Privacy Policy

Effective date: October 14, 2025

1) Who We are & How to Contact Us

  • Data Controller: Calendar Lover
  • Head Office: Kansas City, United States
  • Europe Office: Cologne, Germany
  • Company profile: See our About page for details.
  • Contact: For any privacy-related requests, please use our Contact page.

2) Scope of this Policy

This policy applies to services offered on calendarlover.com and its subpages—including viewing calendars, downloading PDFs, and using the cookie-preference manager. We do not provide user accounts, and printing/downloading calendars does not require personal information. (see 3.3)

3) What Data We Collect

3.1 Required Technical Logs (Hosting & Security)

To maintain infrastructure security and monitor performance, our hosting provider may keep minimal technical logs. These include:

  • Date/time stamp
  • Requested resource (URL/path)
  • Browser user-agent

We use these logs only for security, troubleshooting, and service reliability.

Retention: 90 days.

3.2 Analytics Data

We use Google Analytics 4 (GA4) to understand site usage (e.g., page views and interactions). GA4 produces aggregated, pseudonymous data. Google Signals and User ID features are disabled, and IP anonymization is enabled. GA4 data retention is set to 14 months.

3.3 Calendar Downloads: No Personal Information Required

When you download calendar files (PDF), we do not ask for your name, email, or an account. Download activity may be reflected in the standard server logs described in 3.1 and the aggregated analytics described in 3.2. We do not use these data to identify you.

3.4 Contact Requests

If you contact us via our form, we receive your message and the contact details needed to reply. We use this information only to respond to your request.

4) Cookies and Similar Technologies

  • Cookie banner: For EU/UK visitors, we use a prior consent (opt-in) model.
  • Categories:
    • (a) Strictly Necessary,
    • (b) Preferences/Functional,
    • (c) Analytics.
  • The Advertising/Targeting category remains off until we launch ads.
  • Local storage: We do not use browser local storage.
  • Manage preferences: You can update your cookie choices at any time via the cookie banner or the footer link to the cookie settings.

5) Advertising and Third Parties

  • Google AdSense: Not active today. If enabled in the future, consent and personalization choices will be offered via our CMP in the EU/UK; in the U.S., we will provide the required notices and choices under applicable law.
  • Third-party service providers (processors):
    • Cloudflare: CDN/WAF and DDoS protection
    • Google: Analytics (GA4)
    • Hosting provider: Servers and log management

6) Data Transfers & Legal Bases

  • EU>US transfers: Because we use GA4 and certain infrastructure providers (e.g., CDN), personal data may be transferred outside the EEA/UK. These transfers rely on Standard Contractual Clauses (SCCs) plus appropriate supplementary measures.
  • Applicable laws: Where applicable, we follow GDPR/UK GDPR, relevant U.S. state privacy laws, and cookie regulations.
  • Legal bases (GDPR/UK GDPR):
    • Security & logs (3.1): Legitimate interests (Art. 6(1)(f)) in keeping the service secure and reliable.
    • Analytics (3.2): Consent. (Art. 6(1)(a))
    • Contact requests (3.4): Legitimate interests (Art. 6(1)(f)) in responding to inquiries. (and, where relevant, Art. 6(1)(b) pre-contractual steps)

7) Data Sharing and “sale/share” Statement

We do not sell personal data and we do not engage in “sell” or “share” as defined by the CPRA. Transfers to service providers are performed in a processor capacity under contract.

8) Retention (Summary)

  • Contact requests: up to 24 months
  • Server access logs: 90 days
  • Analytics data (GA4): 14 months

9) Security

We use SSL/TLS encryption, Cloudflare WAF and DDoS protection, role-based access controls with the least-privilege principle, regular backups, and audit logs.

10) Children’s Privacy

Our services are not directed to children under 13. In the EU/UK, we do not seek to collect marketing data from anyone under 16 without verified parental/guardian consent. If you believe a child has provided personal data to us, please contact us and we will take appropriate action.

11) Your Rights

GDPR / UK GDPR (EU/UK Residents)

You may have the right to access, rectify, erase, restrict processing, object, and port your data. To exercise these rights, please submit a request via our Contact page. We may ask for reasonable identity verification and will respond within the time limits set by law.

CPRA (California Residents)

We honor the rights to know, delete, and correct personal information. We do not sell or share personal data as defined by the CPRA, so a “Do Not Sell or Share” option is not required at this time. If our practices change, we will update this policy and provide the required choices.

12) Complaints & Jurisdiction

Governing law and venue: The laws of the State of Missouri, USA apply. Courts in Kansas City, Missouri have exclusive jurisdiction.
EU/UK: You also have the right to lodge a complaint with your local data protection authority. We encourage you to contact us first so we can try to resolve your concern.

13) Changes

This policy takes effect on October 14, 2025. Any updates will be posted on this page with a “Last updated” date at the bottom.