Privacy Policy

Last updated: November 2025

This Privacy Policy explains how we (“TravelCalendar.me”, “we”, “us”, “our”) collect, use, store, and share personal data when you use our service and website.

TravelCalendar.me is a simple tool: you forward travel confirmation emails to us, and we turn them into calendar invitations (.ics files) that you can add to your calendar.

The service is currently in Beta. That means:

  • features and providers may change quickly;
  • there may be errors, inaccuracies, or downtime; and
  • you should always double‑check important details with the original confirmation email or the travel provider.

We are committed to handling your data responsibly and transparently. This policy is written under the laws of England and Wales, but we aim for it to be understandable to users wherever you are based.

1. Who we are and how to contact us

TravelCalendar.me is operated by:

TravelCalendar.me
(operated by Athena Technology Consulting Ltd or an affiliated entity as notified from time to time)
Email: hello@travelcalendar.me

For privacy questions, data requests, or complaints, you can contact us at hello@travelcalendar.me.

2. Scope of this policy

This policy covers personal data we process when you:

  • visit or browse https://travelcalendar.me or related pages;
  • forward emails (and attachments) to our service email address or API endpoint;
  • receive emails and calendar invitations from us; or
  • contact us for support, feedback, or enquiries.

It does not cover the privacy practices of:

  • your email provider (e.g. Gmail, Outlook, iCloud Mail);
  • airlines, hotels, booking platforms, restaurants, transport operators, or other merchants; or
  • any third‑party websites or services you visit by following a link we include in an email or calendar description.

Those services are governed by their own terms and privacy policies.

3. Data we collect and receive

We only collect personal data that we need to provide and improve the TravelCalendar.me service. Broadly, this falls into the following categories:

A) Email envelope and routing information

When a travel confirmation email is forwarded to us, we receive:

  • the sender (“From”) email address;
  • the recipient (“To”) email address (usually our service address);
  • the subject line of the email; and
  • timestamps and basic routing metadata provided by email infrastructure.

B) Email content and attachments you send us

We receive and process the content of the emails you forward, including:

  • the body of the email (plain‑text and/or HTML);
  • attachments containing booking details (commonly PDF itineraries or tickets, and occasionally other file types);
  • any visible personal data within those messages and attachments (e.g. name, email address, travel dates, booking references, loyalty numbers, addresses).

We do not have access to your entire mailbox – only to the messages that you or your email routing rules deliberately send to us.

C) Data we derive from your emails

Our service converts your emails and attachments into structured travel data and calendar events. This includes, for example:

  • Booking details – such as departure and arrival times, local timezones, cities and countries, airport or station names, accommodation details, car rental pick‑up and drop‑off, restaurant reservations, activities, booking references, and links to manage or check in to your bookings.
  • Calendar event details – including normalized start and end times, event titles and descriptions, and location strings used to build .ics files.
  • Internal metadata – such as hashes or identifiers we create to avoid duplicating the same booking and to diagnose issues.

D) Outbound email content

When we send emails back to you, we process and store:

  • your email address (as recipient);
  • the subject and body of the message we send (e.g. calendar invites, “no bookings found” notices, error messages);
  • the generated .ics attachments containing your travel events.

E) Technical and usage data

When you visit our website or when your email provider calls our API, we may collect limited technical information, such as:

  • IP address and general location (at the level of city/region, where available);
  • browser type and version, device type, operating system;
  • pages visited on our website and basic request metadata;
  • server‑side logs of requests, success/error codes, and performance information.

We do not use invasive tracking or third‑party advertising cookies. If we introduce optional analytics in future, we will update this Policy and provide appropriate choices.

We do not sell your personal data.

4. How we use your data and legal bases

We use your personal data to provide and improve the TravelCalendar.me service. In particular, we use it to:

  • receive and understand the travel confirmation emails you forward;
  • extract the key booking details and convert them into calendar‑friendly form;
  • generate calendar invitations (.ics files) and send them back to you by email;
  • send operational messages (for example, when no bookings are found or when we encounter an error);
  • maintain and secure our infrastructure and prevent abuse; and
  • improve the accuracy, reliability, and usability of the service over time.

Under UK and EU data protection law (for example, UK GDPR / EU GDPR), we rely on the following legal bases:

  • Performance of a contract – to provide the core service you request: processing your forwarded emails into calendar invites and sending them back to you.
  • Legitimate interests – to run, protect, and improve TravelCalendar.me, including keeping logs, detecting abuse, performing limited analytics, and making the service more accurate and user‑friendly. We balance these interests against your rights.
  • Consent – where required by law (for example, for certain marketing communications) or where you choose to send us particular content voluntarily. You can withdraw consent at any time; this may limit some features.
  • Legal obligations – where we must keep or disclose information to comply with applicable law, court orders, or regulatory requirements.

5. Recommendations, deals, and additional content

Our main focus is to turn your travel confirmations into accurate calendar events. In future, we may also use your existing travel data to show you optional, relevant recommendations. For example:

  • links to helpful resources for your destination (e.g. airport information, local transport);
  • suggested services related to your trip (e.g. airport transfers, nearby restaurants or activities);
  • commercial offers or “deals” that seem clearly related to your itinerary.

Any such recommendations will:

  • be generated using information we already process to create your calendar events (e.g. destination, dates);
  • appear within our own emails or calendar descriptions; and
  • be optional – nothing happens unless you choose to click or act on them.

We do not hand over your email content or detailed booking data to third‑party advertisers for their own marketing campaigns. If you click a link to a third‑party website or service, that third party may collect data in accordance with its own privacy policy (for example, your device information and the fact that you followed a link). We encourage you to read those policies before you use any third‑party site or service.

