Privacy Policy

Last updated: 11 June 2026

WhenPoll ("we", "us") operates whenpoll.com. This policy explains what data we collect, why, and how we protect it. We keep it short and plain.

Who we are

WhenPoll is a free group scheduling tool. Our server is hosted in the European Union (Germany, all-inkl.com) and runs on 100% renewable energy. We are subject to EU/GDPR data protection law.

What data we collect

• Account data — your email address and display name when you register. A password hash if you choose password sign-in.
• Poll data — poll titles, descriptions, time slots, and votes (including participant names entered by voters). Voter names are entered voluntarily and are not linked to accounts.
• Calendar tokens — if you connect Google Calendar or Microsoft Outlook, we store OAuth access and refresh tokens to read your free/busy times. We never read event content beyond start/end times and titles for the busy-slot overlay feature.
• Session data — a session cookie to keep you logged in. No tracking or advertising cookies.
• Server logs — standard web server access logs (IP address, timestamp, page visited). Retained for up to 14 days for security purposes.

What we do NOT collect

• We do not use analytics, advertising, or third-party tracking scripts.
• We do not sell or share your data with any third party.
• We do not read, store, or process the content of your calendar events — only start/end times and event titles for the in-app overlay.

Google & Microsoft calendar access

When you connect a calendar, WhenPoll requests read-only access (calendar.readonly for Google, Calendars.Read for Microsoft). We use this solely to display your busy slots while creating or viewing a poll. Tokens are stored securely in our database and used only on your request. You can disconnect your calendar at any time from the Calendars page.

WhenPoll's use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

Data retention

• Polls and votes are kept until you delete them (feature coming) or request deletion.
• Account data is kept until you request account deletion.
• Disconnecting a calendar immediately deletes the stored tokens.

Your rights (GDPR)

You have the right to access, correct, or delete your personal data at any time. To exercise these rights, email us at info@whenpoll.com and we will respond within 30 days.

Security

All data is transmitted over HTTPS. Passwords are hashed using bcrypt. OAuth tokens are stored in our database on an EU server with restricted access. We do not log or retain magic sign-in links after use.

Contact

Questions about this policy? Email info@whenpoll.com.