Calo Privacy Policy

Last updated: May 31, 2026

Mind Stone Inc. ("Mind Stone," "we," "us," or "our") provides Calo, an AI-powered family calendar and household-coordination service available as a mobile app and related cloud services (the "Service"). The in-app AI assistant is also called "Calo."

This Privacy Policy explains what information we collect, how we use and share it, and the choices and rights you have. By creating an account or using the Service, you agree to this Policy. If you do not agree, please do not use the Service.

Because Calo is built for families, you will often provide information about other people — your partner, children, parents, other household members, and guests. Section 4 explains your responsibilities when you do.

1. Who We Are

Mind Stone Inc. 800 N King Street, Suite 304-2084, Wilmington, DE 19801, USA New Castle County, Delaware

Privacy contact: privacy@ourcalo.com General support: support@ourcalo.com

2. Information We Collect

We collect information you provide, information generated as you use the Service, and information we receive from third parties you connect.

2.1 Information you provide

• Account & identity. When you register with email/password or sign in with Apple or Google, we collect your email address, a securely hashed password (for email accounts), Apple/Google account identifiers, and email-verification codes.
• Family & member profiles. Family name, your home address (entered manually or captured via GPS during setup), and a profile for each family member you add — which may include name, photo, role/identity, birthday, and "life status." Members may include children, elderly relatives, and pets.
• Calendar & event content. Events, tasks, reminders, lists (shopping, to-do, chores), recipes and meal plans, rewards and points, and any notes, comments, or attachments you add.
• Dietary & health-related details. Dietary preferences and restrictions (including allergies), and reminders you set that may reveal health information (e.g., medication refills, doctor or hospital appointments). We treat this as sensitive information.
• Content you submit for processing. Photos of documents (e.g., a paper schedule or appointment letter) that you ask Calo to scan; emails you forward to your dedicated Calo forwarding address; and links/URLs you share for Calo to summarize.
• Conversations with Calo. The messages you exchange with the Calo AI assistant, including voice input you provide (which is converted to text), and, where you use the AI phone assistant, the purpose of the call and its transcript.
• Contact details for others. Email addresses or phone numbers you provide so Calo can send event invitations to guests, or send daily summaries by email/SMS to family members who don't use the app.
• Payments. If you subscribe to a paid plan, the purchase is processed by the Apple App Store / Google Play and RevenueCat; we receive subscription status and transaction identifiers but do not collect or store your full payment-card number.

2.2 Information collected automatically

• Usage & device data. App interactions and feature usage (analytics events), device and app version, language, and similar technical data.
• Diagnostics. Crash and error reports, performance data, and logs used to keep the Service reliable.
• Push & session data. Push-notification tokens and session/authentication tokens.

2.3 Information from connected services

If you connect an external calendar or account, we access data per the permissions you grant:

• Connected calendars. Google Calendar, Microsoft Outlook, Apple Calendar, and CalDAV — generally read access, up to a limited number of accounts per member per provider, used to aggregate and detect conflicts across your calendars.
• Sign-in providers. Apple and Google identity, when you use them to sign in.

You can disconnect a connected account at any time in the app, which stops further access.

3. How We Use Your Information

We use the information above to:

• Provide the core Service — run your family calendar, aggregate events across connected calendars, detect conflicts, and keep household lists, tasks, meals, and rewards in sync across members.
• Power Calo's AI features — generate proactive summaries (e.g., the home "NowCard" and morning briefing), suggest events and tasks for your confirmation, parse forwarded emails and scanned documents into calendar entries, estimate travel/commute time, and operate the AI phone assistant.
• Personalize — tailor reminders, meal suggestions, and content to your family's profiles and preferences.
• Communicate — send service-related notices and reminders; deliver event invitations and daily summaries to the recipients you designate (including by email/SMS to non-app members).
• Maintain, secure, and improve — authenticate users, prevent fraud and abuse, debug, analyze usage in aggregate, and develop new features.
• Comply with law — meet legal, tax, and regulatory obligations and respond to lawful requests.

We do not sell your personal information, and we do not use the content of your family's calendars or conversations to serve third-party advertising.

3.1 Legal bases (EEA/UK users)

Where the GDPR/UK GDPR applies, we rely on: performance of a contract (to provide the Service); consent (for optional features such as connecting external accounts, location use, or processing sensitive data — withdrawable at any time); legitimate interests (to secure and improve the Service); and legal obligation.