If we introduce broader marketing communications or recommendation features, we will honour any legal requirements regarding consent and will give you simple ways to opt out.

6. AI, OCR, and automated processing

To understand the content of your confirmation emails and attached documents, we use a mixture of:

  • automated text extraction tools (for example, to read PDFs); and
  • third‑party AI services that help us identify and structure booking information (such as flights, hotels, trains, and reservations).

These tools interpret your email and attachment content and return structured data (for example: “flight from London to Tokyo at 10:45 local time”). We then use that structured data to build your calendar invitations.

Where we send data to trusted AI providers, we only send what is necessary for extraction, and we configure those providers, where possible, not to use your data to train general‑purpose models that are unrelated to providing the TravelCalendar.me service.

We do not use automated processing to make decisions that have legal or similarly significant effects on you. Our automation exists to save you time by turning confirmations into calendar events, but you remain responsible for checking and managing your real‑world bookings.

7. Service providers and international transfers

We use carefully selected third‑party service providers to operate TravelCalendar.me. These may include, for example:

  • cloud hosting and infrastructure providers;
  • email processing and delivery services (for inbound and outbound messages);
  • AI and OCR providers that help us extract and structure booking information;
  • logging, monitoring, and error‑tracking services; and
  • professional advisers (for example, legal, accounting, or security specialists).

These providers only process your data on our instructions and are required to keep it secure and confidential. We do not grant them permission to use your personal data for their own independent marketing.

Some of these providers may be located outside the UK or European Economic Area (EEA). Where that is the case, we will rely on appropriate legal safeguards permitted under data protection law (for example, standard contractual clauses or equivalent mechanisms) and will require providers to apply suitable protections to your data.

8. How long we keep your data

We aim to keep personal data only for as long as it is reasonably necessary for the purposes described in this Policy.

  • Inbound email content and attachments: processed primarily to generate calendar events and sent back to you. In the current Beta, we do not maintain a long‑term archive of your full email content. However, short‑term copies may exist in logs, caches, backups, or third‑party processing systems for operational reasons.
  • Structured booking and calendar data: may be kept for a limited time to improve reliability, debugging, and to help us understand performance and usage patterns. Over time, we may introduce features that allow you to view and manage past processed trips; any such changes will be reflected in an updated version of this Policy.
  • Operational logs and diagnostics: retained for a limited period that is appropriate for security, troubleshooting, and legal/compliance purposes, then deleted or anonymised.
  • Backups: system‑wide backups may include copies of data that persist for a defined retention window before being overwritten.

Exact retention periods may evolve as we refine the service. Where legal or regulatory obligations require longer retention (for example, for fraud prevention or accounting), we will keep only what is necessary for those purposes.

9. How we protect your data

We use a combination of technical and organisational measures to protect your data, including:

  • use of reputable infrastructure and email providers;
  • encryption of data in transit (for example, HTTPS/TLS between systems);
  • access controls and the principle of least privilege for any administrative access;
  • monitoring and logging to detect anomalies and investigate issues; and
  • structured logging to minimise unnecessary storage of message content in logs.

However, no online service can guarantee perfect security. The fact that the service is in Beta means there may still be issues we are working to discover and fix. You can help by:

  • only forwarding emails to us that you are comfortable being processed in this way;
  • using a secure, up‑to‑date email provider and device; and
  • contacting us promptly if you suspect any misuse of your data in connection with TravelCalendar.me.

10. Your choices and controls

You have meaningful control over what we see and process:

  • What you send: you choose which confirmation emails (and attachments) to forward to the service.
  • Stopping use: you can stop using TravelCalendar.me at any time simply by not forwarding additional emails.
  • Recommendations and offers: if we send non‑essential recommendations or updates, you will be able to opt out via clear instructions in those emails.
  • Contacting us: you can ask us about how we are using your data or request deletion or restriction where appropriate by emailing hello@travelcalendar.me.

11. Your data protection rights

Depending on where you live and the laws that apply, you may have some or all of the following rights in relation to your personal data:

  • Access – to request a copy of the personal data we hold about you.
  • Correction – to ask us to correct inaccurate or incomplete data.
  • Erasure – to ask us to delete personal data where there is no good reason for us to keep it.
  • Restriction – to request that we limit the way we use your data in certain circumstances.
  • Objection – to object to processing based on our legitimate interests, including profiling based on those interests.
  • Data portability – to receive certain data in a structured, commonly used, machine‑readable format and/or request that we transfer it to another controller.
  • Withdrawal of consent – where we rely on consent, to withdraw that consent at any time (without affecting the lawfulness of processing before withdrawal).

To exercise any of these rights, please email hello@travelcalendar.me. We may need to verify your identity before responding. We aim to respond within the time periods required by applicable law.

If you are in the UK, you also have the right to complain to the Information Commissioner’s Office (ICO) about how we handle your personal data: https://ico.org.uk/make-a-complaint/ . If you are elsewhere, you may also have the right to complain to your local data protection authority.

12. Children

TravelCalendar.me is designed for adults. It is not intended for, and we do not knowingly collect data from, individuals under 18 years of age. If you believe that a child has used the service or provided us with personal data, please contact us so we can investigate and, where appropriate, delete the data.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time as the service evolves, as we introduce new features (including different data processing tools or providers), or as laws change. When we make changes, we will:

  • post the updated version on this page; and
  • update the “Last updated” date at the top of the Policy.

For material changes that significantly affect how we process your data, we will take reasonable steps to bring them to your attention (for example, by email or a notice on the website). Your continued use of TravelCalendar.me after changes take effect will constitute your acknowledgement of the updated Policy.

14. Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact:

TravelCalendar.me
Email: hello@travelcalendar.me