PreferredPreferred
Privacy Policy
Last updated: April 9, 2026
1. Controller
The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Preferred (prfd.app)
Contact: privacy@prfd.app
2. Data We Collect
We collect and process the following personal data:
  • Account data: name, email address, profile picture (provided via Google Sign-In)
  • Calendar data: calendar events (start/end times only, used to determine availability)
  • Booking data: booker name, email, phone (if provided), selected time slots, and interaction data (e.g., number of times additional slots were requested)
  • Usage data: pages visited, features used, browser type, and IP address
3. Purpose and Legal Basis
We process your data for the following purposes:
  • Providing the scheduling service (Art. 6(1)(b) GDPR – contract performance)
  • Authentication via Google OAuth (Art. 6(1)(b) GDPR – contract performance)
  • Creating calendar events on your behalf (Art. 6(1)(a) GDPR – consent, granted when connecting your calendar)
  • Improving the service and analyzing usage patterns (Art. 6(1)(f) GDPR – legitimate interest)
4. Google Services
We use the following Google services:
  • Google Sign-In (OAuth 2.0): Used for authentication. We receive your name, email address, and profile picture from Google. Google’s privacy policy applies: policies.google.com/privacy
  • Google Calendar API: Used to read your calendar events (to determine busy times) and to create meeting events with Google Meet links. We only access calendar data when you explicitly connect your calendar. You can disconnect at any time in Settings.
  • Google Analytics: We may use Google Analytics to understand how the service is used. This involves cookies and the transmission of usage data (including your IP address) to Google servers in the United States. You can opt out by using a browser extension or disabling cookies.
5. Data Storage and Hosting
Your data is stored in a PostgreSQL database hosted by Neon (neon.tech) and the application is hosted on Vercel. Both providers may process data outside the European Economic Area (EEA). Appropriate safeguards (Standard Contractual Clauses) are in place to ensure an adequate level of data protection in accordance with Art. 46(2)(c) GDPR.
6. Data Retention
We retain your account data for as long as your account is active. Booking data is retained for up to 12 months after the meeting date. When you delete your account, all personal data is permanently removed within 30 days.
7. Your Rights
Under the GDPR, you have the following rights:
  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent at any time (Art. 7(3) GDPR)
To exercise your rights, contact us at privacy@prfd.app. You also have the right to lodge a complaint with a supervisory authority (e.g., the Berliner Beauftragte für Datenschutz und Informationsfreiheit).
8. Cookies
We use essential cookies required for authentication and session management. These are strictly necessary for the service to function and do not require consent under Art. 5(3) of the ePrivacy Directive. Analytics cookies (if used) are only set with your consent.
10. Sharing and Disclosure of Data
We do not sell your personal data or Google user data.
We only share data in the following limited cases:
Service providers (processors)
We use trusted third-party providers to operate the service. These providers process data strictly on our behalf and under data processing agreements (Art. 28 GDPR). This includes:
  • Hosting and infrastructure providers (e.g., Vercel, Neon)
  • Analytics providers (if enabled)
These providers may process personal data, including Google user data, solely for the purpose of delivering their services to us. They are not permitted to use the data for their own purposes.
Google services
When you connect your Google account:
  • We access your Google Calendar data (busy times and event creation) via Google APIs.
  • This data is used exclusively to provide the scheduling functionality.
  • We do not transfer your Google Calendar data to third parties, except as necessary to provide the service (e.g., creating calendar events via Google).
Legal obligations
We may disclose data if required by law or if necessary to protect our legal rights.
Business transfers
In the event of a merger, acquisition, or asset sale, personal data may be transferred as part of the transaction, subject to applicable data protection laws.
11. Use of Google User Data
We comply with the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
  • We only use Google user data to provide or improve user-facing features of the service.
  • We do not use Google user data for advertising purposes.
  • We do not sell Google user data.
  • We do not transfer Google user data to third parties except as described in this policy.
  • We do not use Google user data to train generalized AI or machine learning models.
12. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes by posting a notice on the website. The current version is always available at prfd.app/privacy.