Skip to content

Privacy policy

Last updated: 2026-07-11

1. Data controller

Nikolaj Kopp
Hermann-Albrecht-Str. 24
37133 Friedland
Germany
Phone: +49 (0) 5527 841 9092
E-mail: ansehnlich@mailbox.org

2. Data we process

2.1 Server logs

When you visit calmerge.unfoobar.org, the web server stores the following technically necessary data in log files:

  • IP address of the requesting device
  • Date and time of the request
  • Requested URL and HTTP status code
  • Volume of data transferred
  • Referrer URL (if transmitted)
  • User-Agent string (browser and OS)

Legal basis: Art. 6(1)(f) GDPR – legitimate interest in operational security and abuse prevention. Retention: at most 14 days; automatically deleted afterwards.

2.2 Session cookie

When you open the application, a technically necessary cookie calmerge is set to protect the editor session. It expires when you close your browser. In addition, a cookie calmerge_locale stores your language choice (12-month lifetime).

Legal basis: § 25(2)(2) TDDDG (strictly necessary for the service to work) and Art. 6(1)(f) GDPR. No consent banner is required.

2.3 Calendar data you enter

When you create a calmerge calendar, we process:

  • The name you give your calendar
  • URLs of the calendar sources you connect
  • Optional credentials (username, password) for those sources – stored encrypted with AES-256-GCM
  • An editing password – stored only as a hash produced by password_hash()
  • Visibility and share settings you configure

Legal basis: Art. 6(1)(b) GDPR – fulfilment of the service relationship. Retention: until you delete your combination or stop using it.

2.4 Calendar cache

To reduce load times, merged calendars are cached in the server file system for up to 15 minutes (extended to 7 days if the source is temporarily unreachable). The cache is invalidated whenever your configuration changes.

3. Recipients

We do not share your data with third parties. To merge your calendar, the calmerge server retrieves the calendar URLs you entered. The operators of those sources (e.g. Nextcloud hosts or GWDG) see the IP address of the calmerge server, not that of your end users.

4. Hosting

calmerge runs on a server hosted in Germany.

5. Your rights

Under the GDPR you have the following rights, which you may exercise against us at any time:

  • Access to your personal data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)
  • Complaint to a supervisory authority – the competent authority for the operator is the Landesbeauftragte für den Datenschutz Niedersachsen (lfd.niedersachsen.de)

A short e-mail to ansehnlich@mailbox.org is enough for any request.

6. Data security

Traffic is protected by TLS (HTTPS). Credentials for source calendars are stored encrypted with AES-256-GCM; the edit password is stored only as a hash and is not accessible in plain text, not even to the operator.

7. Changes to this policy

We update this policy when we change technical or organisational details. The current version is dated at the top of this page.

calmerge · © 2026 calmerge

Imprint · Privacy
Deutsch English