Privacy Policy

1. Introduction

Limehouse (“we,” “us,” or “our”) operates the Limehouse Calendar platform, a calendar infrastructure service designed for AI agents. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, dashboard, API, and related services (collectively, the “Service”).

2. Information We Collect

When you use our Service, we may collect the following information:

• Account information — name, email address, and password when you create an account.
• Calendar data — calendars you create, events and their details (titles, times, descriptions, locations, attendees), and any metadata associated with them.
• Connected calendar data — if you connect a Google, Microsoft, or other third-party calendar, we access event data from those calendars as authorized by you, including event titles, times, attendees, and descriptions.
• API usage data — API keys, request logs, authentication events, and usage patterns associated with your account and agents.
• Agent configuration — agent names, permissions, and calendar access settings you configure.
• Device and connection information — IP address, browser type, and operating system when you visit our website or use the dashboard.
• Webhook data — webhook URLs you register and delivery metadata (success/failure, response codes).

3. How We Use Your Information

We use the information we collect solely to:

• Provide, operate, and improve the calendar platform and API.
• Authenticate your account and API requests.
• Enforce agent permissions and calendar access controls.
• Sync data with third-party calendar providers you have connected.
• Deliver webhook notifications to endpoints you configure.
• Send you service-related communications (e.g., security alerts, API changes, or maintenance notices).
• Detect and prevent fraud, abuse, or security issues.
• Comply with legal obligations.

Important: Data obtained from Google APIs is used only to provide and improve user-facing features of the Service (displaying events, syncing calendars, and enabling agent-based calendar management you configure). It is not used for fraud detection, analytics, advertising, or any purpose unrelated to providing the Service’s core calendar functionality. See Section 7 for full details on our Google API Limited Use compliance.

4. No Sharing with Third Parties for Marketing

We do not sell, rent, share, or disclose your personal information or calendar data to third parties for marketing or promotional purposes. Your data is used exclusively to provide and operate the Service.

5. Limited Third-Party Data Processing

To operate the Service, we use a limited number of third-party service providers strictly for the purpose of delivering the Service:

• Cloud hosting and storage — to securely host the platform and store your data.
• Calendar providers — Google Calendar, Microsoft Outlook, and other providers you choose to connect. We only access calendar data you explicitly authorize.
• AI services — we use the Anthropic API (Claude) to power scheduling preference analysis and timeslot recommendations. Calendar event data (such as event times, durations, and patterns) may be sent to Anthropic for processing in order to generate scheduling insights and rank available timeslots. Anthropic does not use this data to train its models. See Anthropic’s Privacy Policy for details on how they handle data.
• Analytics — to understand how the Service is used and improve it. Analytics providers do not receive Google user data or any data obtained through Google APIs.

These providers are contractually obligated to protect your information and may only process it to perform services on our behalf. They do not have permission to use your data for any other purpose.

6. Third-Party Calendar Access

When you connect a third-party calendar (e.g., Google Calendar or Microsoft Outlook), we request only the permissions necessary to provide the Service. We access your calendar data solely to display events, detect conflicts, and enable your agents to interact with your schedule as you have configured. You can disconnect a third-party calendar at any time from the dashboard, which will immediately revoke our access.

7. Google Calendar Data & Limited Use Disclosure

When you connect your Google Calendar, we request the following Google Calendar API scopes: calendar.calendarlist.readonly, calendar.calendars.readonly, and calendar.events. These scopes allow us to list your calendars, read calendar metadata, and read or write events. However, your agents only receive the specific permissions you configure — for example, read-only access to a single calendar. The actual access granted to any agent is determined by the per-calendar permissions you set in the dashboard.

Specifically, we may access:

• Event details — titles, start/end times, descriptions, locations, and attendees from your Google Calendar.
• Calendar metadata — calendar names, time zones, and identifiers needed to sync and display your calendars.

This data is used solely to provide user-facing features of the Service: displaying your events, detecting scheduling conflicts, and enabling agents you have authorized to read or manage your calendar according to the permissions you configure.

Limehouse’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In accordance with these requirements:

• We do not sell Google user data to third parties, advertising platforms, data brokers, or information resellers.
• We do not use Google user data for serving advertisements, retargeting, or any form of personalized or interest-based advertising.
• We do not use Google user data to determine credit-worthiness or for lending purposes.
• We do not use Google user data to train generalized artificial intelligence or machine learning models.
• Humans do not read your Google user data unless (a) you provide affirmative consent to view specific data, (b) it is necessary for security purposes (e.g., investigating abuse), (c) it is required to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.

When you disconnect your Google Calendar from Limehouse, we immediately stop accessing your Google Calendar data and delete all cached Google Calendar data from our systems within 30 days of disconnection.

8. Data Retention

We retain your account information and calendar data for as long as your account is active or as needed to provide the Service. When you disconnect a third-party calendar, we delete the synced data from that provider within 30 days. When you delete your account, we delete all associated data within 30 days, except where retention is required by law.

You may request deletion of your data at any time by contacting us at privacy@limehouse.io.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information and calendar data, including encryption in transit (TLS) and at rest, access controls, API key hashing, and regular security assessments. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. Your Rights

You have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate information.
• Request deletion of your information and calendar data.
• Object to or restrict certain processing.
• Request a portable copy of your data.
• Disconnect third-party calendar integrations at any time.
• Revoke agent API keys at any time.

To exercise these rights, contact us at privacy@limehouse.io.

11. Children’s Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: privacy@limehouse.io