Privacy Policy

What we collect

When you create an account, we store your email address and your chosen display name. As you use Iko, the app stores the information you put into it: your family roster (names of the people in your household), calendar events (titles, times, optional location, optional notes), tasks (titles, optional notes, due dates, who they're assigned to), and a few optional profile details you may choose to add (birthday, role within the family, a home location).

We do not collect your IP address for analytics, your browser fingerprint, your location through the browser, or any tracking identifier across other sites.

What is encrypted at rest

The sensitive content of your tasks and events is encrypted before being written to the database, using a key the operator holds. Specifically, task titles, task notes, event titles, event notes, event location, and your optional home location are all stored as ciphertext. Even with full database access, the operator cannot read them without the encryption key.

Other fields (your email, your display name, the structure of your family, the timestamps of events and tasks) are stored as plain text — they are needed in cleartext for the app to function (sign-in, sorting events by date, joining attendees to events).

Cookies

Iko sets exactly one cookie: a sign-in session cookie. It is required for the app to keep you signed in between page loads. The cookie is HTTP-only, secure (HTTPS-only), and signed cryptographically. It contains an opaque session identifier — not your email, not a tracking number.

Iko does not set analytics cookies, advertising cookies, social- embed cookies, or any other category of non-essential cookies. The dismissable banner you see at the bottom of public pages is a notice, not a consent gate; the only cookie set is strictly necessary for the service to work.

Third-party services

Iko relies on a small number of third-party services. Each one receives only the data it needs to perform its specific task:

• Googlehandles sign-in. When you sign in with Google, Google receives your email and a one-time authorization code; we receive your email and Google's identifier for you. Iko never sees your password.
• Resend sends transactional emails (sign-up confirmations, family-invitation emails, optional daily digests). Resend receives the recipient address and the email body composed by Iko. It does not receive other account data.
• Anthropicpowers the AI assistant when you choose to use it. When you send a message to the assistant, we transmit the conversation context (which may include calendar entries and tasks you have explicitly opted into sharing with the assistant) to Anthropic's API. Anthropic does not retain the prompts for training. The assistant is optional; if you do not use it, no data is sent to Anthropic.

Connected calendars

Iko offers an optional feature to connect your personal Google, Microsoft (Outlook), or ICS calendar so that your work and personal events appear on Iko's calendar alongside your family events. Connecting is opt-in; if you don't connect a calendar, no external calendar data ever flows into Iko.

When you connect a calendar, Iko reads its events using a read-only OAuth grant and caches them in our database to render them on your calendar view. We fetch each event's title, start and end times, location (if any), recurrence rule (if recurring), and the timezone the event was created in. Events are cached in a rolling window of approximately 30 days in the past and 90 days in the future from the current date — older or farther events are not stored.

External calendar events are visible only to you. No other family member sees them on their calendar view, and the AI assistant (if you use it) only considers them as busy time when you explicitly ask it to find availability — it never reveals their titles to other family members.

Iko is strictly read-only on connected calendars. We never create, edit, delete, or move events in your source calendar — Iko has no permission to do so, and the OAuth scope we request (calendar.readonly for Google, Calendars.Read for Microsoft) does not allow writes.

OAuth tokens (the credentials that grant Iko temporary read access to your calendar) are encrypted at rest in the same way as your event titles and notes. When you click Disconnect in settings, Iko immediately revokes the OAuth grant at the provider, deletes all cached events for that connection from our database, and removes the connection record. After disconnect, Iko can no longer read your calendar.

Where your data is hosted

The Iko application runs on Vercel functions in Frankfurt (Germany). The database (Neon) also runs in Frankfurt. Your data does not leave the European Union.

How long we keep your data

As long as your account is active, your data is retained so the app can show it back to you. If you delete your account, the account row is marked as soft-deleted; the application stops showing your data to you or anyone else. There is no automated process today that hard-deletes the underlying records.

If you would like the operator to permanently and irreversibly purge your data from the database, send a written request to the operator email below. The operator commits to performing the purge within 30 days of receiving the request.

Contact

For questions about this policy, requests to access your data, requests to correct your data, or requests to permanently delete your data, write to albertocaliandro89@gmail.com.

Iko is operated by a single individual residing in Italy. The operator is the only person with access to the database.