Privacy policy
Your data, in plain language.
This policy explains what stays on your device, what is shared when you choose an online feature, and the controls available to you.
1. Controller and scope
The controller for personal data processed through Calendar Alarm Clock Reminder (also called Calendar Alarm or the app) and this website is 4LIMIT Sports GmbH, Hahner Str. 80, 64354 Reinheim, Germany. Privacy requests can be sent to calendar.reminder.zzapp@gmail.com.
This policy covers the Android app, its optional cloud features, support communications, and this website. Services you connect, including Google, Microsoft, Apple, or another CalDAV provider, also process information under their own privacy notices.
2. The short version
- Calendar events are processed on your device in Android's system CalendarProvider and can be visible to other calendar apps with permission. App-specific alarm, timer, widget, settings, and cache data is stored in app-private storage.
- Calendar sync goes directly between your device and the calendar provider you choose; 4LIMIT does not operate an intermediate calendar-sync server.
- Data reaches 4LIMIT-controlled backend systems and third-party services when the app initializes Firebase services or when you use AI, diagnostics, analytics, advertising, Google Play purchases, or support.
- The free version may show Google ads. A valid Pro entitlement removes in-app advertising, but it does not disable analytics, diagnostics, security, or purchase verification.
- You remain in control of optional permissions and connected accounts. Refusing or revoking a permission disables the feature that needs it, not unrelated app functions.
3. Information processed on your device
Depending on the features and permissions you use, the app may process the following information locally:
Calendar, document, or support content can incidentally reveal health, religious, political, trade-union, sexual-life, or other sensitive information. Calendar Alarm does not seek to infer those traits. Do not submit sensitive content to an AI feature; the AI service is not offered for that purpose.
- Calendar names, colors and identifiers; event titles, descriptions, locations, dates, times, recurrence, availability, organizers, attendees, reminders, and response status in Android's CalendarProvider. Other calendar apps with permission may also access that provider.
- Alarm, timer, stopwatch, snooze, dismissal, alarm-delivery, and widget state; app settings; calendar rules; and local caches.
- Images, audio, ringtones, backgrounds, PDFs, or other files that you deliberately select, plus text extracted on-device from the first two pages of a PDF sent through the Android print feature.
- Event locations, place identifiers, addresses, manually entered coordinates, and precise or approximate device location when location access is enabled.
- Provider and account metadata such as provider name, account email, calendar names, sync status and errors. OAuth tokens and CalDAV passwords are encrypted with Android Keystore-backed AES-GCM on supported devices; other sync metadata remains in app-private storage.
4. Android permissions and terminal access
Calendar Alarm may request calendar, location, notifications, exact-alarm, full-screen notification, wake-lock, audio-control, battery-optimization, display-over-other-apps, internet, and media access. On Android 13 and later, media access is limited to the applicable media category or system picker. On Android 12 and earlier, the legacy shared-storage read permission can be requested so you can choose audio or ringtone files. Each request supports the feature described when access is requested. You can refuse or later revoke optional access in Android settings.
Some versions declare Contacts permission for a legacy contact-birthday capability. The current public interface does not offer contact-birthday import, and Calendar Alarm does not upload your address book. If that feature is restored, it will require a separate user action and permission.
Android permissions are technical controls, not blanket consent to every form of data processing. Access to information on your device by advertising or measurement technologies is additionally subject to § 25 TDDDG and equivalent rules where applicable.
5. Calendar synchronization and Google user data
You may use calendars already synchronized to Android or directly connect Google Calendar, Microsoft Outlook or Microsoft 365, iCloud, or another supported CalDAV service. Direct sync sends requested calendar and account data between your device and that provider. It can create, update, or delete remote events when you instruct the app to do so.
Local and synchronized events are written to Android's system CalendarProvider. They can be available to other calendar apps that have calendar permission. Connection credentials, sync mirrors, and app-specific metadata are kept in Calendar Alarm's private storage.
Google sync requests basic identity information, Calendar event read/write access, and read access to your calendar list. Microsoft sync requests basic identity information, offline access, User.Read, and Calendars.ReadWrite. CalDAV uses the credentials and server address you enter. These permissions are used only to identify the connection and provide synchronization you request.
