CalendarPrint.com

Privacy

Last updated: 2 May 2026

CalendarPrint.com tries to keep the data story easy to follow. The short version: without an account, nothing leaves your device except the PDF rendering request. When you sign in, your designs and the data that powers sign-in/share/email features live in our database.

What we store on your device

When you use the Designer, your calendar configuration and events are saved to your browser’s localStorage under the keys cp-calendar-config and cp-events. Clearing your browser data removes them.

We also set a small number of cookies on this domain only:

  • theme — light or dark mode preference
  • NEXT_LOCALE — your chosen UI language
  • cp_cookie_consent — whether you accepted analytics
  • Supabase auth cookies (sb-*) — only set after you sign in, used to keep you signed in across page loads

None of these cookies identify you to third parties.

What we send to our server

/api/pdf— clicking “Download PDF” sends your calendar configuration and events here so we can render the PDF for you. The request is processed in memory and the response is the PDF bytes; we don’t store, log, or share the contents.

/api/share-pdf— only called when you use the Share or Email-PDF buttons (sign-in required). Depending on the mode it stores a row in our shared_designstable (for public links), and/or sends the email through our email provider Resend.

What we store when you sign in

Sign-in is optional — the Designer and PDF download work without it. When you do sign in, we store the following in our Supabase database, scoped to your account so only you can read it:

  • Account— your email address and the optional profile fields (first/last name, job title, company) you provide on first sign-in
  • user_designs— the active designer config so it follows you across devices
  • user_event_packs— the named event packs you save and reload
  • shared_designs— rows backing public share links, with an expires_at(default 30 days). Past expiry the link 404s; rows are deleted on a periodic sweep.
  • email_pdf_sends— an append-only log of email sends used to enforce the 10-per-rolling-24h cap. Stores recipient + timestamp; rows older than 24 hours don’t affect the cap.

You can request deletion of your account and any of the above rows at any time via the support page.

Sub-processors

We rely on a small number of third-party services:

  • Vercel— hosting (US/EU edge). All traffic to the site flows through Vercel.
  • Supabase— auth (OTP via email) and Postgres database for the rows listed above. EU region.
  • Resend— transactional email provider for the OTP sign-in code, the share-link emails, and the email-PDF attachments. Stores delivery metadata.
  • Google Analytics 4— only after you accept analytics cookies (see below).
  • jsdelivr.net— serves the Twemoji PNGs shown on calendars containing emoji. The browser fetches these directly; we don’t proxy.

Analytics

We use Google Analytics 4, but only after you click “Accept” in the cookie banner. Google Analytics uses cookies to measure how the site is used (page views, referrer, approximate location, device type, plus a few custom events such as which template you picked or whether the PDF download succeeded). You can change your choice at any time via “Cookie settings” in the footer; if you click “Reject” or never accept, Google Analytics is not loaded and no data is sent to Google.

What we don't do

  • No advertising, no third-party trackers beyond GA4 (consent-gated)
  • No selling or sharing of your data with anyone outside the sub-processors above
  • No tracking across other sites
  • No marketing emails — the only emails are the ones you trigger (sign-in code, share link, PDF attachment)