Is TidyCal GDPR Compliant?
TidyCal is GDPR compliant with data erasure requests, account deletion, CSV data export, a Data Processing Agreement (DPA), and a comprehensive Privacy Policy.
Overview
TidyCal, operated by Sumo Group Inc., is designed to comply with the General Data Protection Regulation (GDPR) (EU 2016/679). TidyCal provides built-in tools so both account holders and their contacts can exercise their data rights, including the right to erasure, data portability, and account deletion.
Key GDPR features in TidyCal:
- Data Erasure Request form — public form at tidycal.com/gdpr for contact data removal
- Account deletion — self-service for Free Plan users; support-assisted for paid plans
- CSV data export — export contacts and bookings (Individual Plan and Agency Plan)
- Data Processing Agreement (DPA) — available at tidycal.com/dpa
- Privacy Policy — available at tidycal.com/privacy-policy
| Feature | Free Plan | Individual Plan | Agency Plan |
|---|---|---|---|
| Data Erasure Request (contact data) | Yes | Yes | Yes |
| Account deletion | Self-service | Contact support | Contact support |
| CSV export (contacts & bookings) | No | Yes | Yes |
| Privacy Policy | Yes | Yes | Yes |
| Data Processing Agreement (DPA) | Yes | Yes | Yes |
Data Erasure Requests
TidyCal provides a public Data Erasure Request form that allows anyone — including your contacts who booked through your page — to request removal of their personal data. No login is required.
How to Submit a Data Erasure Request
- Go to tidycal.com/gdpr.
- Enter the email address associated with the data you want removed in the E-Mail Address field.
- Click Submit.
- If the email is found in the system, a confirmation email will be sent to that address.
- Open the confirmation email and click the removal link to complete the erasure.
Important notes:
- The form is rate limited to 3 requests per minute to prevent abuse.
- For security, the success message always says: "If [email] is found, an email will be sent to this email address with a link for removal." — this prevents confirming whether an email exists in the system.
- Once confirmed, all contact records associated with that email are permanently deleted.
Account Deletion
TidyCal account holders can request permanent deletion of their entire account and all associated data.
Free Plan Users
Free Plan users can delete their account directly from Settings:
- Go to Settings → Account.
- Scroll to the Delete account section (highlighted in red).
- Click Delete account.
- Confirm the action when prompted: "Are you sure you want to delete your account? This action cannot be undone."
- A confirmation email will be sent. Click the link in the email to finalize the deletion.
Individual Plan and Agency Plan Users
Because paid accounts require additional processing (AppSumo license management), paid users must contact support:
- Go to Settings → Account.
- You will see a note: "Because you have a paid account, please contact support@tidycal.com to request account deletion."
- Email support@tidycal.com to request deletion.
What gets deleted:
- Your email is anonymized
- Your vanity path (booking page URL) is anonymized
- Connected calendar accounts are removed
- Your account is permanently deactivated
Data Export (CSV)
Users on the Individual Plan or Agency Plan can export their data in CSV format, supporting the GDPR right to data portability.
Export Contacts
- Go to Contacts.
- Click the CSV export option to download all contact records.
Export Bookings
- Go to Bookings.
- Click the CSV export option to download all booking records.
Note: CSV export is not available on the Free Plan. Upgrade to the Individual Plan or Agency Plan to access this feature.
Privacy Policy and Data Processing Agreement
TidyCal maintains two key legal documents that outline how personal data is collected, processed, and protected:
Privacy Policy
The TidyCal Privacy Policy covers:
- What personal data is collected and why
- How data is used and stored
- Third-party data sharing policies
- TidyCal commitment: "We WILL NEVER sell your information to a third party."
- User rights under GDPR and other data protection regulations
Data Processing Agreement (DPA)
The TidyCal Data Processing Agreement outlines:
- Sumo Group Inc. (d/b/a "TidyCal") acting as both data controller and data processor
- TidyCal users role as primary data controllers over their contacts data
- Data processing responsibilities and compliance commitments
- GDPR (EU 2016/679) compliance framework
Your Data Rights Under GDPR
As a TidyCal user, you have the following rights:
- Right to Access — Request access to the personal data TidyCal stores about you
- Right to Rectification — Request corrections to inaccurate or outdated information
- Right to Erasure — Request deletion of your data (see Data Erasure Requests and Account Deletion above)
- Right to Restriction of Processing — Control the scope of how your data is processed
- Right to Data Portability — Export your data in a common format (see Data Export above)
Security Features
TidyCal includes several security measures that support GDPR compliance:
- Device verification — Email verification required when logging in from unrecognized devices. Manage trusted devices in Settings. See Trusted Devices - Account Security for details.
- reCAPTCHA protection — Available on booking pages to prevent spam and bot submissions.
- Rate limiting — GDPR data erasure requests are limited to 3 per minute to prevent abuse.
- Encrypted storage — Data is stored in secure environments with encryption.
- Limited access — Access to personal data is restricted to authorized personnel only.
Troubleshooting
I submitted a data erasure request but did not receive a confirmation email
- Check your spam or junk folder for the confirmation email.
- Make sure you entered the exact email address that was used when booking.
- The system will always show a success message for privacy reasons, even if the email is not found. If you do not receive the email, the address may not exist in the system.
- Wait a few minutes — there may be a short delay in email delivery.
- If the issue persists, contact support@tidycal.com for assistance.
I cannot delete my account from Settings
- If you are on the Individual Plan or Agency Plan, the self-service delete button is disabled. You must contact support@tidycal.com to request account deletion.
- If you see "Invalid deletion link or unauthorized access," the confirmation link may have expired. Try the process again from Settings → Account.
I cannot find the CSV export option
- CSV export is only available on the Individual Plan and Agency Plan.
- If you are on the Free Plan, you will need to upgrade your plan to export data.
Frequently Asked Questions
Is TidyCal GDPR compliant?
Yes. TidyCal provides data erasure requests, account deletion, CSV data export, a Data Processing Agreement (DPA), and a Privacy Policy — all in compliance with GDPR requirements.
How can my contacts request deletion of their data?
Anyone can visit tidycal.com/gdpr and submit a data erasure request. They will receive a confirmation email with a link to complete the removal. No login or TidyCal account is required.
Does TidyCal offer a Data Processing Agreement?
Yes. The standard DPA is publicly available at tidycal.com/dpa. It covers Sumo Group Inc. role as data processor and your role as data controller. Custom DPAs are not available, but the standard DPA is designed to meet GDPR requirements.
Does TidyCal sell my data?
No. The TidyCal Privacy Policy explicitly states: "We WILL NEVER sell your information to a third party."