Privacy Policy

This Privacy Policy explains how Max Alexander Ejogo, trading as Wipe Away for Google Calendar ("we", "us", "our"), collects, uses, and protects your personal data when you use our service.

We are committed to handling your data responsibly and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For specific pricing structures regarding our Free Trial, 1-Year Licence, and Lifetime Licence tiers, please refer to our Terms of Service.

• Data Controller: Max Alexander Ejogo (Sole Trader)
• Trading As: Wipe Away for Google Calendar
• Country of Operation: United Kingdom
• Correspondence Address: Hayloft Point, 4–6 Middlesex Street, London E1 7JH, United Kingdom
• Contact Email: hello@wipeaway.app

We collect only the minimum data necessary to provide the web application service:

• Email Address: Collected when you purchase a licence, sign up for a free trial account, or submit your details via our beta waitlist form on our landing page. Used to deliver your licence key, send beta access updates, and provide service-related communications.
• Licence Key: A unique key generated when you sign up or purchase, used to validate your access to the service.
• Google OAuth Subject Identifier: When you first activate your licence key, we store Google's unique account identifier (the OAuth subject ID) to lock the licence to your account and prevent unauthorised sharing. We store only this identifier — not your name, profile picture, or any other Google account data.
• Payment Information: If you purchase a paid licence, payment is handled entirely by Stripe. We do not receive, process, or store your card details.

This service operates strictly under Google's API Services User Data Policy, including the Limited Use requirements. Our use of data received from Google APIs is strictly limited to providing the calendar deletion features described in this policy.

OAuth Scopes Requested:

Justification: The calendar scope allows the application to read your calendar list and execute deletions on your behalf. The userinfo.email scope retrieves your Google account email address solely to validate your licence key and lock it to your account. The script.external_request scope allows the application to contact our licence validation server to verify your licence key — no calendar data is transmitted in this request. The script.scriptapp scope allows the application to create and manage time-based background triggers that automatically resume large deletion jobs after Google's execution time limit — without this, deletions of large calendars would fail to complete. No broader Google account access is requested.

When you use Wipe Away for Google Calendar, the application:

• Reads the list of calendars on your Google account to display them for your selection.
• Counts events on selected calendars up to a user-defined cut-off date.
• Deletes events on calendars and within date ranges you explicitly authorise.

Data Constraints — we do not:

• Read, store, or transmit the content, titles, or metadata of your calendar events to our servers.
• Retain any calendar data after your session ends.
• Store event data temporarily on any intermediate server. All operations happen natively via Google Apps Script.
• Use your calendar data for advertising, analytics, AI training, profiling, or any purpose other than performing the deletion you request.
• Share your calendar data with any third party.

We use the following third-party services to operate the product:

• Google (OAuth & Calendar API) — authentication and calendar access. Governed by Google's Privacy Policy.
• Stripe — payment processing for paid licences. Stripe handles all card data and is PCI-DSS compliant. Governed by Stripe's Privacy Policy.
• Resend — transactional email delivery (including licence keys and beta signup communications). We pass your email address to Resend solely to deliver these service updates.
• Vercel — hosting for our licence validation server. Vercel may log standard request metadata (IP address, timestamps) in accordance with their privacy policy.
• Google Sheets — used as an internal database to store licence records (licence key, tier, status, email address, and OAuth subject identifier). This sheet is private, accessible only to the data controller, and protected by Google's account security controls including two-factor authentication.

We take reasonable technical and organisational measures to protect your personal data, including:

• All data is transmitted over HTTPS (TLS encryption in transit).
• Licence records stored in Google Sheets are accessible only to the data controller and protected by Google's account security, including two-factor authentication.
• Our licence validation server is hosted on Vercel with access restricted via environment-level credentials.
• No calendar event content is transmitted to or stored on our servers at any point.

While we take these measures seriously, no method of transmission over the internet is 100% secure. If you believe your data has been compromised, please contact us immediately.

• Licence and Waitlist Records (email, key, OAuth subject identifier) — retained for as long as your licence is active, until you opt out of our communications, or until the service ceases operations. Upon a valid deletion request, we will erase your data unless retention is required for fraud prevention or legal obligations.
• Payment Records — retained by Stripe in accordance with their data retention policy and applicable financial regulations.
• Email Delivery Logs — retained by Resend for up to 30 days.

Under UK GDPR, we process your personal data on the following legal bases:

• Contract — processing your email address and licence data is necessary to deliver the service you signed up for.
• Consent — processing your email for beta waitlist communications relies on your explicit consent given when completing our landing page form.
• Legitimate Interests — locking a licence key to a Google OAuth subject identifier protects against unauthorised sharing and is in the interests of paying customers.
• Legal Obligation — we may retain certain records as required by UK law.

Under UK GDPR, you have the right to access, rectify, or request erasure of your personal data, as well as restrict or object to its processing. To exercise any of these rights, email us at hello@wipeaway.app. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been mishandled.

You may request deletion of your account and all associated personal data at any time by emailing hello@wipeaway.app with the subject line "Data Deletion Request". We will process your request within 30 days. Note that deleting your licence record will permanently deactivate your licence key.

You may also revoke Wipe Away for Google Calendar's access to your Google account at any time, independently of contacting us, by visiting your Google Account Security settings and removing the app from your connected applications.

Our landing page does not use cookies or tracking scripts. The Google Apps Script web application uses Google's own session infrastructure to manage your OAuth login. No advertising or analytics cookies are set by us.

Some of our third-party providers (including Stripe and Vercel) operate servers outside the UK and EEA. Where data is transferred internationally, we rely on those providers' own adequacy mechanisms and Standard Contractual Clauses as applicable.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the service after changes are posted constitutes acceptance of the updated policy.

For any privacy-related questions, data requests, or complaints: