Privacy Policy

1. Introduction

SidekickCal (“we,” “us,” or “our”) is a registered Australian business name operating the SidekickCal platform. We are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy provides a transparent overview of how we handle personal information collected from community sports organizations (“Orgs”) and their fans (“Subscribers”).

2. Information We Collect

• For Org Admins: We collect your name, email address, and Organization details (Logo, Name) via Google or Microsoft OAuth.
• For Subscribers: We collect your email address and an encrypted OAuth Refresh Token provided by your calendar provider (Google/Microsoft).
• Usage Data: We collect minimal logs related to sync success/failure to ensure service reliability.
• Google Calendar Data: For both Org Admins and Subscribers, we access your Google Calendar via API Scopes to create, view, edit and delete only the specific sports fixture events managed by SidekickCal.

3. Cookies and Tracking

SidekickCal uses session cookies solely for authentication purposes (to keep you signed in). We do not use advertising cookies, third-party tracking scripts, or analytics that identify individuals. No personal data is collected via cookies beyond what is necessary to operate the service.

4. Google API Limited Use Disclosure

SidekickCal's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for any purpose other than providing and improving the calendar synchronization service.

5. How We Use Your Data

We use the collected information solely to:

• Create and update sports fixtures on your calendar.
• Notify you of schedule changes via your calendar's native notification system.
• Manage your subscription and account settings.

6. Data Retention and Deletion

• Retention: We store OAuth Refresh Tokens as long as you maintain an active sync with an Organization.
• Deletion: You may revoke access at any time via your Google or Microsoft account settings. You may also delete your SidekickCal account via our dashboard. Upon deletion, all associated OAuth tokens and personal data are permanently purged from our AWS databases within 24 hours.

7. Data Security

All data is stored in encrypted databases via Amazon Web Services (AWS). OAuth tokens are encrypted at rest using AWS Key Management Service (KMS).

8. Third-Party Sharing

Google user data (including OAuth tokens and calendar access) is processed solely by Amazon Web Services (AWS), which provides our encrypted database and cloud infrastructure. AWS acts as a data processor on our behalf and does not have independent access rights to your data. We do not sell, trade, rent, or otherwise disclose your Google user data to any other third party, and we do not use it for advertising or any purpose beyond providing the calendar synchronisation service described in this policy.

9. Contact Us

If you have any questions about this Privacy Policy or wish to make a privacy complaint, please contact us at ai@sidekickcal.com. We will respond to all enquiries within a reasonable time.