Privacy Policy

Last updated: April 19, 2026

SoKal ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application.

Information We Collect

We collect information you provide directly to us, including:

• Account information (phone number, name, username, profile photo)
• Calendar events and availability you choose to share
• Connections and friend relationships
• City-level location (your current city, never your precise GPS location)
• Device information and push notification tokens
• Contacts (phone number hashes for friend discovery; see "Contact Discovery" below)

Device Permissions

SoKal may request the following device permissions:

• Camera: Used to scan QR codes to connect with friends and to take profile pictures. We do not record or store any camera footage beyond the photos you choose to upload as your profile picture.
• Contacts: Used to help you find friends already on SoKal and to invite others to events. When you grant contacts permission, we upload cryptographic hashes (SHA-256) of your contacts' phone numbers to our servers — not the raw phone numbers themselves. These hashes are used to match against other SoKal users for friend discovery and to notify you when a contact joins. See the "Contact Discovery" section below for full details.
• Push Notifications: Used to notify you about event invitations, friend requests, and activity from your connections. You can disable notifications at any time in your device settings.
• Calendar: Used to sync your device calendar with SoKal so you can see all your events in one place. See the "Third-Party Calendar Access" section below for full details.
• Photo Library: Used to let you choose a profile picture from your existing photos. We only access the specific photo you select.

Third-Party Calendar Access

SoKal offers optional integration with third-party calendar services, including Google Calendar, Apple Calendar, and Microsoft Outlook Calendar. These integrations are entirely opt-in — we never access your external calendars unless you explicitly connect them.

What We Access

When you connect a third-party calendar, we access:

• Event data: Event titles, start/end times, locations, descriptions, all-day status, and recurrence rules from your connected calendars.
• Calendar list: The names and identifiers of your calendars so you can choose which ones to sync.

Why We Access It

We use your third-party calendar data to:

• Display your schedule: Show your existing events alongside SoKal events in a unified calendar view, so you can see your full availability in one place.
• Two-way sync: Keep events synchronized between SoKal and your external calendar. Events you create in SoKal can appear in your Google/Apple/Microsoft calendar, and vice versa, so you never have to manage events in two places.
• Availability detection: Understand when you are free or busy so we can suggest social activities at times that work for you and your friends.

How We Handle It

• Imported calendar events are stored on our servers to enable syncing and availability features. They are associated with your account and are never shared with other users — only your availability (free/busy status) may be visible to your connections, not the details of imported events.
• We do not use your calendar data for advertising, marketing, or any purpose unrelated to providing the SoKal service.
• We do not sell, share, or transfer your calendar data to third parties, except as necessary to provide the sync functionality (i.e., writing events back to your connected calendar service via their API).
• You can disconnect a third-party calendar at any time from the app settings. When you disconnect, we stop syncing and delete the imported event data from our servers.

Event Classification & Visibility

When you sync a calendar from any provider (Google, Apple, or Microsoft), SoKal processes your events in the same way regardless of the source:

• Automatic classification: We analyze event titles and details to classify events into categories such as travel, outing, exercise, errand, or work. Our classification is intentionally conservative — we only classify events when we are confident in the category (e.g., a restaurant reservation as an outing, or a flight as travel). When we are unsure, the event remains unclassified.
• Unclassified events are completely private: Events that are not classified (i.e., have no event type) are never visible to anyone other than you. They are only used internally to determine whether you are free or busy.
• What other users can see: Only travel and outing events have the potential to be visible to your connections, and only if you have explicitly granted those connections permission through your privacy settings. By default, all synced events are private.
• Free/busy only: Your connections may see whether you are free or busy at a given time, but they cannot see the titles, details, or any other information about your synced events unless you change your privacy settings to allow it.
• Errands and other categories: Events classified as errands (e.g., appointments, tasks) are hidden from all users by default. You may choose to make them visible to specific connections through your privacy settings — for example, some couples prefer to share all calendar details with their partner.
• Conservative by design: Our classification system is designed to err on the side of privacy. We would rather leave an event unclassified (and therefore completely hidden) than risk incorrectly classifying a private event. You can always manually adjust the classification of any event.
• Your control: You can review and change the classification of any synced event at any time. You can also adjust your privacy settings to control exactly who can see which types of events, or disconnect your calendar entirely to remove all synced data.

Google Calendar — Limited Use Disclosure

SoKal's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Google Calendar data to provide and improve the calendar features described above.
• We do not use Google Calendar data for serving advertisements.
• We do not allow humans to read your Google Calendar data unless (a) we have your explicit consent, (b) it is necessary for security purposes (e.g., investigating abuse), (c) it is necessary to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.
• We do not transfer Google Calendar data to other apps or services except as necessary to provide the SoKal service or as required by law.