Calendar Alarm's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. We do not use Google Calendar data for advertising, sell it, or allow humans to read it except with your affirmative agreement for support/security, where required by law, or where the Limited Use policy otherwise permits.
Removing a connection deletes its app-side credentials and local sync records. It does not delete the provider account or remote events and may not revoke the provider grant; revoke access separately in the provider's account settings if desired.
6. Location, maps, places, weather, and app media
When you use location or weather features, Google location, Places, Maps, or geocoding services may receive location searches, event-location text, place identifiers, addresses, or coordinates. WeatherAPI.com receives full-precision latitude and longitude for the forecast you request. The app treats forecast cache entries as fresh for about 90 minutes and uses a 36-hour freshness marker for hourly history. These are refresh rules, not guaranteed deletion periods: stale or merged entries can remain in app storage until that cache key is revisited or overwritten, Android evicts or clears the data, or you clear app storage or uninstall.
Opening a route or map sends the selected location to the mapping service you choose. Provider accuracy and retention are governed by that provider's notice.
App-supplied background images may be downloaded from Firebase Storage or bastianw.de. Those hosts receive ordinary request data such as IP address, time, requested file, and device or network headers. Downloaded backgrounds are cached in the app's private storage; no user-selected background is uploaded by this feature.
7. Optional AI features
AI features can propose events from a selected image or PDF/printed text and answer help questions. The relevant feature may send the selected image; extracted document text; your prompt; a Firebase anonymous-auth UID and/or app-scoped Android identifier; device date and time; language; app version; Pro status where that feature uses it; recent Help Chat turns; device manufacturer and Android version; Do Not Disturb and troubleshooting state; and a redacted settings snapshot.
The Help Chat snapshot is designed to exclude coordinates, account identifiers, calendar names, ringtone file names, and custom server addresses. Chat history is held in app memory and sent with the next help request for context; the backend does not write that transcript to Firestore. It does store pseudonymous quota and abuse-prevention counters.
Text/PDF event extraction stores one troubleshooting record per app-scoped Android identifier in Cloud Firestore: the latest prompt (which includes the extracted first-two-page text and local device time) and the latest model result, each capped at 200,000 characters. We retain this record to diagnose failed extractions, check model-output quality, investigate abuse, and maintain service reliability, relying on our legitimate interests under Article 6(1)(f) GDPR where applicable. A later text extraction overwrites the prior prompt and result. No scheduled expiry currently applies; the record remains until overwritten or a deletion request can be matched to it. You may object to this retention as described below.
Selected images and Help Chat messages are sent for the requested model inference but are not written to the usageText collection. Google Cloud may process transient request, safety, and service data under its applicable processor terms.
The assistant is an AI system. Its event, rule, and settings suggestions can be incomplete or wrong and never change a setting by themselves. You review generated events and rules, and a Help Chat settings proposal is applied only after you tap Apply and the app validates it again.
Optional AI features are not offered for processing health, biometric, genetic, religious, political, trade-union, sexual-life/orientation, criminal-conviction, or similarly sensitive data. Do not submit such data, or confidential information about another person, through an AI feature. If it is submitted inadvertently, contact us to request deletion.
8. Analytics, diagnostics, security, and configuration
On each supported app-process start, the app initializes Firebase anonymous Authentication and Remote Config; Firebase installation identifiers can also support Remote Config, Messaging, In-App Messaging, Analytics, Performance, and related services. The app additionally includes Crashlytics, App Check with Play Integrity, Cloud Functions, Cloud Firestore, Cloud Storage, and other Firebase components. Depending on the service, Google may process a Firebase installation or anonymous-auth identifier, IP address, app version, device model, Android version, locale, security signals, crash stack traces, logs, performance measurements, and feature interactions.
Analytics events can include app opens, onboarding and feature selections, alarm delivery mode, a local calendar event identifier, reminder timestamp and index, whether an alarm fired or was dismissed, review interactions, advertising events, and purchase/checkout progress. Event titles and descriptions are not intentionally placed in these analytics events.
Firebase Performance Monitoring can automatically measure network request domains and URL path patterns, response codes, payload sizes, and timing, including patterns associated with a custom CalDAV server. It does not collect URL query parameters or request/response content for those automatic network traces.
