Calibana
Privacy Policy · Calibana
ES EN
Legal document

Privacy Policy

Last updated: May 8, 2026 · Version 1.1 · Applies to the Calibana Chrome extension and web platform (app.calibana.com)

1. Introduction

At Calibana ("the Service", "we"), owner Calibana application, we take the privacy of the people who use our Chrome extension and our web platform at app.calibana.com seriously.

This Policy explains what personal data we collect, for what purpose, how long we keep it, who we share it with, and what rights you have. It complies with Regulation (EU) 2016/679 (GDPR), Spanish Organic Law 3/2018 (LOPDGDD) and Law 34/2002 (LSSI-CE).

2. Data controller

Owner: Sergio Sáez de Ibarra González

Status: Self-employed· Tax ID (NIF): ES16085436H

Address: Eduardo Coste N9D 6C, Getxo, Bizkaia, Spain

Email: legal@calibana.com

Website: https://calibana.com

3. What data we collect

3.1. Data you provide when registering

  • Email address.
  • Password (stored hashed; we never access it in plain text).
  • Name or alias, if you choose to add it to your profile.

3.2. Data derived from your use of the Service

  • Text of Google Meet live captions. IMPORTANT: the Service does NOT record audio or video. The extension only captures the text of the captions generated by Google Meet, which you enable voluntarily.
  • Identifiers and names you assign to meetings.
  • Projects, tasks and comments you create in the Kanban.
  • AI-generated summaries, minutes and answers based on your transcripts.
  • Content of emails you explicitly request to process (subject, sender and body of the open email), when you activate the Gmail integration and click the "Extract tasks" button. This data is sent to the AI solely to identify actionable tasks and is never stored on our servers.

3.3. Technical data

  • IP address, access date and time, browser and operating system (for security and diagnostics).
  • Session identifiers and strictly necessary cookies.
  • Aggregated usage metrics (meetings processed, AI calls) to enforce your plan limits.

3.4. Payment data (PRO users only)

Payments are processed entirely through Stripe. We do NOT store card data on our servers. We only keep a customer and subscription identifier returned by Stripe, plus the invoices issued.

4. Purpose and legal basis

PurposeLegal basis (Art. 6 GDPR)
Create and maintain your accountPerformance of contract (6.1.b)
Capture caption text and store transcriptsPerformance of contract (6.1.b)
Generate AI summaries and tasksPerformance of contract (6.1.b)
Show your upcoming Google Calendar meetingsConsent (6.1.a)
Charge the PRO subscriptionPerformance of contract (6.1.b)
Comply with tax and accounting obligationsLegal obligation (6.1.c)
Prevent abuse and ensure securityLegitimate interest (6.1.f)
Send marketing communicationsConsent (6.1.a), revocable

5. Notice on meeting transcription

The Service captures the text of Google Meet captions, which may contain statements by other participants. It is the user's sole responsibility to:

  • Inform other attendees that the meeting is being transcribed and the purpose.
  • Obtain, where legally required, the participants' consent or rely on another valid legal basis.
  • Comply with applicable labor, contractual or sector-specific rules (professional secrecy, medical confidentiality, etc.).

Calibana acts as a data processor with respect to the meeting content you choose to transcribe. You are the controller of that content.

6. Providers and third parties that process your data

To provide the Service, the following processors access your data, all subject to data processing agreements and GDPR safeguards.

ProviderPurposeLocation
Supabase Inc.Database and authenticationEU / US (SCCs)
Google LLC (Gemini API)Generative AI for summaries and tasksUS (DPA and SCCs)
Google LLC (Calendar API)Show your upcoming meetingsUS (DPA and SCCs)
Stripe Payments Europe Ltd.PRO payment processingEU / US (SCCs)
Amazon Web Services (SES)Transactional email deliveryEU (eu-west-1) / US
SentryError diagnosticsEU
Google Chrome Web StoreExtension distributionUS

International transfers outside the EEA rely on the European Commission's Standard Contractual Clauses (Decision 2021/914) or, where applicable, adequacy decisions.

7. Data retention

  • Account data: while your account is active.
  • Transcripts, summaries and tasks: until you delete them or 90 days after canceling your account.
  • Invoices and accounting data: 6 years (Art. 30 Spanish Commercial Code and tax rules).
  • Technical and security logs: 12 months maximum.
  • Google Calendar data: not stored permanently (see section 12).

8. Your rights

You may exercise at any time your rights of access, rectification, erasure, objection, restriction, portability and withdrawal of consent. Write to legal@calibana.com stating your request and attaching a copy of your ID. If you believe we have not handled your rights correctly, you may lodge a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es.

9. Security

We apply reasonable technical and organizational measures: encryption in transit (TLS/HTTPS), encryption at rest in Supabase, role-based access control (RLS), regular backups and environment separation. No system is invulnerable; if you detect an incident, report it to legal@calibana.com.

10. Minors

The Service is not directed at children under 14. If we learn that we have collected data from a child under 14 without parental consent, we will delete it without delay.

11. Changes to this Policy

We may update this Policy for legal or functional reasons. We will publish the current version at calibana.com with its date. For substantial changes, we will notify you by email.

12. Access to Google data (Google Calendar)

This section describes the Google Calendar access. Access is optional and only activated with your explicit authorization.

12.1. What we request

With your explicit authorization, the Service will request read-only access to your Google Calendar via the scope https://www.googleapis.com/auth/calendar.events.readonly.

12.2. What we use it for

Solely to show you your upcoming meetings within the application and let you associate transcripts and notes with those meetings. We do not modify, create or delete events in your calendar.

12.3. What data we read

Event title, date and time, video call link, and list of attendees (name and email address) when present. Attendee email addresses are used solely to associate meetings with projects and to send a pre-meeting briefing email. We do not access any other attendee data beyond what is necessary for these functions.

12.4. Retention

We store your OAuth access token in encrypted form in order to read your calendar in the background and send pre-meeting briefings. Upcoming events are temporarily cached in our database for this purpose. Tokens and cached event data are deleted immediately if you disconnect Google Calendar from the Service settings, or if the token becomes invalid.

12.5. Limited Use (Google API Services User Data Policy)

Calibana's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: we do not transfer this data to third parties except as strictly necessary to provide the Service; we do not use it for advertising or to train AI models; and we do not allow humans to read it except with your consent, for security, or for legal compliance.

12.6. Revocation

You can revoke access at any time from myaccount.google.com/permissions or from the Service settings.