🎉 Reclaim is free through 2021 Learn More
Last updated June 29th, 2021

Data Privacy & Security

At Reclaim, we believe that data privacy and security are Priority Zero.

We know that your calendar is a sensitive space, and we view it as a privilege to be entrusted to manage it for you. 

Privacy, data protection, and security are our highest priority at Reclaim, and ultimately we believe that your data belongs to you. We aim to be extremely clear and intentional about how and when we collect, store, transmit and use your data. 

Our default mindset is simple: do no harm, and don’t be creepy.

Fundamentally, we believe in the following key principles regarding your data and privacy:

  • Your data is ultimately yours, and you should have control over who has access to it.
  • You should be able to delete and remove your data from our software whenever you want, without having to jump through hoops or argue with anyone.
  • Your data should be protected, both at rest and in transit. 
  • Your data shouldn’t be accessed by anyone else without your consent, and you should never have to provide more data than the minimum necessary to provide value to you.

Commonly-asked questions

Is my data shared with third parties?

We will never sell or share your Reclaim data with a third party for profit or comarketing purposes; that is not our current business model and never will be. 

We will never access or look at your calendar data unless you ask and give us permission in a support scenario, or in extremely rare cases where it may be necessary to do so to fix a critical emergency with your Reclaim account.

We do use tools like Intercom to communicate with you and troubleshoot support issues, and in order to do that job we have to share your email address with that software. If we didn’t send it there, we couldn’t contact you to help you resolve a support issue, nor could we contact you to let you know about new features in Reclaim that you can take advantage of.

Even in cases where we send data to a third party in the normal course of business, however, we make every effort to redact and remove PII and replace it with an anonymized, unique user ID specific to your Reclaim account. For example, we use Google Analytics to measure site traffic, but we don’t ever send PII to that software — because it’s simply not necessary for us to do that job.

See a complete list of 3rd party tools that we work with as subprocessors.

How do I remove my data from Reclaim?

From the very beginning, Reclaim has been proud to offer a self-service delete capability. You can click a button in your account, confirm the deletion, and our software will automatically kick off a job to wipe all your calendar data from our systems within one hour, and also clean up your calendar to remove any Reclaim-created events. It’s that simple.

We fundamentally believe that deleting your data or your account shouldn’t be difficult. Obviously, we’re happier if you love Reclaim, but we view it as our job to earn that love — not to prevent you from leaving once you’ve signed up. We’ve invested significant engineering effort into ensuring your data gets properly purged from our systems, and we’re happy to provide additional confirmation if you’d like.

Want to learn more? Read this help article.

Do you store my data?

As with permissions, we believe that we should never store data unless it’s absolutely vital to performing the core mission of our software. To that end, Reclaim takes the following stance on storing your calendar data:

  • Reclaim does store data from the primary calendar associated with your Reclaim account. That means that the primary calendar associated with the email you use to sign up for Reclaim will be stored in Reclaim’s databases. We have to store this data, because it allows us to do things like reschedule your Tasks and Habits when conflicts occur, use prediction services to flip events between free and busy, and run processing against your events to automatically categorize them.
  • Reclaim does not store data from any other calendars that you’ve connected to Reclaim for the purposes of using Calendar Sync. We only need to hold that data in memory to make a synced copy of the event, and then we throw the data away as soon as that job is complete.
What permissions does Reclaim ask for?

Reclaim currently has three integrations that require permissions from you in order to use them:

Here is a brief overview of the permissions we ask for across these integrations. For more technical details, please check out the “Want More Details?” section below.

Google Calendar

Google's APIs require us to ask for calendar permissions in order to provide Reclaim to you. We ask for these permissions just-in-time, meaning that we only ask for permissions when they are absolutely necessary — and we never ask for more permissions than we need. Here is an overview of those permissions.

