When you disconnect Google Calendar or Zoom, we permanently delete the stored OAuth tokens for that integration.

8. Cookies

HashCal uses a single session cookie (__session) to keep you signed in. This cookie is HTTP-only and is not accessible to JavaScript. We do not use tracking, advertising, or analytics cookies.

9. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your account and associated data.
  • Disconnect Google Calendar or Zoom at any time from the Settings page, which revokes our access and deletes stored tokens.
  • Export your booking data by contacting us.

To exercise any of these rights, email connect@triplehash.in.

10. Children's Privacy

HashCal is not directed at children under 13 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with their information, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of HashCal after changes are posted constitutes your acceptance of the updated policy.

12. Contact

For privacy-related questions or requests, contact us at: connect@triplehash.in