Privacy policy

Effective date: 15 May 2026

This policy describes what personal data Pheehd collects, how we use it, who has access to it, and the controls you have over it. We've kept it plain and specific. If anything is unclear, email us at info@fitchen.be.

1. Who we are

Pheehd is operated by Fitchen (Belgium). The data controller for the purposes of the EU General Data Protection Regulation is Fitchen, reachable at info@fitchen.be.

2. What we collect

We collect only what we need to run Pheehd for you:

Account & identity — email address, display name, authentication provider (email or Google sign-in).
Location at city granularity — your home city and country, if you tell us. We do not collect precise GPS coordinates.
Google Calendar free/busy windows — only the start and end timestamps of intervals during which you are busy. See section 3 for the full detail.
Chat messages — the messages you send to Pheehd and the responses Pheehd sends back, including voice transcripts when you use voice input.
Profile facts — Pheehd's AI may infer durable preferences from your conversations (e.g. "prefers evenings"). You can view, edit, or delete these inside the app.
Preferences & intents — short-term things you've said you want, with expiry times.
Push notification tokens — the technical identifier your browser or device gives us so we can send you notifications you've enabled.
Peer-matching data — when you use Pheehd's introduction feature, records of who proposed what to whom and the consent state on each side.
Operational logs — minimal technical logs identifying actors by internal UUID only (never by email or token) to operate the service and diagnose issues.

3. Google Calendar data — exactly how it's used

Limited Use disclosure. Pheehd's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data to serve advertising, do not transfer or sell it to third parties, and do not let humans read it except with your explicit consent, for security purposes, or to comply with applicable law.

The single scope we request

When you connect your Google Calendar, Pheehd requests one scope and one scope only:

https://www.googleapis.com/auth/calendar.freebusy

What that scope can see

The calendar.freebusy scope lets Pheehd ask Google's free/busy endpoint when you are busy or free — start and end timestamps of busy intervals. It does not expose event titles, descriptions, attendees, locations, organizers, conferencing links, or any other event content. The scope is structurally incapable of returning that data, and Pheehd makes no other Calendar API calls.

Why we ask for it

Pheehd uses your free/busy availability to propose meetups, introductions, and reminders at times when you're actually free. Without it, Pheehd would have to ask you to manually confirm your availability for every suggestion.

How the data is handled

Pheehd's servers (not your browser) call Google's free/busy endpoint on your behalf, on a 5-minute interval, for a 14-day rolling window.
Only the busy intervals — start timestamp, end timestamp, and source calendar identifier — are stored. Nothing else from your calendar is stored.
The OAuth refresh token Google gives us is stored encrypted in Supabase Vault, scoped to your user only.
You can disconnect Calendar at any time from inside Pheehd. Disconnecting revokes the token with Google, deletes the stored busy intervals, and removes the encrypted token from our store.
Deleting your account performs the same revocation and deletion, plus the rest of the deletion described in section 6.

4. How we use your data

To run Pheehd for you — answering your messages, remembering context, sending push notifications you've enabled, scheduling around your availability.
To match you with peers, only on mutual consent — Pheehd may suggest an introduction based on overlapping interests and availability. Identifying details are revealed only after both sides explicitly say yes.
To improve safety and reliability — operational logs and error diagnostics, identified by internal UUID only.

We do not sell your data, we do not show you advertising, and we do not use Google user data to train AI models.

5. How long we keep it

Calendar busy windows are continuously replaced as the 14-day window rolls forward, and are deleted when you disconnect Calendar or delete your account.
Chat messages, profile facts, preferences, intents, push tokens, matching records are kept while your account is active and hard-deleted when you delete your account.
Identity rows (the row that links you to your tenant) are retained in an anonymized form after deletion — email is cleared, display name replaced with a placeholder — solely so foreign-key references in any operational records remain resolvable.
GDPR action logs (records of export and deletion requests) are retained as required to demonstrate compliance.

6. Your rights — export and deletion

You can exercise the following rights at any time from inside Pheehd, under Settings:

Export my data — produces a JSON file containing your account record, your tenant records, your tenant memberships, and your GDPR-action log entries. A one-hour signed download link is shown in the app.
Delete my account — requires you to type "delete" to confirm. On confirmation, Pheehd hard-deletes your chat messages, profile facts, calendar busy windows, push tokens, preferences, intents, matching records, encrypted OAuth tokens, and your auth user; anonymizes your identity row as described in section 5; revokes your Calendar token with Google if connected.

Under the GDPR you also have the right to rectify inaccurate data (editing profile facts from inside the app), to restrict or object to processing, to data portability (the export above is portable JSON), and to lodge a complaint with your local data protection authority. To exercise any right not directly available in the app, email info@fitchen.be.

7. How your data is protected

Hosted on Supabase in the EU (Paris region).
Row-level security on every table that holds personal data; each user's data is isolated from every other user's.
OAuth refresh tokens are encrypted at rest in Supabase Vault, scoped per user.
Traffic is served over HTTPS.
Operational logs identify users by internal UUID only — never by email, never by raw token, never by free-text message content.

8. Sub-processors

Pheehd relies on a small number of service providers that process personal data strictly on our behalf:

Supabase — database, authentication, file storage, encrypted secret vault. EU (Paris) region.
Google — Google sign-in (if you use it) and Google Calendar OAuth.
Cloudflare — hosting and CDN for the Pheehd web app.
AI model providers — large-language-model providers process the content of your chat messages to generate Pheehd's responses. We do not authorize them to retain that data to train their models.

9. International transfers

Pheehd's primary infrastructure is in the EU. Some sub-processors (notably AI model providers) may process data outside the EU. Where required, such transfers are covered by Standard Contractual Clauses or equivalent safeguards.

10. Children

Pheehd is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided data, contact us and we will delete it.

11. Changes to this policy

We may update this policy as Pheehd evolves. The effective date at the top of this page reflects the most recent revision. Material changes will be surfaced inside the app.

12. Contact

Data Protection Officer (DPO): Koen Mortier, info@fitchen.be. For questions about your data, to exercise your GDPR rights (access, deletion, portability, restriction, objection), or for any privacy concern, contact the DPO directly.

Privacy questions, deletion requests outside the app, or any other data-protection matter: info@fitchen.be.