We don't track you.

No analytics. No tracking pixels. No ad cookies. No cookie banner. Period.

Functional cookies only

CalMesh sets three cookies — all strictly necessary for authentication. They keep you signed in and protect against cross-site request forgery. That's it.

Cookie	Purpose	Duration
authjs.session-token	Keeps you signed in	30 days
authjs.csrf-token	CSRF protection	Session
authjs.callback-url	Redirect after sign-in	Session

These are exempt from consent requirements under Art. 5(3) of the ePrivacy Directive because the service literally cannot function without them. There is no cookie banner because there are no optional cookies to consent to.

What we don't use

No Google Analytics, Mixpanel, Amplitude, Segment, or any analytics tool
No Facebook Pixel, LinkedIn Insight Tag, or ad trackers
No session replay tools (Hotjar, FullStory, etc.)
No fingerprinting or cross-site tracking of any kind
No third-party cookies whatsoever

Error monitoring

We use Sentry for error monitoring to fix bugs. Sentry receives error stack traces and basic request metadata (URL, browser version) when something breaks. It does not track your behavior, does not set cookies, and we have PII scrubbing enabled to strip personal data from error reports.

Why?

Because your calendar data is sensitive, and we think the bar for trust should be high. If we can't build a good product without surveilling you, we don't deserve your business.