The advertising-consent flow controls whether Google Mobile Ads can be initialized. Firebase Analytics, Crashlytics, Performance, Remote Config, anonymous Authentication, and App Check initialize or operate independently of that advertising choice, and the app does not currently provide a separate in-app collection switch for them. Applicable law may require separate consent for product analytics or non-essential access to device information; an advertising choice does not provide that separate consent.
9. Advertising
Google's User Messaging Platform checks consent status during app startup, including for users with Pro. For users without Pro, it obtains advertising choices where required before the Google Mobile Ads SDK is initialized and AdMob ads are shown. Depending on region and choice, Google may process advertising or app identifiers, IP address, approximate location, consent signals, device/app details, and ad interactions to deliver, secure, limit frequency, measure, or personalize ads. The app does not currently operate its own age gate or configure Google's child-directed or under-age treatment flags.
After the initial consent flow, the app does not currently expose a dedicated privacy-options entry point for changing User Messaging Platform choices. If the consent form is shown again, you can update the available choice there; you can also contact us about an applicable withdrawal or opt-out request.
A valid Pro entitlement removes in-app advertising. It does not disable the separate analytics, crash, performance, security, remote-configuration, or purchase services described above. We do not sell personal data for money. Advertising-related definitions of sale, sharing, or targeted advertising can nevertheless apply under some laws; contact us to exercise an applicable opt-out right.
10. Purchases, subscriptions, tips, and support
Google Play processes subscription, legacy one-time Pro, and voluntary consumable tip purchases. The app's local Google Play Billing client receives product and offer identifiers, purchase status, entitlement state, and purchase tokens needed to acknowledge a purchase, activate or restore Pro, consume a tip, and prevent fraud. The app does not send purchase tokens to a separate 4LIMIT purchase-verification backend, and 4LIMIT does not receive full payment-card details.
If you contact support, Google as the email provider and 4LIMIT process your email address, message, attachments, device details, diagnostics, receipts, and any other information you choose to provide. We use it to answer, troubleshoot, restore purchases, prevent abuse, establish or defend legal claims, and keep required business records. Remove unrelated personal information before sending.
11. Website data and storage
This website does not use advertising cookies, analytics, a contact form, a newsletter, third-party media embeds, localStorage, or sessionStorage. Fonts, scripts, images, and videos are delivered with the site. Email links open your chosen mail application; no message is sent until you choose to send it.
The site is hosted by Vercel. To deliver and protect it, Vercel processes request data such as IP address, requested URL, date and time, referrer, browser/device headers, response status, and security events. We use these data only for delivery, availability, abuse prevention, and security.
12. Purposes and legal bases
The table states the principal GDPR basis where EU/EEA data-protection law applies. A feature being optional does not by itself make consent the basis; we use Article 6(1)(b) only where processing is objectively needed to deliver a feature you request.
No app data is required by statute. Information requested by Android, Google Play, a connected provider, or an online feature is contractually or technically necessary only for that feature where identified as required. If you do not provide it, the relevant sync, AI, weather, map, advertising-supported, purchase, or support function may be unavailable, but unrelated on-device functions remain available where technically possible.
| Activity | Purpose | Legal basis |
|---|---|---|
| Core on-device calendar, alarm, timer, rule, and settings processing | Provide the app functions you choose | Art. 6(1)(b), performance of the user agreement |
| Direct calendar sync, maps, places, weather, and requested AI inference | Provide the connected or online feature you request | Art. 6(1)(b); consent where a separate consent is legally required |
| Latest retained text/PDF extraction troubleshooting record | Diagnose extraction failures, check output quality, investigate abuse, and maintain reliability | Art. 6(1)(f), legitimate interests in reliable and secure operation; you may object, and no AI processing is offered for special-category data |
| Anonymous authentication, App Check, quotas, fraud and abuse prevention | Authenticate genuine installations, secure the backend, enforce fair limits | Art. 6(1)(f), legitimate interests in service security and availability; Art. 6(1)(b) where essential to a requested cloud feature |
| Crash, performance, reliability, and essential diagnostic data | Find failures, keep alarms and cloud functions reliable, secure the service | Art. 6(1)(f), legitimate interests in secure and reliable operation; consent for terminal access where required |
| Product analytics | Understand feature use and improve the app | Art. 6(1)(f) where permitted after balancing interests; Art. 6(1)(a) GDPR and § 25(1) TDDDG where consent is required. The current app has no separate analytics-consent control. |
| Advertising and ad measurement | Fund the free version, deliver and measure ads, prevent ad fraud | Art. 6(1)(a) and § 25(1) TDDDG where consent is required; otherwise Art. 6(1)(f) for permitted contextual delivery, security, and fraud prevention |
| Purchases, subscriptions, entitlement restoration, and support | Perform the purchase/user agreement and respond to requests | Art. 6(1)(b); Art. 6(1)(f) for fraud prevention and legal claims |
| Accounting, tax, consumer, regulatory, and rights-request records | Meet legal duties and demonstrate compliance | Art. 6(1)(c); Art. 6(1)(f) for legal claims |
| Website request logs | Deliver, monitor, and protect the website | Art. 6(1)(f), legitimate interests in secure website operation |
13. Data about other people and sources
Calendar events, contacts, images, and documents can contain data about attendees, organizers, senders, colleagues, family members, or other people. The source is normally you, your device, or a calendar provider you connect.
