What we read
Only the calendar details needed to understand the context of an upcoming event, such as the title, timing, all-day flag, and location if you include one.
Calendar Data Use
Suitly's AI outfit recommendation feature is meant for clients whose calendars may contain confidential deals, sensitive client meetings, and legally delicate information. This page explains the customer-facing commitments Suitly should meet before enabling calendar connections.
Plain-English Summary
When you connect a calendar, Suitly should read only the limited event details needed to understand what you have coming up, turn that into short-lived recommendation signals, and avoid storing raw calendar entries.
Only the calendar details needed to understand the context of an upcoming event, such as the title, timing, all-day flag, and location if you include one.
Suitly is designed not to retain raw calendar events or full event bodies in persistent storage.
Automated systems process calendar data to generate recommendations. Suitly staff do not get routine access to raw event content.
Raw payloads are discarded immediately after processing. Short-lived derived signals expire automatically, and you can disconnect calendar access at any time.
Formal Policy Section
This draft is written as a standalone section that can be folded into Suitly's broader Privacy Policy or provided to customers as a dedicated calendar data notice.
If you enable AI outfit recommendations, Suitly will ask you to connect a Google Calendar or Microsoft calendar account using OAuth. The connection is initiated by you and can be revoked at any time from Suitly or from your Google or Microsoft account settings.
Suitly requests read-only calendar permissions intended only to review upcoming events and generate recommendations. Suitly does not request permission to create, edit, delete, or send calendar events on your behalf.
Suitly reads only the event metadata needed to infer dress requirements and timing, including the event title or subject, start and end time, time zone, all-day indicator, calendar name, availability status, and location if one is provided.
Suitly is designed not to use calendar descriptions, attachment contents, email content, tasks, contacts, documents, or notes. Where a provider response includes fields beyond what Suitly needs, Suitly will ignore them and avoid storing them.
Suitly's design goal is minimal storage. Suitly does not persist raw event titles, event descriptions, attendee lists, attachments, or complete event payloads in its application databases.
Instead, Suitly stores only the minimum data needed to keep the feature running safely: encrypted OAuth tokens, connection status, hashed provider event identifiers, deletion and audit metadata, and short-lived derived signals such as whether an event appears client-facing, internal, formal, travel-related, or remote.
Calendar data is processed by automated systems and AI models for the sole purpose of producing outfit recommendations and related service operations. Raw calendar content is not exposed in Suitly support dashboards or admin tools.
Suitly personnel are not given routine access to raw calendar data. If a support or security issue occurs, teams are expected to work from redacted operational metadata rather than raw event content. Suitly also should not use raw calendar data to train general-purpose models.
Raw calendar payloads should exist only transiently during processing and should be discarded immediately after the event has been converted into derived recommendation signals.
Derived calendar signals should be retained only for the active recommendation window and automatically deleted no later than 30 days after creation unless a shorter retention period is configured. Encrypted OAuth tokens may be retained while the connection remains active and should be deleted promptly when the customer disconnects calendar access, closes the account, or submits a deletion request.
Suitly should maintain deletion workflows that remove active records promptly and age backup copies out on the normal backup retention cycle.
Calendar connections and related metadata should be protected by encryption in transit and at rest, strict access controls, role-based production access, multi-factor authentication for privileged users, audit logging, and secret-management controls for OAuth credentials and encryption keys.
Suitly should prevent raw calendar content from appearing in logs, analytics payloads, screenshots, or debugging tools. Security reviews, incident response procedures, vendor due diligence, and regular deletion testing should be part of the operating model before launch.
Questions
Customers who want calendar access disabled, revoked, or deleted should be able to do so from account settings or by contacting hello@suitly.com.