Privacy Policy

Memencal is a service operated by ACL Software, a company registered in Belgium (VAT BE0798373841). ACL Software is the data controller for the personal data described in this policy, except where we act as a processor on your behalf (see section 4).

For any privacy question or to exercise your rights, contact us at [email protected] .

Depending on how you use Memencal, we process the following categories of personal data:

• Account data — your name, email address, company name, country and chosen interface language, created when you sign up and stored for as long as your account exists.
• Authentication data — your password (stored only as a salted hash) or, if you sign in with Google, your Google account identifier and verified email address. We never receive or store your Google password.
• Calendar data — the calendar feed (ICS) URL you connect, and from each event the summary text and the first phone number we extract from it. We deliberately do not store the full event description or location.
• Reminder-recipient data — the phone numbers of the people your appointments are with, together with delivery status and opt-out state, so that reminders can be sent and so that anyone who opts out is never contacted again.
• Usage and technical data — basic technical information such as your IP address and request logs, used to operate the service securely.

We process personal data on the following legal bases under Article 6 GDPR:

• Performance of a contract — to create and manage your account, connect your calendar, send the SMS reminders you configure, and provide customer support.
• Legitimate interests — to keep the service secure, prevent abuse, and improve how Memencal works, balanced against your rights and freedoms.
• Legal obligation — to meet our accounting, tax and other statutory duties.
• Consent — where we ask for it explicitly; you can withdraw consent at any time without affecting processing already carried out.

When you connect a calendar and we send reminders to your clients, you are the data controller for your clients’ personal data and Memencal acts as your data processor. We process that data only to provide the service, on your documented instructions, and we do not use it for our own purposes.

You are responsible for having a valid legal basis to share your clients’ contact details with us and to send them SMS reminders. If you need a data-processing agreement, contact us at [email protected] .

We do not sell your personal data. We share it only with the service providers (sub-processors) we need to run Memencal, each bound by contract to protect it:

• Twilio — our SMS delivery provider, which receives the recipient phone number and message content needed to deliver each reminder.
• Google — when you choose "Continue with Google", to verify your identity.
• Our hosting and infrastructure providers, who store the data on our behalf within the service.

We may also disclose data where we are legally required to do so, or to protect our rights, users or the security of the service.

Some of our providers (such as Twilio) may process data outside the European Economic Area. Where that happens, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses to ensure your data remains protected to the standard required by the GDPR.

We keep account data for as long as your account is active and delete or anonymise it within a reasonable period after you close your account, unless a longer period is required by law (for example for accounting records).

Calendar events and reminder data are kept only as long as needed to deliver reminders and are reconciled with your calendar feed; events removed from your calendar are deleted. Opt-out records are kept for as long as needed to ensure we keep honouring the opt-out.

Under the GDPR you have the right to:

• access the personal data we hold about you;
• have inaccurate data corrected;
• have your data erased ("right to be forgotten");
• restrict or object to certain processing;
• receive your data in a portable format;
• withdraw consent where processing is based on consent.

To exercise any of these rights, email us at [email protected] . You also have the right to lodge a complaint with your local supervisory authority — in Belgium, the Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données, www.dataprotectionauthority.be).

If you are a reminder recipient and wish to stop receiving messages, you can opt out at any time by replying STOP to any reminder, or by contacting the business that booked your appointment.

Our website uses only the cookies it needs to function: a cookie that remembers your chosen language, and, in the app, a session cookie that keeps you signed in. We do not use advertising or third-party tracking cookies.

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, hashed passwords, access controls and the principle of data minimisation — for example, we store only the first phone number from an event and never the full event description.

We may update this Privacy Policy from time to time. When we make material changes we will update the "last updated" date above and, where appropriate, notify you. Please review it periodically.

For any question about this policy or your personal data, contact ACL Software at [email protected] .