View and edit events on all your calendars
Reclaim needs this permission to do things like:
  • Read events from your source and destination calendars so we can keep your calendars in sync.
  • Create, update, and remove Tasks, Habits, Buffer Time, and synced events from your calendars.
  • Respond to RSVP signals — e.g., if you accept an event from a source calendar, Reclaim automatically marks the synced copy on the destination calendar as busy.
  • Present analytics back to you on where your time is going.
  • Present your agenda in our Slack integration as well as respond to commands you issue from Slack.
  • Sync your Slack status with your calendar if you have the integration on.
View your calendars
Reclaim really only needs this permission for one thing: to list and identify all your calendars for the purposes of a) letting you create sync policies in our Calendar Sync feature as well as b) identifying which of your calendars is your "primary" so that we can block Tasks and Habits on it.
View your Calendar settings
Reclaim only needs this permission for one thing: to see your timezone for your primary calendar, which we use for determining your scheduling hours and other features that require displaying an event's time.
See, edit, share and permanently delete all the calendars you can access using Google Calendar
We only ask for this permission if you opt to share your personal calendar with work during the onboarding.
Reclaim uses this permission — should you opt into this feature during onboarding — to share a source calendar with your primary calendar so you can manage all your events from one place. This is a one-time operation. 
We do not use permissions to programmatically delete or change any events on your calendars that weren't created by our service.

Slack Integration

Reclaim offers an optional (but extremely robust) Slack integration that lets you manage your calendar from Slack as well as sync your Slack status with your calendar events. In order to provide this integration, we need some permissions from your Slack workspace. You can view a complete list of these permissions here, but here is an overview of how we use them.

im:history
We need to see the history of messages in order to update historical messages — for example, if someone has been invited to a meeting, and then the meeting is canceled or updated, we update the previous message before sending a new one in order to avoid spamming you with notifications.
users:read
We need this information to properly manage authentication in our database, as well as to manage handshakes between Slack and Reclaim.
app_mentions:read
We use messages associated with @reclaim to perform actions on behalf of the user, such as responding to meetings or changing RSVP statuses.
commands
We use slash commands to let users create Tasks quickly using Slack commands. We also use slash commands to gather feedback from users as well as access our help docs.
team:read
We need this information to properly manage authentication in our database, as well as to manage handshakes between Slack and Reclaim.
users:read.email
We use this scope to determine whether or not the user already has a valid login ID in Reclaim, which enables us to provide a faster onboarding experience.
dnd:read
We check the user's Do Not Disturb settings before we make changes to their status, which tells other users (for example) that they're currently in a personal event.
chat:write
We notify users via direct messages when they have been invited to a personal event, or when a personal event is updated or modified. We also notify users when a Habit or Task is about to begin.
chat:write.customize
This allows us to fine-tune how the app is displayed, per the permission above.
identify
This allows us to identify a user in Slack as well as manage handshakes between Slack and Reclaim.
users.profile:read
We update the user's status based on their calendar activity if they've turned our Status Sync feature on. This allows us to read their status and keep it in sync with their calendar.
dnd:write
We update the user's Do Not Disturb based on their calendar activity if they've turned our Status Sync feature on. This feature allows us to write to that Do Not Disturb.
users.profile:write
We update the user's status based on their calendar activity if they've turned our Status Sync feature on. This scope allows us to write to that status.

Google Tasks

Reclaim integrates with Google Tasks to let you create, manage, edit, and sync Tasks to Reclaim using the Google Tasks sidebar in Google Calendar. To do this, we only need one permission from you. Again, like Slack, this integration is optional.

Create, edit, organize, and delete all your tasks
Reclaim uses this permission to create, update, manage, and delete tasks from Google Tasks. Because Reclaim’s integration with Google Tasks creates a Reclaim-specific task list where all tasks must be created in order to sync to Reclaim, Reclaim will only ever operate on that list and will never operate on any of your other Google Task lists.
Did we not answer your question?

You can find more detailed information about Reclaim’s architecture, security policies, and other technical information below. 

You can also contact us at [email protected] or schedule time to meet with us directly. We’d love to chat!

