NimbleCal
Last reviewed May 2, 2026

NimbleCal uses a small set of service providers to host the app, run account and billing flows, deliver invitation emails, protect signup, and keep the service reliable.

This page is a plain-language summary of the third-party services NimbleCal currently uses.

Providers have different roles: some process personal data for NimbleCal, while providers such as Paddle may also act under their own terms for payment, tax, refund, fraud, and compliance purposes. The Privacy Policy and each provider's own notices remain the source of truth.

For encrypted calendar records, the providers involved in encrypted calendar storage and sync receive ciphertext plus the limited metadata needed to operate the service, not plaintext event titles, descriptions, notes, or locations. Email invitations are the main calendar-content exception: if you send an invite, NimbleCal and its email delivery provider process recipient email addresses, invitation delivery and RSVP metadata, and the event details needed to deliver and display the invitation.

App and account infrastructure

Supabase

  • Purpose: authentication, database, sync APIs, and a small number of supporting records such as subscription snapshots, feedback, and marketing preferences.
  • Data handled: account email, auth/session metadata, encrypted calendar/event/settings blobs, limited sync metadata, reminder metadata, feedback submissions, and marketing preferences.
  • Details: NimbleCal's current production Supabase project is configured in Germany/EU. Calendar content saved in the app is end-to-end encrypted before it reaches Supabase.
  • Privacy policy: Supabase Privacy Policy

Vercel

  • Purpose: hosting for the Web App and Website, server rendering, functions, and edge delivery.
  • Data handled: standard request metadata, runtime logs, deployment data, and cached content and delivery metadata.
  • Details: NimbleCal currently pins server-side processing to Germany/EU where Vercel allows that. Vercel's edge and CDN network is global, so this is not an EU-only provider path.
  • Privacy policy: Vercel Privacy Policy

Billing

Paddle

  • Purpose: merchant of record and authorized reseller for paid subscriptions, covering checkout, taxes, receipts, payment support, and refunds.
  • Data handled: customer email, billing and subscription metadata, payment handling data, tax details, fraud-prevention data, and refund or dispute records needed for checkout and compliance.
  • Details: Paddle and its payment, tax, fraud, and compliance partners can operate across regions. Paddle handles payment method details directly. In the checkout and payment-processing flow, NimbleCal does not intentionally receive or store full card or bank account numbers on its own servers.
  • Privacy policy: Paddle Privacy Policy

Email and signup protection

AhaSend

  • Purpose: transactional invite email delivery.
  • Data handled: recipient email addresses, message metadata, and invite content needed to deliver the email.
  • Details: For invite emails, NimbleCal currently configures AhaSend's minimum retention settings: 1 day for message metadata and 0 days for message content. See AhaSend's own privacy notice for its infrastructure and broader data-handling details.
  • Privacy policy: AhaSend Privacy Policy

Friendly Captcha

  • Purpose: abuse protection on NimbleCal's account signup form.
  • Data handled: technical request data needed to load and evaluate the Friendly Captcha challenge, the requester's IP address, the Friendly Captcha response token, and verification metadata such as verification time, challenge origin, and provider event ID when returned.
  • Details: NimbleCal sends the response token and requester IP address to Friendly Captcha for server-side verification. NimbleCal does not store the raw response token. The persistent NimbleCal record for this flow includes fields such as a hashed signup-proof token, hashed email binding, verification timestamp, challenge origin, provider event ID if returned, expiry timestamp, and consumption state so signup can be enforced at the account-creation boundary. See Friendly Captcha's own privacy notice for current data-location details.
  • Privacy policy: Friendly Captcha Privacy Policy for End Users

Direct contact channels

Proton Mail

  • Purpose: hosting NimbleCal's direct-contact inboxes for support, privacy and data-rights requests, security reports, and refund questions.
  • Data handled: the sender address, message content, attachments, and related email metadata such as headers and timestamps when you email NimbleCal directly.
  • Details: this applies when you email NimbleCal directly. Proton is operated by Proton AG in Switzerland. See Proton's own legal pages for current hosting and transfer details.
  • Privacy policy: Proton Privacy Policy

Website analytics and operational diagnostics

Plausible

  • Purpose: cookie-free aggregate analytics on nimblecal.com.
  • Data handled: page URL, referrer, approximate location derived from IP, user agent, and limited Website click-event labels, such as CTA, checkout, or support-link clicks.
  • Details: NimbleCal uses Plausible on the Website, not inside the Web App. Plausible's public docs describe EU-hosted processing.
  • Privacy policy: Plausible Data Policy

Sentry

  • Purpose: operational crash diagnostics when crash reports are sent.
  • Data handled: a limited, predefined set of diagnostic fields such as build version, route area, browser/OS family, online/offline state, error type, sanitized stack-frame labels, and predefined error diagnostics.
  • Details: NimbleCal configures Sentry for Germany/EU storage and disables IP address storage in the Sentry project configuration. This is used for operational diagnostics, not product analytics or session replay.
  • Privacy policy: Sentry Privacy Policy

Change notice

NimbleCal updates this page when a live service provider is added, removed, or materially changes how it handles personal data for the Service. Where a change materially affects the Privacy Policy, NimbleCal will update that policy too and provide notice as described there.