Legal

Privacy Policy

Effective date: 1 June 2026

1. Introduction

This Privacy Policy describes how Skedy (“we”, “us”, or “our”) collects, uses, and protects information about you when you use the Skedy scheduling service (“Service”).

By using the Service, you agree to the collection and use of information as described in this policy.

2. Information we collect

Account information

  • Email address and name — collected during registration via our authentication provider (Clerk).
  • Authentication tokens and session data — required to keep you signed in.

User-generated content

  • Projects, teams, tasks, notes, and schedule data you create within the Service.
  • Resource names, roles, and colours you assign to crew members.

Usage data

  • Page views, feature interactions, and session duration — collected via analytics tools (PostHog or Plausible) in aggregate, anonymised form.
  • Error logs and diagnostic data — collected via error monitoring (Sentry) to help us fix bugs.

Technical data

  • IP address, browser type, device type, and referring URL — collected automatically by our hosting infrastructure.

3. How we use your information

  • To provide and operate the Service, including storing and syncing your schedule data.
  • To authenticate you and keep your account secure.
  • To send transactional emails (share invitations, account notifications).
  • To improve the Service based on aggregated usage patterns.
  • To diagnose and fix technical issues.
  • To comply with legal obligations.

We do not sell your personal data to third parties.

4. Data storage and security

Your data is stored in a managed PostgreSQL database (Supabase) hosted in a secure cloud environment. Authentication is handled by Clerk, which employs industry-standard security practices including encrypted storage and JWTs.

All data in transit is encrypted using TLS. We implement technical and organisational measures to protect your data against unauthorised access, alteration, or destruction.

Despite our efforts, no security system is impenetrable. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

5. Data sharing

We share your data only in the following circumstances:

  • Service providers: Supabase (database), Clerk (auth), Resend (transactional email), Vercel (hosting), Sentry (error monitoring). These providers process data on our behalf under data processing agreements.
  • Legal requirements: If required by law, court order, or legitimate government request.
  • Business transfer: In connection with a merger, acquisition, or sale of assets, where your data would be transferred to the successor entity under the same privacy protections.
  • Your consent: When you explicitly authorise us to share your data.

Share links you generate are your responsibility. Anyone with a valid share link can access the project at the permission level you set.

6. Cookies and tracking

The Service uses essential cookies required for authentication and session management. We do not use advertising or tracking cookies beyond what is necessary to provide the Service.

Analytics data is collected in a privacy-preserving manner (no cross-site tracking, no fingerprinting).

7. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate personal data.
  • Request deletion of your personal data (“right to be forgotten”).
  • Object to or restrict certain processing of your data.
  • Export your data in a portable format.
  • Withdraw consent at any time where processing is based on consent.

To exercise these rights, email us at privacy@skedy.app. We will respond within 30 days.

8. Data retention

We retain your account and project data for as long as your account is active. If you delete your account, we will delete your data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records).

9. Children's privacy

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice in the Service. The “effective date” at the top of this page indicates when the policy was last revised.

11. Contact

For privacy-related questions or requests, contact us at privacy@skedy.app.