4LIMIT normally does not receive content merely because the app reads it locally or synchronizes it directly with your chosen calendar provider. If you submit third-party content to an AI or support feature, you are responsible for having a lawful basis and authority to do so and for minimizing it. This does not limit 4LIMIT's own obligations for data it receives.
Because we usually cannot identify or contact people mentioned inside user-directed calendar or document content without processing more data, providing an individual Article 14 notice may be impossible or involve disproportionate effort. This public policy provides the relevant categories, sources, purposes, recipients, retention, and rights. Anyone affected may contact us directly.
14. Recipients and international transfers
Depending on the feature, recipients include Google services (Firebase, Google Cloud, Vertex AI/Gemini, Maps, Places, Play Integrity, AdMob, User Messaging Platform, Google Play Billing, and Gmail support); Microsoft when Microsoft sync is enabled; Apple or another CalDAV provider selected by you; WeatherAPI.com; Vercel; bastianw.de for legacy backgrounds; and professional advisers or authorities where necessary.
Cloud Firestore is configured in the nam5 North America multi-region. Callable Cloud Functions and Vertex AI extractors use us-central1, and the Help Chat uses a global Vertex endpoint. Firebase Authentication is operated from US data centers, and other Google/Firebase services may use global infrastructure. Vercel and other providers may also process data outside the EEA.
For restricted transfers, we rely as applicable on an EU adequacy decision, including the EU-US Data Privacy Framework for a recipient that remains certified; the European Commission's Standard Contractual Clauses, with supplementary measures where necessary; or another transfer mechanism permitted by law. You may request information or a copy of the relevant safeguard from us. A calendar provider you independently select may make its own transfers under its privacy notice.
15. Retention and deletion
We keep personal data only for the period described below or while a documented legal, contractual, security, or claims-related need applies. Provider-side backup deletion can take additional time under the provider's terms.
