Operational notice
Privacy & Security
Can We Meet is designed to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and to follow privacy-by-design principles. This page is our operational privacy and security notice — it is not legal advice. Last updated 2026-07-04.
1. Who we are
Can We Meet ("we", "us") provides the meeting coordination service available at canwemeet.org. We act as the data controller for the personal data described in this notice.
If Can We Meet is not yet operated through an incorporated company, the current operator/controller is the individual project owner. We have not appointed a formal Data Protection Officer; our privacy contact is reachable at Hello@canwemeet.org.
2. What data we collect
- Meeting details you or invitees enter: names, email addresses, meeting title, location, times and availability, notes, and invite status.
- Account data if you sign in: email address, authentication identifiers, and basic profile info.
- Technical data: IP address (short-term, for security and abuse prevention), browser/device type, error events.
- Cookie and local-storage entries needed to run the service (see Cookies).
- Optional diagnostic snapshots you actively choose to share.
3. Why we collect it
- To let you create, share and confirm meetings and to send invites and calendar events.
- To keep the service secure, prevent abuse and comply with legal duties.
- To improve reliability through privacy-safe Labs diagnostics.
- To respond to your questions and privacy requests.
4. Our lawful basis under UK GDPR
We rely on more than one lawful basis depending on the purpose. Consent is used only for optional cookies, optional marketing, or diagnostic snapshots you actively choose to share.
| Purpose | Data | Likely lawful basis |
|---|---|---|
| Creating and managing meetings | Name, email, meeting title, availability, time, location, invite status | Contract / steps requested by the user |
| Sending invites and confirmations | Participant name/email, meeting details, invite status | Contract / legitimate interests |
| Protected Meeting Mode | Meeting title, generalised location, exact location, confirmation status, deletion status | Contract / legitimate interests |
| Labs diagnostics and product improvement | Privacy-safe diagnostic events, error codes, browser/device type, pseudonymous session IDs, aggregated usage patterns | Legitimate interests |
| Security, abuse prevention and admin audit logs | Security logs, admin actions, reveal logs, limited technical metadata | Legitimate interests / legal obligation where applicable |
| Optional analytics cookies | Analytics identifiers or usage data, only where used | Consent |
| Responding to privacy requests | Contact details, request details, correspondence | Legal obligation / legitimate interests |
5. How Normal Mode works
Normal Mode is the default flow. You (or invitees) type into the chat; we store the meeting record so you can come back to it, share it, receive replies and confirm a time. Titles and locations remain as you enter them. We keep this data only as long as it is useful for Recents, editing and support — see Retention.
6. How Protected Meeting Mode works
- The meeting title defaults to "Meeting" until final confirmation.
- Only a generalised location (e.g. city or "Online") is shown before confirmation.
- The exact location is only sent in the final confirmation.
- You have a 60-minute correction window after confirmation. Any change restarts the clock.
- After the window closes, sensitive Protected Meeting fields (title, exact address, participant names/emails, chat contents, notes) are deleted from the active meeting record.
- Protected Meeting pages use essential cookies only and are excluded from marketing cookies, tracking pixels, behavioural analytics, heatmaps, session replay and full invite URL capture.
Once deleted, we may no longer be able to retrieve or even identify a specific Protected Meeting — that is by design.
7. Labs diagnostics and product improvement
Labs helps us find bugs, understand failure patterns and improve the product. Labs learns from structure, errors and outcomes — not raw private meeting content.
- In Protected Meeting Mode, Labs must not store exact titles, exact addresses, participant names or emails, calendar event titles, free-text notes, full invite URLs, invite tokens, or precise IP addresses beyond what is briefly needed for security.
- In Normal Mode, Labs still avoids unnecessary raw personal data and prefers pseudonymous or aggregated events.
- If you actively share a diagnostic snapshot, we will tell you what may be included and how long we will keep it.
Can We Meet uses AI to help draft messages and extract meeting details. We do not use raw Protected Meeting content for AI training or Labs learning by default, and we do not sell user data to third parties or provide it for training external AI models.
8. Cookies and similar technologies
We keep cookies and local-storage entries to a minimum. There are three groups:
- Essential. Always on. Needed to run meetings, keep you signed in, remember basic choices and prevent abuse.
- Internal analytics. First-party diagnostics that stay on our systems. On by default but you can turn them off below.
- Optional external analytics. Off unless you accept them. Never active on Protected Meeting pages.
9. Data retention and deletion
- Confirmed Protected Meeting sensitive fields: deleted 60 minutes after confirmation (or 60 minutes after the most recent correction).
- Unconfirmed meeting drafts: expire after 14 days with no activity, then deleted.
- Invite tokens: expire on confirmation + 60 minutes, or when the draft expires, whichever comes first.
- Normal Mode meetings: retained for up to 12 months of inactivity for Recents, editing and support, then deleted.
- Labs diagnostics: pseudonymous data kept for up to 90 days, then aggregated or deleted.
- Support / security / admin logs: kept without meeting content for 6–12 months.
- Aggregated anonymous statistics: may be kept longer as they can no longer identify an individual.
10. Who we share data with / subprocessors
We do not sell personal data. We use these categories of subprocessors:
- Cloud hosting and edge compute — running the web application.
- Managed database and authentication — storing meeting records and handling sign-in.
- Transactional email delivery — sending invites, confirmations and account emails.
- AI provider(s) — used to draft messages and extract meeting details from what you type. Not used to train external models on your data.
- Error logging — capturing sanitised error events for reliability.
A current subprocessor list is available on request from Hello@canwemeet.org. We only list providers we actually use.
11. International transfers
Some subprocessors may process data outside the UK/EEA. Where that happens, we rely on appropriate safeguards (such as the UK International Data Transfer Agreement or Addendum to the EU Standard Contractual Clauses) where required. We do not make unsupported claims about exact data location.
12. Security measures
- HTTPS/TLS for data in transit.
- Managed database with access controls and Row Level Security policies where used.
- Random non-guessable invite and share tokens.
- Token expiry aligned with the retention rules above.
- Masking of sensitive fields in admin tools where practical, with admin reveal logging.
- Automated deletion and retention jobs.
- Deliberately limited Labs diagnostics, especially in Protected Meeting Mode.
13. Your rights
Under UK GDPR you can ask us to:
- Access the personal data we hold about you.
- Correct data that is wrong.
- Delete data (right to erasure), subject to lawful exceptions.
- Restrict or object to certain processing.
- Receive a copy of certain data in a portable format, where applicable.
- Withdraw consent for processing that relies on consent (such as optional analytics cookies).
Many users aren't signed in. To act on your request, we may need enough information to locate the relevant meeting — for example the meeting link or invite email. Once Protected Meeting data has been deleted, we may no longer be able to retrieve or identify it.
14. How to contact us
Email our privacy contact at Hello@canwemeet.org. Please put "Privacy request" in the subject line.
15. How to complain to the ICO
Please contact us first — we'd like the chance to put things right. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint.
16. Changes to this notice
We may update this notice as the service and our subprocessors change. Material changes will be highlighted at the top of this page.