Hi, I'm Asal

How I got here

Like most people, I used to assume Big Tech security teams had everything under control, that privacy policies were taken seriously, and that policy violations were one-off incidents. Then came the WhatsApp privacy controversy in 2021, and it was a wake-up call: not all user data, mine included, is treated the way I'd always assumed.

That sent me down the privacy rabbit hole. Ultrasonic cross-device tracking, shadow profiles, personal data driving up insurance premiums, the “nothing to hide” argument... I got excited about privacy. No, obsessed is the right word. Privacy felt deeply personal, the security engineering behind it fascinated me, and I was hooked.

The obsession went too far. I was spending all my free time protecting every scrap of data I could. That app collecting location metadata? Nope nope nope. It was exhausting. My email was already everywhere. Data brokers had my info. Targeted ads followed me around the internet. Then I learned about browser fingerprinting and how sophisticated tracking is. It felt like a game I couldn't win.

Then I came across threat modeling, and it was the perspective shift I needed. I don't need to protect all my data from everyone, everywhere, immediately. I get to decide what matters. Some data I'm relaxed about - I don't mind a company knowing I play chess and I'm not exactly a grandmaster. But calendar data? That's different. My calendar knows what I do, who I meet, how often, where, and more. I don't want that mined for AI training or sold to advertisers to serve me “better” ads.

So I went looking for a privacy-respecting calendar. The options were... not great. Clunky apps with encrypted sync but missing basic features. Abandoned projects. Self-hosting setups that felt like a second job. Vague privacy policies I couldn't trust. I ended up using a popular privacy calendar, but missing features, slow development, and a clunky experience left me wanting something better - and I wasn't alone in that.

Building NimbleCal

I've had the itch to work for myself for as long as I can remember. After 12+ years building infrastructure at scale - including leading engineering teams at Twitter - I finally went full-time on something I cared about: a privacy calendar that doesn't make you fight to schedule an event while you're on a hike, off the grid.

I underestimated how hard it would be. Making sure your events sync across devices when they're fully encrypted, that everything works offline and catches up seamlessly - that's genuinely hard, and worth getting right.

Why no VC funding

NimbleCal is entirely self-funded, and that's intentional. Most VCs push for growth in ways that conflict with respecting user data. I won't sell or monetize user data, because I value privacy as a deep human need. That's why end-to-end encryption was the non-negotiable foundation. You can't monetize data you can't decrypt.

The trade-off: I can't offer a generous free tier and stay sustainable. What's the point of a great privacy product if it disappears in six months? If the subscription price doesn't work for you, I get it. What it pays for is a calendar that feels good to use, has zero incentive to touch your data, and is here to stay.