Legal

Privacy Policy

A plain-language account of the data MRR Calendar handles across private dashboards, connected services, public publishing, analytics, and email.

Last updated: July 10, 2026

1.Scope and controller

This policy applies to the MRR Calendar website, application, public pages, feeds, leaderboard, emails, API, and connected publishing tools. MRR Calendar is operated by Amorem Development, which acts as controller for account, billing, service analytics, and support data.

For data imported from services you connect, you decide which accounts and projects to connect and which information to publish. Depending on the context, you may remain the controller of that source data and MRR Calendar processes it to provide the service.

2.Data we collect

  • Account and authentication: name, email address, avatar, authentication provider, session identifiers, IP address, user agent, signup attribution, and account preferences.
  • Connected SaaS and revenue data: projects, products, subscriptions, invoices, payments, refunds, currencies, billing countries, revenue rollups, and source synchronization records imported from Stripe.
  • Connected activity data: GitHub contribution history, Plausible visitor totals, X/Twitter, LinkedIn and Reddit profile or engagement metrics, and MySaaS.Blog or MySaaS.Lol content and metrics.
  • Publishing configuration: public-page content and scope, goals, milestones, feed and leaderboard choices, X profile templates, GitHub share settings, and AWTRIX device endpoint and display configuration.
  • Billing and communications: plan, Stripe customer and subscription references, invoice status, support requests, email content, delivery status, and email interaction events described below. Stripe handles payment-card details directly; MRR Calendar does not store full card numbers.
  • Operational data: job status, errors, security events, API and OAuth audit events, rate-limit events, and diagnostic logs.

3.Why we use data

  • To create and secure accounts, provide requested features, synchronize connected sources, and deliver reports under our contract with you.
  • To bill paid plans, maintain transaction records, and meet accounting or legal obligations.
  • To operate, debug, protect, and improve the service based on our legitimate interests in reliability, fraud prevention, and product quality.
  • To send authentication, service, support, billing, and opted-in report emails.
  • To measure public-page visits and attribution only after the visitor grants the first-party analytics choice described below.

Where consent is the applicable basis, you may withdraw it at any time without affecting processing that occurred before withdrawal.

4.Public analytics, cookies, and local storage

MRR Calendar uses essential first-party cookies for authentication, security, demo sessions, and preferences such as theme and color. These are needed to provide the requested experience.

On a user's public MRR Calendar page, first-party visit and click analytics are off until the visitor selects “Allow analytics.” If allowed, a random visitor identifier is stored in a first-party cookie and local storage for up to 90 days. Events may include the public handle and path, referrer host, campaign parameters, clicked destination host, approximate country/region/city, browser, operating system, device class, and keyed hashes derived from IP, visitor identifier, referrer, destination, and user agent. Raw public IP addresses are not stored in the public analytics event record.

Selecting “Decline” creates no visitor identifier and sends no public analytics event. The “Privacy choices” control on the public page lets a visitor change the choice; declining also removes the existing visitor identifier from cookie and local storage.

An embeddable widget makes a public data request and, when analytics are enabled by the account owner, may send an impression after at least half of the widget has been visible for one second. A click is recorded only when the widget links to an enabled public page. The widget sets no cookie, uses no local storage, and does not read the public page's visitor identifier.

To estimate daily unique widget impressions without creating a persistent visitor profile, MRR Calendar derives a keyed hash specific to the widget, event type, and day from the request IP address and user agent. The hash is kept only in the rate-limit store for up to 26 hours. Persistent widget records contain the event and hourly aggregate dimensions needed by the owner—such as widget, embed domain, placement, country, device class, and traffic classification—but no raw IP address, raw user agent, or reusable cross-widget identifier.

When enabled by the operator, Plausible provides aggregate product-website traffic analytics without advertising profiles or cross-site tracking. MRR Calendar does not sell personal data and does not run advertising trackers.

