CalMedi
CalMedi Sync Intelligence

Privacy & data protection

Privacy policy

CalMedi allows healthcare professionals to synchronise their appointments between Doctolib and Google Calendar.

We strictly comply with French and European regulations (GDPR) and only collect the information required to run the service.

This policy applies to the calmedi.io website, the CalMedi application, the API, and the Chrome extension.

1. Data controller

  • IHTConsulting – ZAC Léonard de Vinci – BAT D4 – 16 avenue Graham Bell – 77600 Bussy-Saint-Georges, France.
  • Contact: support@calmedi.io.

2. Data collected

CalMedi only collects technical and configuration data that are necessary to use the service.

  • Identification data: first name, last name, email address, time zone, language, and user preferences.
  • Technical data: synchronisation works through a temporary transfer between Doctolib and Google Calendar with no storage of appointments or patient information.
  • Only the following information is retained: Google OAuth tokens (access_token, refresh_token) and calendar identifiers (selected Google Calendar ID and Doctolib agenda name).

3. Purposes of processing

Each purpose is linked to its legal basis.

  • Calendar synchronisation: technical transfer of appointments between Doctolib and Google Calendar – Contract performance.
  • Account management: configurations, preferences, and Google authentication – Contract performance.
  • Security: error detection and technical logging – Legitimate interest.
  • Customer support: user assistance – Legitimate interest.

4. No event storage

CalMedi does not store any appointment data. Synchronisation information is processed in memory, sent to Google Calendar, and immediately destroyed.

  • No patient names, appointment titles, times, reasons, details, or histories are kept.
  • Events are received via the Chrome extension, forwarded to Google Calendar, and never written to a database.

5. Data sharing and transfers

CalMedi never sells data and only shares information with essential service providers.

  • Google LLC: OAuth2 authentication and access to Google Calendar.
  • Stripe Payments Europe: management of CalMedi subscription payments (no appointment data transmitted).
  • Magic Online – Groupe CELESTE, 20 rue Albert Einstein, 77420 Champs-sur-Marne: secure hosting on French servers compliant with GDPR.
  • No other third party receives data.

6. Security and data protection

  • HTTPS encryption (TLS 1.2+).
  • Secure storage of OAuth tokens.
  • Infrastructure hosted in France by Magic Online – CELESTE.
  • Restricted system access and technical logging for security and support.
  • No medical data is stored.

7. Retention periods

  • User account: kept for the duration of the account and deleted on request.
  • Google OAuth tokens: deleted upon logout or when the authorisation is revoked.
  • Calendar identifiers: deleted with the account or when the service stops.
  • Appointments: never stored, processed in transit only.

8. Your rights

  • Access, rectification, erasure, restriction, objection, and portability.
  • Contact: support@calmedi.io – response time of 30 business days.
  • You may lodge a complaint with the CNIL (cnil.fr).

9. Google scopes used

  • Sensitive scopes: https://www.googleapis.com/auth/calendar and https://www.googleapis.com/auth/calendar.events to create and update events in the selected Google Calendar.
  • Non-sensitive scopes: https://www.googleapis.com/auth/calendarlist.readonly, openid, email, profile to identify the connected Google account, read your calendar list, and secure the OAuth2 flow.
  • CalMedi does not access any other Google services (Drive, Contacts, Gmail, Photos, Docs, etc.).

10. Contact

  • support@calmedi.io.
  • IHTConsulting – 16 avenue Graham Bell, 77600 Bussy-Saint-Georges, France.