Privacy & Security Standards

Data & Infrastructure Hosting

Infrastructure Hosting

Amazon Web Services
Reclaim infrastructure is hosted on Amazon Web Services to leverage Amazon’s best-in-class security, privacy and redundancy features.
  • All data is hosted in the USA, with redundancy between us-east-1 and us-east-2 regions.
  • AWS data centers undergo regular security and compliance audits including SOC1 and SOC2, PCI Level 1, HITRUST, ISO27001 and are GDPR compliant.
  • Reclaim strictly adheres to the AWS CIS Benchmark for operations and security best practices.
Google Cloud Platform
As we are a major consumer of Google APIs, we work closely with Google to stay compliant and secure with access and management of your data.
Encryption
Data that is both transmitted and stored on Reclaim systems is always encrypted, both in-transit and at-rest.
  • HTTPS and TLS are forced with modern ciphers on all network transactions, both internally and with customers.
  • Databases and storage is encrypted-at-rest via industry-standard AES-256 with rotating keys.

Security & Compliance

Employee Security

Security Awareness Training
As part of onboarding, all Reclaim employees complete mandatory security training on information security, data privacy and protection, and the use of security tools and best practices.
Background Checks
All employees are required to pass a thorough background check before starting work at Reclaim.
Policy Acknowledgements
All Reclaim employees agree to and sign an acknowledgement of policies covering Confidentiality, Non-Disclosure, Anti-Harassment and Code of Conduct.

Policies & Procedures

Security Policies
Reclaim develops, implements and regularly updates internal security policies including:
  • Password Policy
  • Access Management
  • Incident Response
  • Vulnerability Management
  • Data Retention
Business Continuity / Disaster Recovery
Reclaim has developed plans for business continuity and disaster recovery to ensure availability and tests these procedures annually.

Vulnerability Management

Vulnerability Scanning
Reclaim maintains a rigorous vulnerability scanning program to proactively identify and patch security vulnerabilities:
  • External vulnerability scanning for OWASP Top 10 and SANS 25.
  • Static Code Analysis Scanning on our source code repositories.
Responsible Disclosure
We appreciate responsible reporting of security vulnerabilities on the Reclaim platform by third parties. See our Responsible Disclosure Policy for details on reporting vulnerabilities.

Software Development & Operations

Access Management
Access to systems and customer data is based on the principle of least privilege, protected by measures including 2FA and a combination of identity and resource-based access control.
Continuous Testing
Every change to our code and infrastructure goes through a comprehensive testing process before being released to production, including:
  • Peer reviews
  • Unit and integration tests
  • Validation in staging and preview builds
Monitoring & Observability
Reclaim leverages best-in-class monitoring and observability tools in order to quickly address and resolve incidents:
  • Infrastructure and Application Performance Monitoring
  • Application error and exception handling
  • Centralized application and infrastructure logging

Want more details?

Google Calendar Integration

Below are some details for commonly asked questions regarding how to we access and interact with your Google Calendar:

How to Report Security Vulnerabilities

We are very thankful to security researchers who help identify vulnerabilities in our service, as it benefits both us and our customers. 

Please see our Responsible Disclosure Policy for how to report security vulnerabilities, and know that every submission is read and investigated by a real person. Our team will work quickly to validate and assess the level of risk, and take action as needed in the best interests of protecting your data.

List of Subprocessors

Below is a list of sub-processors Reclaim uses as well as their respective security and compliance policies.

Infrastructure Subprocessors

Service Subprocessors

Entity Name
Services Provided
Location
Security Links
Sentry
Error tracking and logging
USA
New Relic
Performance monitoring and logging
USA
Grafana
Performance and infrastructure monitoring
USA
LogRocket
Frontend monitoring
USA
Intercom.io
Customer support/engagement
USA
Retool
Internal tooling / support
USA

Companies that trust Reclaim with their calendars

SnykRazorpayShopifyCalendlyDatabricksTwilioGitHubZendeskKayakSquareAirtaskerNetflixAtlassianSalesforce