5.Email delivery and interaction data

Service and report emails may contain a signed open pixel and tracked links. When an email is opened or a tracked link is used, MRR Calendar may record the message, event time, destination URL for clicks, IP address, user agent, and keyed hashes of those values. Tracking links expire after 90 days.

We use these events for delivery diagnostics, abuse prevention, support, and to understand whether requested reports are useful. You can disable daily reports in account settings or use their unsubscribe link. Contact us if you want email interaction tracking disabled for your account.

6.Connected services and permissions

Integrations are optional. MRR Calendar stores connection identifiers, granted scopes, encrypted API keys or OAuth tokens, synchronized metrics, and error history. Disconnecting a source stops future synchronization and removes source records according to the applicable deletion flow; revoking the credential at the provider is also recommended.

Stripe connections accept restricted keys and reject full secret keys. GitHub, Google, X/Twitter, LinkedIn, Reddit, MySaaS.Blog, and MySaaS.Lol permissions are shown during their authorization flows. Plausible uses the API endpoint and key you provide. AWTRIX sends the selected metrics and media to the device endpoint you configure; that endpoint may be on your private network.

7.Public pages, feed, leaderboard, and widgets

Dashboards are private by default. Public pages, feed participation, leaderboard participation, public GitHub assets, and embeddable widgets are separate publishing features controlled by the account owner. Published data may include a handle, display name, avatar or logo, project identity, selected metrics, goals, milestones, and activity events.

Public content can be indexed, cached, linked, or copied by third parties. Turn off the relevant public control before disconnecting a source if you no longer want new public responses to include that data.

8.Recipients and service providers

We disclose data only as needed to operate requested features, including:

  • Stripe for billing and, when connected, source revenue data.
  • UseSend for transactional and report email delivery.
  • Cloudflare R2/CDN for user avatars, public logos, and generated assets.
  • Plausible for aggregate website analytics when configured.
  • Google and GitHub for optional authentication, and the connected providers listed above when their APIs are used.
  • Ahrefs for optional domain-rating lookups.
  • Infrastructure providers used for hosting, database, queues, monitoring, and security operations.

We may also disclose information when required by law, to protect users and the service, or in connection with a business reorganization subject to appropriate safeguards. We do not sell or rent personal data.

9.Retention and deletion

  • Account, preferences, source data, and publishing settings are generally kept while the account or relevant connection remains active.
  • Session, verification, OAuth authorization, and tracking tokens expire based on their configured expiry or are removed when revoked.
  • The public analytics visitor identifier lasts up to 90 days unless declined or cleared sooner. Detailed analytics, email events, audit records, and sync logs are kept while needed for reporting, security, support, and service operations; some categories do not yet have an automatic general purge.
  • Billing, tax, fraud-prevention, dispute, and legal records may be retained after account closure for the period required by applicable law.
  • Account deletion removes account-linked application records through the product deletion workflow. Limited copies may remain temporarily in backups or where retention is legally required.

10.Security and international transfers

Connection secrets are encrypted with authenticated encryption before database storage. MRR Calendar also uses access controls, ownership checks, signed tokens, request-origin checks, rate limits, restricted Stripe permissions, guarded outbound requests, and operational logging. No internet service can guarantee absolute security.

Providers may process data in countries outside yours. Where required, transfers rely on the provider's applicable contractual or legal safeguards. See the Security & Trust center for a product-level summary of controls and public/private boundaries.

11.Your rights

Depending on your location, you may request access, correction, deletion, portability, restriction, or objection; withdraw consent; or complain to your local data-protection authority. You may also disconnect sources, change public visibility, export visible records, manage emails, and delete your account from the product where those controls are available.

We may need to verify your identity before completing a request. We will respond within the period required by applicable law. MRR Calendar is not directed to children under 16, and we do not knowingly collect their data.

12.Changes and contact

We may update this policy as the service or legal requirements change. Material changes will be communicated through the service or email when appropriate, and the update date above will change.

For privacy questions or rights requests, email hello@mrrcalendar.com. For product support, you may also use the contact page.