Privacy Policy

This Privacy Policy describes how Ghaf Group (“we”, “our”, “us”) handles personal information collected and processed through our internal scheduling system, hosted atcal.ghafgroup.com. This system is self-hosted using the open-source platform Cal.com and is intended solely for use by Ghaf Group team members.

1. Scope and Purpose

The purpose of this instance is to facilitate meeting scheduling, calendar integrations, and internal coordination within Ghaf Group. Access is restricted to authorized team members who authenticate using their Google Workspace accounts.

We do not provide this service to the general public or to external clients.

2. Information We Collect

2.1 Personal Information via Google Login

When you sign in using Google, we receive limited account information from Google, including:

• Full name
• Email address
• Profile photo (if available)

No other data (such as contacts, emails, or documents) is requested or stored.

2.2 System and Activity Logs

To maintain and secure the platform, we automatically record certain technical data such as:

• Login timestamps and authentication events
• Browser type and IP address
• API requests and error logs

These logs are used solely for security, debugging, and performance monitoring.

2.3 Booking Metadata

The system records basic meeting information such as:

• Meeting date and time
• Participants’ email addresses

We do not store meeting content, detailed notes, or subject lines beyond what is technically required to create and manage the event in the calendar systems used.

3. How We Use the Information

We use collected data only for internal operational purposes, including to:

• Authenticate users via Google
• Manage user access and platform security
• Provide and improve scheduling functionality
• Monitor performance and troubleshoot issues

We do not use personal data for external marketing, user profiling, or sale to third parties.

4. Data Storage and Security

All data is hosted on Amazon Web Services (AWS) infrastructure in secure environments controlled by Ghaf Group.

We apply standard security practices, including:

• Role-based access control and restricted administrative privileges
• Encrypted connections (HTTPS / TLS) to and from the service
• Network-level protections and monitoring
• Regular review of logs for security and operational issues

No data is transferred or shared with third parties except as required for technical hosting on AWS and for authentication via Google.

5. Data Retention

System and access logs are retained for as long as needed to ensure operational security, auditing, and service continuity, in line with Ghaf Group’s internal IT policies.

User information (such as name, email, and profile photo) remains active while the corresponding account exists in our internal directory and continues to use the platform.

When an employee leaves Ghaf Group or loses authorization, their access is revoked and associated records may be archived or deleted in accordance with internal policies and applicable UAE laws.

6. Your Responsibilities

By using this platform, you agree to:

• Access it only for authorized Ghaf Group business purposes
• Protect your Google account credentials and avoid sharing them with others
• Use the system in accordance with internal security and IT policies
• Avoid uploading or storing sensitive data that is not required for scheduling

7. Data Sharing and Disclosure

We do not sell, rent, or trade personal data.

We may disclose data only when necessary:

• To comply with applicable UAE laws, regulations, or legal processes
• To respond to valid requests by public authorities
• To investigate, prevent, or address security incidents or misuse

8. International Transfers

Depending on the AWS region and Google services used, some data may be processed or stored outside the UAE. We select reputable providers and configurations designed to maintain an appropriate level of security and confidentiality.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our systems, infrastructure, or legal requirements.

The latest version will always be available athttps://cal.ghafgroup.com/privacy(or an equivalent internal page) and will indicate the date of the most recent update.

10. Contact

For questions about this Privacy Policy or our data handling practices, you can contact:

Ghaf Group
Email: privacy@ghafgroup.com

This Privacy Policy applies only to the internal Cal.com instance operated by Ghaf Group atcal.ghafgroup.com.