We know that your calendar is a sensitive space, and we view it as a privilege to be entrusted to manage it for you.
Privacy, data protection, and security are our highest priority at Reclaim, and ultimately we believe that your data belongs to you. We aim to be extremely clear and intentional about how and when we collect, store, transmit and use your data.
Our default mindset is simple: do no harm, and don’t be creepy.
Fundamentally, we believe in the following key principles regarding your data and privacy:
We will never sell or share your Reclaim data with a third party for profit or comarketing purposes; that is not our current business model and never will be.
We will never access or look at your calendar data unless you ask and give us permission in a support scenario, or in extremely rare cases where it may be necessary to do so to fix a critical emergency with your Reclaim account.
We do use tools like Intercom to communicate with you and troubleshoot support issues, and in order to do that job we have to share your email address with that software. If we didn’t send it there, we couldn’t contact you to help you resolve a support issue, nor could we contact you to let you know about new features in Reclaim that you can take advantage of.
Even in cases where we send data to a third party in the normal course of business, however, we make every effort to redact and remove PII and replace it with an anonymized, unique user ID specific to your Reclaim account. For example, we use Google Analytics to measure site traffic, but we don’t ever send PII to that software — because it’s simply not necessary for us to do that job.
See a complete list of 3rd party tools that we work with as subprocessors.
From the very beginning, Reclaim has been proud to offer a self-service delete capability. You can click a button in your account, confirm the deletion, and our software will automatically kick off a job to wipe all your calendar data from our systems within one hour, and also clean up your calendar to remove any Reclaim-created events. It’s that simple.
We fundamentally believe that deleting your data or your account shouldn’t be difficult. Obviously, we’re happier if you love Reclaim, but we view it as our job to earn that love — not to prevent you from leaving once you’ve signed up. We’ve invested significant engineering effort into ensuring your data gets properly purged from our systems, and we’re happy to provide additional confirmation if you’d like.
Want to learn more? Read this help article.
As with permissions, we believe that we should never store data unless it’s absolutely vital to performing the core mission of our software. To that end, Reclaim takes the following stance on storing your calendar data:
Reclaim currently has three integrations that require permissions from you in order to use them:
Here is a brief overview of the permissions we ask for across these integrations. For more technical details, please check out the “Want More Details?” section below.
Google's APIs require us to ask for calendar permissions in order to provide Reclaim to you. We ask for these permissions just-in-time, meaning that we only ask for permissions when they are absolutely necessary — and we never ask for more permissions than we need. Here is an overview of those permissions.
Reclaim offers an optional (but extremely robust) Slack integration that lets you manage your calendar from Slack as well as sync your Slack status with your calendar events. In order to provide this integration, we need some permissions from your Slack workspace. You can view a complete list of these permissions here, but here is an overview of how we use them.
Reclaim integrates with Google Tasks to let you create, manage, edit, and sync Tasks to Reclaim using the Google Tasks sidebar in Google Calendar. To do this, we only need one permission from you. Again, like Slack, this integration is optional.
Reclaim integrates with GMail to let you create things like Tasks and Scheduling Links right from a GMail compose message window. To do this we only ask for the absolute necessary permissions — and we never ask for more permissions than we need.
You can find more detailed information about Reclaim’s architecture, security policies, and other technical information below.
You can also contact us at [email protected] or schedule time to meet with us directly. We’d love to chat!
Reclaim is SOC2 Type I certified as of June 2022. Reclaim is currently in observation period for Type II with intended audit and report in summer of 2023. SOC2 is the highest standard for security certification and compliance, and we're proud to have achieved it. If you're an IT or security representative for your company and are interested in getting more information about our SOC2 report, please contact us.
As a company, Reclaim is committed to complying with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We understand how important it is for our EU and California users and companies to feel secure and confident using Reclaim, and to that end we've incorporated those standards into our data and privacy practices.
Reclaim has self-serve data deletion processes and a Data Processing Addendum that is incorporated into our Business Terms of Service. Since GDPR is a relatively new and broad regulation that lacks a certification process, we have no mechanism to validate that we are complying with GDPR. However, through our efforts, good-faith improvements and discussions with Legal and Privacy consultants, we are confident that we are in compliance, both now and in the future.
If you are a company and sign up for Reclaim using our Business Terms of Service, our DPA is automatically in place for you. If you would like to get a signed copy of Reclaim's DPA, please contact us and we will be happy to send a pre-signed version over to you.
Below are some details for commonly asked questions regarding how to we access and interact with your Google Calendar:
We are very thankful to security researchers who help identify vulnerabilities in our service, as it benefits both us and our customers.
Please see our Responsible Disclosure Policy for how to report security vulnerabilities, and know that every submission is read and investigated by a real person. Our team will work quickly to validate and assess the level of risk, and take action as needed in the best interests of protecting your data.
Below is a list of sub-processors Reclaim uses as well as their respective security and compliance policies.