No tracking pixels. No ad cookies. No cookie banner. No personal profiles. Period.
CalMesh sets three cookies — all strictly necessary for authentication. They keep you signed in and protect against cross-site request forgery. That's it.
| Cookie | Purpose | Duration |
|---|---|---|
| authjs.session-token | Keeps you signed in | 30 days |
| authjs.csrf-token | CSRF protection | Session |
| authjs.callback-url | Redirect after sign-in | Session |
These are exempt from consent requirements under Art. 5(3) of the ePrivacy Directive because the service literally cannot function without them. There is no cookie banner because there are no optional cookies to consent to.
We use Pirsch Analytics, a German, EU-hosted service, to count page views. Pirsch works entirely without cookies, does not store IP addresses or any persistent identifiers, and cannot track you across sites. We see aggregate numbers — never individual visitors.
We use Sentry for error monitoring to fix bugs. Sentry receives error stack traces and basic request metadata (URL, browser version) when something breaks. It does not track your behavior, does not set cookies, and we have PII scrubbing enabled to strip personal data from error reports.
Because your calendar data is sensitive, and we think the bar for trust should be high. If we can't build a good product without surveilling you, we don't deserve your business.