| Data | Retention |
|---|---|
| Local app data and caches | Until you delete the item, clear app storage, remove the relevant connection, or uninstall. Data written to Android calendars or a remote provider follows that system's rules. |
| OAuth tokens and CalDAV credentials | Until you remove the connection, clear app storage, or revoke access. Provider-side grants can remain until separately revoked. |
| Weather data | Forecast entries are treated as fresh for about 90 minutes and hourly history uses a 36-hour freshness marker, but those are not deletion timers. Stale or merged entries can persist until the same key is revisited or overwritten, Android clears the data, or app storage is cleared or the app is uninstalled. Saved location preferences remain until changed or cleared. |
| Help Chat transcript | Held in app memory for the current process and sent as bounded recent context; not written to the app backend's Firestore transcript storage. |
| AI quota and abuse records | Daily counters and last-use dates remain under pseudonymous Firebase/app identifiers while needed to enforce limits. No automatic TTL is configured; deletion requires 4LIMIT to be able to match a request to the relevant identifier. |
| Latest text/PDF extraction prompt and result | Each new text extraction overwrites the prior record for that Android identifier. After the last use, it remains without an automatic TTL until overwritten or until 4LIMIT can match and action a deletion request. |
| Firebase anonymous Authentication and installation identifiers | They are created automatically during supported app startup. No in-app deletion call is currently implemented. An Authentication record remains until 4LIMIT deletes the user; after deletion, Firebase backup removal can take up to 180 days. A Firebase installation ID persists until the relevant Firebase deletion mechanism or app-data lifecycle replaces or deletes it. |
| Firebase Crashlytics | Google retains crash stack traces and associated identifiers for 90 days before deletion begins. |
| Firebase Performance Monitoring | Google retains IP-associated events for 30 days and installation-associated/de-identified performance data for 60 days before deletion begins. |
| Firebase Analytics and advertising data | User-level Firebase Analytics event data is retained under the property's Firebase retention control for up to 14 months. AdMob and consent records follow Google's applicable advertising retention and deletion controls. Aggregated or de-identified reports can remain longer where they no longer identify you. |
| Website delivery/security logs | For the shortest period made available by the hosting/security service that remains necessary to deliver, investigate abuse, and protect the site; Vercel's processor and backup periods also apply. |
| Support and business records | Ordinary support correspondence is deleted when no longer needed, generally within three years after closure. Commercial correspondence can be kept for six years and tax/accounting records for eight or ten years where German law requires it. Legal-claim records remain through the applicable limitation period. |
16. Security
Measures include encrypted network transport; Android Keystore-backed encryption for stored sync credentials on supported devices; app-private databases and caches; disabled Android backup; Firestore rules that deny direct client reads and writes; access controls; anonymous authentication; App Check; Play Integrity; input and output limits; and provider security controls.
No system can be guaranteed completely secure. Protect your device and connected accounts, install security updates, and revoke provider credentials if compromise is suspected.
17. Your controls and data-protection rights
You can revoke Android permissions or special alarm access, remove connected calendars, revoke provider authorization, clear app storage, uninstall, manage advertising choices where shown, and manage subscriptions in Google Play.
Where the GDPR applies, you may request access, correction, erasure, restriction, notification of recipients following correction/erasure/restriction, or portability; object to processing based on legitimate interests; and withdraw consent at any time for future processing. You also have the right to complain to a supervisory authority. We normally respond within one month, subject to the GDPR's permitted extensions and identity checks.
Depending on where you live, local law may also give you rights to confirm whether we process your data, obtain a copy, correct or delete it, opt out of targeted advertising or qualifying sale, sharing, or profiling, and appeal a denied request. We will not unlawfully discriminate against you for exercising a privacy right. An authorized agent may submit a request where local law permits, subject to verification of authority and identity.
The app does not create a named 4LIMIT customer account. Backend records use a Firebase anonymous-auth UID or app-scoped Android identifier, which is pseudonymous rather than anonymous, and different records use different identifiers. The app does not currently display those identifiers or provide self-service backend deletion, so an email address alone may not let us locate a record. We will explain if we cannot identify it, use any reasonably available diagnostic information you provide, and avoid collecting extra identity data solely to create a link. Clearing local app data does not automatically delete an existing backend record.
AI suggestions and advertising personalization do not make decisions for 4LIMIT that produce legal or similarly significant effects about you. Help Chat proposals require your confirmation. Article 22 GDPR automated decision-making therefore does not apply to the app functions described here.
You may complain to the Hessian Commissioner for Data Protection and Freedom of Information (HBDI) or to the authority for your habitual residence, workplace, or the place of an alleged infringement.
18. Children
Calendar Alarm is a general productivity tool and is not directed specifically to children. We do not knowingly solicit a child's personal data through the website or optional cloud features. A person who cannot validly agree to online processing or a purchase under applicable law must use those features only with authorization from a parent or legal guardian.
Do not submit a child's document, image, or calendar content to an AI or support feature unless you are authorized and the submission is necessary. Contact us if you believe a child supplied personal data without valid authorization so we can investigate and delete it where required.
19. Changes and contact
We update this policy when processing, providers, retention, or legal requirements materially change. The effective and last-updated dates identify the applicable version. Material changes will be communicated through the app, website, store listing, or another appropriate channel before they take effect where required.
Questions, objections, and rights requests can be sent to calendar.reminder.zzapp@gmail.com. Please use the subject 'Calendar Alarm privacy request' and include only the information needed to identify the relevant record.