NimbleCal
Last reviewed Apr 8, 2026

NimbleCal is built to keep your calendar private by default.

Short version
Your event content is encrypted end-to-end during normal sync. Email invites store a plaintext summary for delivery and RSVP.

What NimbleCal encrypts

NimbleCal encrypts your calendar content on your device before syncing/storing it. This is end-to-end encryption (E2EE): your devices hold the keys needed to read event content.

See: Encryption overview

What NimbleCal still needs to store

Even with E2EE, a calendar app still needs some non-content data to function.

Examples of data that can exist outside the encrypted event payload:

  • Account data (like your email address)
  • Billing/subscription status
  • Limited sync metadata (for example, timestamps used for conflict resolution)
  • Reminder scheduling timestamps, which NimbleCal stores outside encrypted event blobs so reminders can be delivered

Crash reports

If Crash reports are available in your build, NimbleCal can send a small report when it crashes or fails to start. These are operational diagnostics, not product analytics.

They are limited to serious failures such as startup errors, unhandled exceptions, or database errors.

Included:

  • Build version
  • A general route area like /calendar or /settings (/other for everything else)
  • General browser and operating-system family
  • Online/offline state
  • Error details

Excluded:

  • Event titles, descriptions, notes, and locations
  • Email addresses
  • Invite links
  • Full query strings
  • Account IDs
  • Session replay
  • Product analytics data

If crash reports are available, they are on by default. You can turn them off in Settings. This setting applies only to that browser. Sentry is configured to store crash report data in the EU, IP address storage is disabled in that project configuration, and this path is used only for error monitoring.

Invites: what gets shared

When you send an Email invite, NimbleCal stores a plaintext invite summary so the recipient can understand the invite and RSVP. This is the current exception to the normal encrypted sync path.

That summary includes the event title, start/end time, timezone, organizer name/email, and any event location or description. Those details are separate from the normal encrypted sync path. Email invite details are accessible to anyone with the invite link, so keep invite links private.

See:

ICS import and export

ICS import/export is a compatibility feature, not the same thing as encrypted sync.

An .ics file is plain text while it is stored, downloaded, uploaded, emailed, or shared outside NimbleCal. After you import one, the events inside NimbleCal use the app's normal end-to-end encryption. Exported .ics files remain plain text, so anyone with access to the file can read the event details inside it.

See:

Quick Add privacy

Quick Add parsing runs fully on-device:

  • The text you type is not sent to NimbleCal servers.
  • The text you type is not shared with third-party AI APIs.

See: Quick Add with natural language