"At SimpleInnovation we take great care to make sure our users are safe and feel safe. A big part of that has been educating the user base about the data safety options they have when working with My Calendar. If needed this data can be backed up, meaning sent to the cloud for storage, but the app will also run with no backup or internet connection. If a backup has been configured already, it can be deleted on the user’s device or with our assistance if it is required. We have also updated the privacy policy and the app itself to make the information easier accessible and more transparent. For future versions we are looking into more security features with improved password flow coming soon.

The new account removal flow along with the updated privacy policy have been the most recent additions. These along with the options to use My Calendar without backup or internet connection have been our answer to the user feedback and our own internal investigation and risk assessment. With our customer support team we are able to see the feedback, categorize and assess it to understand the user needs early on. 

A large portion of the feedback helped us identify what exactly the basis of the concern was: medical records and data have been entered into the app along with personally identifiable information like a name or an email address. If the user, however, decides to create an account and share the data, it will go through processes that anonymize and store it on Google Cloud Platform. The Data Processing and Security Terms for Google Cloud may be reviewed at https://cloud.google.com/terms/data-processing-terms. The user data is encrypted when stored in the cloud, and a limited number of our employees are the only individuals who may access it for maintenance. The creator of the account is the only person with full access to the account.

The data is not sold, and except for the Google Cloud Platform that is used for storage, the health data is not shared. That being said, if the user has any concerns, they may use the app without creating a backup or delete their account if one has already been made. We keep these options open and take care to explain them to our users if they need any assistance.

The company behind My Calendar is located in the United States and is subject to US law. That being said, we assure you that if we ever get a request to provide user data, we will review it with the utmost care to check if the appeals comply with all applicable legislation. We would verify whether the requested data is applicable to the case and reserve the right to deny access to the data if the request is unjustified or groundless. Finally, if too much information is requested, we would narrow the request down. Any data requests will go through a legal team ensuring correct handling, including notifying the user about the situation."