4. Information About Other People

Calo is a shared family tool. When you add a family member, invite a guest, or provide someone's email or phone number, you confirm that you are entitled to share that information and, where required, that you have their consent (or, for a child, that you are the parent/guardian — see Section 5). The family administrator who creates a family may be able to view and manage information added by members. Please only add information you are authorized to share, and tell other members that their information is in Calo.

5. Children's Information

Calo is intended to be set up and managed by an adult (a parent or legal guardian). A parent or guardian may add a child as a family member and may use features that involve the child (such as assigning chores or tracking reward points). Any information about a child in Calo is provided and controlled by the managing adult.

We handle children's information consistent with applicable law, including the U.S. Children's Online Privacy Protection Act (COPPA) and the GDPR's provisions on children's data (GDPR-K). A parent or guardian may review, update, or delete a child's information, and withdraw consent, through the app or by contacting privacy@ourcalo.com. We do not knowingly allow children to create their own accounts. If you believe a child has provided us information without proper authorization, please contact us and we will delete it.

6. How We Share Information

We share information only as described here:

• Service providers (sub-processors). We share what is necessary with vendors that process data on our behalf under contract, including:
  • Cloud hosting & storage: Amazon Web Services (AWS), in the United States (including S3 for uploaded images/attachments).
  • Real-time push: Ably.
  • Telephony & SMS: third-party telephony and messaging providers used to power the AI phone assistant and to send SMS summaries to family members who don't use the app.
  • AI processing: our AI service (calo-agents) and Google (Gemini), the large-language-model provider used to generate conversation, suggestions, and summaries.
  • Calendar: Google, Microsoft, Apple, and CalDAV providers (for the calendars you connect).
  • Maps, places & travel time: Google Maps / Google Routes & Places.
  • Weather: Google.
  • Food & recipes: Edamam (recipe/nutrition lookups).
  • Payments: Apple App Store, Google Play, and RevenueCat.
  • Error monitoring: Sentry.
• People you designate. Guests you invite to events, and family members (including non-app members) to whom you send summaries.
• Legal & safety. When required by law or legal process, or to protect the rights, safety, and security of users, the public, or Mind Stone.
• Corporate transactions. In connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.

Our sub-processors are contractually restricted from using your information for their own purposes. A current list of sub-processors is available on request.

7. Where Your Data Is Stored and International Transfers

Mind Stone is based in the United States, and we store and process all user data on Amazon Web Services (AWS) infrastructure located in the United States. If you access the Service from outside the United States, you understand that your information will be transferred to and processed in the United States, which may have data-protection laws different from those in your country. Where required for users in the EEA, the UK, or other regions, we use appropriate safeguards (such as the EU Standard Contractual Clauses) for such transfers.

8. Data Retention

We keep your information for as long as your account is active and as needed to provide the Service. We retain different categories for different periods based on why we hold them and applicable legal requirements. When information is no longer needed, we delete or de-identify it. If you delete specific content or your account, we delete the associated personal information within a reasonable period, except where we must retain limited records for legal, tax, security, or accounting purposes.

9. Security

We use technical and organizational measures designed to protect your information, including encryption of data in transit (HTTPS/TLS), encryption of data at rest, access controls and least-privilege practices, token-based authentication, and monitoring. No method of transmission or storage is completely secure, but we work continuously to protect your information and to detect and respond to incidents.

10. Your Rights and Choices

Depending on where you live, you may have the right to:

• Access the personal information we hold about you;
• Correct inaccurate information;
• Delete your information;
• Port your information to another service;
• Object to or restrict certain processing;
• Withdraw consent for optional features at any time; and
• Opt out of any "sale" or "sharing" of personal information — note that we do not sell or share your personal information for cross-context behavioral advertising.

Self-service controls. You can edit or delete events, members, and other content in the app, disconnect linked accounts, manage notification preferences, and delete your account directly in the app. When you delete your account, we also revoke linked sign-in tokens (e.g., Apple) as part of deletion.

California (CCPA/CPRA). California residents have the rights to know, delete, correct, and opt out, and the right not to be discriminated against for exercising them. We do not sell or share personal information as defined under California law.

How to exercise. Use in-app controls or contact privacy@ourcalo.com. We will verify your request before acting on it. If we decline, we will explain why, and you may appeal or complain to your local data-protection authority.

11. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you through the app or by other reasonable means before they take effect and update the "Last updated" date above. Your continued use of the Service after the effective date means you accept the updated Policy.

12. Contact Us

Mind Stone Inc. 800 N King Street, Suite 304-2084, Wilmington, DE 19801, USA Privacy: privacy@ourcalo.com · Support: support@ourcalo.com