Calendar is an event calendar application that runs inside the Root platform, installed by Root community administrators for their members. This policy describes what data the app processes, for what purpose, where it is stored, and what control users have over it.

Calendar does not operate independently: it has no user registration, passwords, or authentication system of its own. All user identity (who they are, which community they belong to, what roles they have) comes directly from Root through the platform's official SDK.

1. Data controller

The data controller for this instance of the app is the administrator of the Root community where Calendar is installed. For privacy inquiries or to exercise the rights described in section 7, contact the user with the username “raidcall” on Root.

2. What data Calendar processes

2.1 Data obtained from Root

When a user interacts with the app, Calendar queries the Root platform (never the user directly) for the following data, only for the duration of the active session or in a temporary in-memory server cache (1–2 minutes):

This data is used exclusively to check permissions (who can create, edit, or delete events) and to display name and avatar alongside comments, RSVPs, and invitations.

2.2 Data the user enters directly into the app

While using Calendar, the following data is stored persistently in the app's database (hosted by Root), always associated with the corresponding Root userId:

Category Data stored
Events Title, description, start/end date and time, location, link (URL), color, visibility and access settings, creator identifier
RSVPs Response status (going / maybe / declined), the user's name and avatar at the time of responding
Invitations Invited user, their name and avatar at the time of the invitation, invitation status
Comments Comment content, the author's name and avatar at the time of posting, date
Notifications Internal notifications related to event invitations (containing the event title and who invited)
Personal preferences Preferred timezone and language

The name and avatar stored alongside comments, RSVPs, and invitations are a snapshot at the moment the action was taken: if the user later changes their name or picture in Root, existing records are not retroactively updated.

2.3 Data stored locally in the browser

The Root client stores only two display preferences (timezone and language) in localStorage, to apply them immediately before a response from the server arrives. No tracking cookies or local storage for analytics or advertising purposes are used.

2.4 What Calendar does not collect

3. Purpose of processing

The data described above is used exclusively for the app's functioning:

Data is not used for advertising or profiling, and is not sold or shared with third parties outside the Root platform.

4. Who the data is shared with

5. Where and for how long data is stored

Data is stored in a SQLite database provided and hosted by Root's infrastructure for this installation of the app. Data is not replicated or sent to servers outside of Root.

Event data (comments, RSVPs, invitations, and associated notifications) is retained for as long as the event exists, and is permanently deleted in cascade when the event is deleted. Personal preferences (timezone, language) are retained for as long as the user remains in the community and the app stays installed.

6. Security

All text content a user enters (titles, descriptions, comments, locations, links) goes through server-side validation and sanitization before being saved, designed to block code or command injection attempts (XSS, SQL injection, command injection, among others). Access to each action (create, edit, delete, invite) is verified server-side based on the roles the community administrator has configured.

7. User rights

Regarding the data Calendar stores, users can:

Since Calendar does not manage identities of its own, any request related to the Root account data itself (name, avatar, membership) should be directed to Root or to the relevant community administrator.

8. Children's privacy

Calendar does not independently request or verify users' ages; it follows the minimum age and eligibility policies enforced by the Root community where it is installed.

9. Changes to this policy

This policy may be updated to reflect changes to the app. The date of the last update is shown at the top of the document.

10. Contact

For any questions about this policy or about data processing in Calendar, contact the user with the username “raidcall” on Root.