Microsoft Outlook Calendar — Data Use Disclosure

SoKal's use of information received from Microsoft APIs complies with the Microsoft APIs Terms of Use. Specifically:

• We only use Microsoft Calendar data to provide and improve the calendar features described above.
• We do not use Microsoft Calendar data for serving advertisements.
• We do not allow humans to read your Microsoft Calendar data unless (a) we have your explicit consent, (b) it is necessary for security purposes (e.g., investigating abuse), (c) it is necessary to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.
• We do not transfer Microsoft Calendar data to other apps or services except as necessary to provide the SoKal service or as required by law.

Apple Calendar — Data Use Disclosure

SoKal's use of information from Apple Calendar complies with the Apple App Store Review Guidelines and Apple's privacy requirements. Specifically:

• We only use Apple Calendar data to provide and improve the calendar features described above.
• We do not use Apple Calendar data for serving advertisements.
• We do not allow humans to read your Apple Calendar data unless (a) we have your explicit consent, (b) it is necessary for security purposes (e.g., investigating abuse), (c) it is necessary to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.
• We do not transfer Apple Calendar data to other apps or services except as necessary to provide the SoKal service or as required by law.

SMS Messaging

SoKal sends SMS text messages solely to deliver event invitations. When a SoKal user invites someone to an event by selecting their phone number from their device contacts, we send a one-time SMS to that number containing the event name, date, and a link to view and RSVP.

Data We Collect for SMS

• Phone numbers: Collected from the inviting user's device contacts at the time of invitation. We store the recipient phone number only as needed to deliver the invitation and track RSVP status.
• Opt-out preferences: If a recipient replies STOP, we record their opt-out status to ensure no further messages are sent.

How We Use SMS Data

• Phone numbers are used only to deliver event invitation SMS messages. We do not use phone numbers for marketing, advertising, promotional messages, or any other purpose.
• We do not sell, rent, loan, trade, lease, or otherwise share phone numbers or SMS data with any third parties for their marketing or promotional purposes.
• We do not share phone numbers or SMS data with third parties except as necessary to deliver SMS messages (i.e., our SMS delivery provider, Twilio) or as required by law.

SMS Opt-Out & Contact

Recipients can opt out of SMS messages at any time by replying STOP. For help, reply HELP or contact us at team@sokal.app. Message and data rates may apply. See our Terms of Service for full SMS terms.

Contact Discovery

SoKal offers a contact-based friend discovery feature. When you grant contacts permission, the app periodically uploads your contacts' phone numbers to our servers in a privacy-preserving way.

How We Protect Contact Data

• Hashing: Phone numbers from your contacts are converted into one-way cryptographic hashes (SHA-256) on our servers before storage. We do not store raw phone numbers from your contacts.
• No reverse lookup: SHA-256 hashes are one-way — they cannot be directly converted back into phone numbers. However, because phone numbers have limited combinations, we acknowledge a theoretical reverse-lookup risk. We mitigate this by restricting database access and never exposing hashes externally.
• Contact names: We store the display name associated with each contact (e.g., "Mom", "John") solely to personalize notifications (e.g., "John just joined SoKal"). Contact names are never shared with other users.

What We Use Contact Data For

• Friend discovery: We match your contact hashes against the hashed phone numbers of verified SoKal users to show you "People you know on SoKal" — helping you find friends who are already on the platform.
• Join notifications: When a new user verifies their phone number, we check if any existing users have that number in their contacts and send a push notification ("John just joined SoKal") so they can connect.

Your Control

• Contact discovery requires the Contacts permission. If you deny or revoke this permission, no contact data is uploaded or stored.
• You can dismiss the discovery card, and it will not reappear for 30 days.
• You can disable "Contact joined" push notifications in your notification settings.
• Deleting your account permanently removes all stored contact hashes associated with you.

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Connect you with friends and facilitate social planning
• Send push notifications about events and friend activity
• Suggest activities based on your calendar and interests
• Respond to your comments, questions, and support requests

Information Sharing

We do not sell your personal information. We share your information only:

• With your friends and connections, as you choose to share
• With service providers who assist in our operations
• When required by law or to protect rights and safety

Data Security

We implement appropriate security measures to protect your personal information. Your data is encrypted in transit and at rest. We use industry-standard practices to secure our systems.

Data Retention

We retain your information for as long as your account is active or as needed to provide you services. You can delete your account at any time from within the app, which will permanently remove your data from our servers.

Your Rights

You have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your account and data
• Opt out of push notifications
• Disconnect third-party calendar integrations at any time

Children's Privacy

SoKal is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Contact Us

If you have any questions about this Privacy Policy, please contact us at privacy@sokal.app