Calluna CallunaCalm. Private. Yours.
Try the live app
Menu
Privacy Policy

The whole story, nothing hidden.

This is the formal version. For the plain-English promises behind it, see our Privacy & promises page.

Last updated: June 3, 2026.

Calluna is operated by Conal Hickey, a sole proprietor based in South Pasadena, California, United States ("Calluna," "we," "us"), who is the controller of your personal data. This policy explains what we collect, why, who helps us process it, and the rights you have. If anything here is unclear, email privacy@getcalluna.com.

What we collect

  • Account & sign-in — the email address you use to receive magic-link sign-in links.
  • Your household's data — the people, tasks, chores, events, routines, lists, and notes you and your household add to the app. This is yours; you put it there, and you can take it out or delete it.
  • Billing — when you subscribe, your payment is handled by Stripe. We receive your billing email and subscription status; we do not store your full card number.
  • Technical logs — like any website, our hosting and network providers process basic request data (such as IP address and timestamps) to deliver the Service and keep it secure.

What we never do

This is the part that matters most, so we'll be specific. Calluna has:

  • No analytics or product telemetry. We don't run Google Analytics, Plausible, PostHog, Segment, Mixpanel, Sentry, Hotjar, or any equivalent. We don't track how you move through the app.
  • No advertising and no ad networks. Ever.
  • No data brokers. We never sell, rent, or trade your data.
  • No third-party trackers or tracking cookies. Our fonts are self-hosted, so even Google's font servers don't see your visits to this site.
  • No behavioral profiles of you or your children.

How we use what we collect

Only to run Calluna for you: to sign you in, store and sync your household's data across your screens, send the sign-in magic links and the optional once-a-day digest email, process your subscription, answer your support requests, and keep the Service secure and working. Nothing is used for advertising or profiling.

Who processes data on our behalf (subprocessors)

We keep this list short on purpose. These providers process data only to deliver the Service, under contracts that require them to protect it:

  • MongoDB Atlas (database) — securely stores your household's people, tasks, events, lists, and sign-in email addresses.
  • Render (application hosting) — runs the Calluna server; app traffic passes through it.
  • Stripe (payments) — processes card payments and holds billing details and subscription status.
  • Resend (email delivery) — sends your sign-in magic links and the daily digest.
  • Cloudflare (DNS, CDN & hosting) — serves this website and routes app traffic; processes request metadata such as IP addresses.
  • GitHub (source control & backups) — stores our code and runs scheduled jobs. Database backups stored here are age-encrypted — GitHub holds only ciphertext it cannot read.

Optional, you-initiated integration: if an adult chooses to connect Google Calendar, Calluna uses Google's API with read-only permission to import that person's own calendar. You're connecting your own account to pull your own data in; we don't send your household's data to Google. You can disconnect it at any time.

Children's privacy

Calluna is designed to be used by families, including children, under a parent or guardian's account. Any information about a child is entered and controlled by the adult account holder, kept to the minimum needed to show that child their day, and never used for advertising or behavioral profiling. The children's experience is deliberately built without leaderboards, streak pressure, loot boxes, or other manipulative patterns. A parent can review or delete a child's information at any time by emailing us.

How long we keep it

We keep your data for as long as your account is active. If you cancel and ask us to delete your data, we remove it from our live systems promptly and from encrypted backups as they rotate out (within 30 days). Some records may be kept longer where the law requires (for example, basic billing records).

How we protect it

Data is encrypted in transit (HTTPS everywhere), access is limited to what's needed to operate the Service, and database backups are age-encrypted at rest. No system is perfectly secure, but we treat your family's data as something to protect, not exploit.

Your rights

Wherever you live, you can ask us to access, correct, export, or delete your data, and we'll honor it. To do any of these, email privacy@getcalluna.com.

  • California residents (CCPA/CPRA). You have the right to know what we collect, to delete it, and to correct it. We do not sell or share your personal information, so there's nothing to opt out of — but the right exists and we honor it. We won't discriminate against you for exercising these rights.
  • EU/UK residents (GDPR/UK GDPR). You have rights of access, rectification, erasure, restriction, portability, and objection. Our legal bases are performing our contract with you (running the Service), our legitimate interest in keeping it secure, and your consent for optional features like Google Calendar import. You may also complain to your local data protection authority.

International transfers

Calluna is operated from the United States, and our providers may process data in the US and elsewhere. Where data is transferred from the EU/UK, we rely on appropriate safeguards such as our providers' standard contractual clauses.

Cookies

We use only what's strictly necessary to keep you signed in and the app working. We don't use advertising or analytics cookies, so there's nothing to "accept" and no tracking banner to dismiss.

Changes to this policy

If we make a material change, we'll update the date above and tell you by email or in the app before it takes effect.

Contact

Questions, or want to exercise a right? Email privacy@getcalluna.com and a person will answer.