One misconfigured calendar setting can expose your client list, session topics, and internal notes to anyone on the internet.
Running a tutoring business means juggling student schedules, tutor availability, and sensitive client information every single day. You're probably using Google Calendar to keep it all straight—and that's smart. But here's the catch: if your calendar privacy settings aren't locked down tight, you might be broadcasting confidential details to the world without even knowing it.
Drawing on our work with 700+ tutoring centres, we've seen how easy it is for well-meaning admins to accidentally leave calendars public or share them too broadly. When that happens, client names, session topics, locations, and even your business growth patterns become visible to competitors, parents, and anyone who stumbles across the link. The good news? You can make Google Calendar private in minutes with the right steps—and we'll show you exactly how to do it, plus how to prevent it from ever happening again.
Key Takeaways
Immediately uncheck "Make available to public" in Google Calendar settings to prevent data leakage.
Limit external sharing to "See only free/busy" to hide student names and session details.
Google Workspace admins should enforce domain-wide defaults to override individual user errors.
Separate calendars by function (Client sessions vs. Internal operations vs. Personal) to isolate risk.
Use dedicated tutoring software like Tutorbase to store sensitive data, syncing only generic time blocks to Google Calendar.
Why does calendar privacy matter for tutoring businesses?
Let's talk about what actually leaks when your calendar isn't private.
It's not just appointment times. Public or overly-shared Google Calendars can expose:
Client and student names in event titles
Session topics and subject areas
Tutor assignments and internal handoff notes
Locations where you operate
Patterns that reveal your busiest tutors, expansion plans, or hiring cycles
Business Insider reports on calendar privacy risks show the dangers of inadvertently exposed schedules.
The business impact is real. When a calendar leaks, you lose client trust. Parents expect confidentiality. Tutors expect their schedules to stay internal. A public calendar breach can trigger reputation damage, uncomfortable conversations with families, and even safety concerns regarding home visits and GDPR compliance.
And there's the time cost. Cleaning up after an accidental exposure means support tickets, explaining what happened, reassuring clients, and manually auditing every shared calendar across your team.
In 2025, Business Insider reported how a staffer's involvement in a confidential initiative was exposed simply because their Google Calendar was public. Journalists pieced together meeting titles and participant names to uncover private projects. If it can happen to a large organization, it can happen to your tutoring business.
The fix starts with understanding how Google Calendar sharing works—and where teams slip up.
How does Google Calendar sharing work (and where do teams slip up)?
Google Calendar has two layers of privacy controls, and most misconfigurations happen because owners don't realize both matter.
Calendar-level privacy determines who can see the entire calendar: public, organization-wide, or specific people. Event-level visibility controls what those people see: full details, just free/busy blocks, or nothing at all.
You can learn more about these layers in Google's official support documentation.
When you share a calendar, you assign one of several roles:
See only free/busy (hide details) – shows time blocks but hides titles, participants, and notes
See all event details – exactly what it sounds like
Make changes to events – editing power
Make changes and manage sharing – the riskiest; this person can invite others
Here's where tutoring businesses trip up most often:
The "Make available to public" toggle is on. Anyone with the calendar URL can view everything. Sometimes it gets switched on by accident during a Workspace setup or when someone tries to embed availability on a website.
Organization-wide sharing is too open. If you're on Google Workspace, the default might let everyone in your domain see all event details—including contractors, part-time staff, or old accounts you forgot to disable.
Sharing a calendar link or ICS feed without checking what it exposes. Booking links and calendar feeds can re-broadcast private data if the underlying calendar permissions aren't tight.
Google also notes that even when you hide details, some metadata—like event time and organizer—may still be visible depending on the sharing level you chose. That's why a "free/busy only" policy is your baseline for anyone outside your core admin team.
Now let's lock it down.
How do you make Google Calendar private? (fast checklist for owners and admins)
This is your "do it today" checklist. We'll cover desktop first, then mobile, then Workspace admin controls for multi-tutor teams.
Desktop path (owner/admin-friendly)
Step 1: Turn off public access
Open Google Calendar in your browser.
On the left sidebar, hover over the calendar name you want to secure.
Click the three dots → Settings and sharing.
Scroll to Access permissions for events.
Uncheck "Make available to public."
That single checkbox is the most common culprit. Unchecking it means the calendar is no longer indexed or viewable by strangers.
Step 2: Audit "Share with specific people or groups"
Still in Settings and sharing, look at the list under that heading. For each person:
Do they still need access?
Should they see full details, or is free/busy enough?
Remove anyone who's left the team. Downgrade permissions to "See only free/busy (hide details)" for anyone who just needs to know when you're unavailable—like a virtual assistant or front-desk coordinator.
Step 3: Set your default event visibility
Scroll to Default visibility and choose Default or Private for new events. "Private" means even people who can see your calendar will only see a "busy" block for that event, with no title or notes.
Create a test event and check how it appears to a colleague to confirm your settings stuck.
Mobile path (for owners on the move)
You can't change calendar-level sharing on the mobile app. For that, you need desktop or the mobile browser in "desktop mode."
But you can mark individual events as private on mobile:
Open the Google Calendar app.
Tap the event.
Tap the pen icon (edit).
Scroll to Default visibility → choose Private.
Save.
Now that session shows up as "busy" to anyone with calendar access, but the title and details stay hidden.
Use mobile for quick event-level fixes. Use desktop for the full lock-down.
Workspace admin lock-down (for multi-tutor teams)
If you're on Google Workspace (formerly G Suite), your admin console gives you domain-wide defaults that override individual user settings.
Why this matters: Even if you personally secure your calendar, a new hire or a tutor who doesn't know better can flip "Make available to public" back on. Workspace controls stop that.
What to do:
Sign in to admin.google.com as a super admin.
Go to Apps → Google Workspace → Calendar.
Click Sharing settings.
Under External sharing options for primary calendars, select Only free/busy information (hide event details).
Save.
This policy forces all calendars in your domain to show only availability to external users—no titles, no participants, no notes. You can grant exceptions for specific people if needed, but the default is now safe.
Workspace admins should also review who has "super admin" and "calendar admin" roles, because those accounts can change privacy policies. Limit admin access to people who manage your infrastructure day-to-day.
What privacy rules should tutoring businesses adopt so this never happens again?
Settings are step one. Standard operating procedures are what keep your calendars secure long-term.
Here's a lightweight SOP you can adapt:
Separate calendars by function
Don't put client sessions, internal meetings, and personal time in one shared calendar. Create:
Client-facing calendar (limited sharing, free/busy only for most staff)
Internal operations calendar (admin and leads only)
Personal calendar (private, not shared)
This containment strategy means if one calendar is accidentally exposed, the damage is limited.
Naming and content rules
Train your team to use neutral event titles for client sessions. Instead of "Sarah – Grade 10 Math – exam anxiety session," write "Student session – Math." Store sensitive notes in your tutoring management system or a secure shared doc, not in the calendar description field. Google's sharing guidelines reinforce this practice.
Role-based access approach
Define exactly who needs what:
Owner / Ops Manager: Full calendar control, including manage-sharing permissions.
Lead Tutors: See all event details for their own sessions; free/busy for others.
Part-time Tutors: See only their own calendar; free/busy view of team availability if needed.
Contractors (e.g., bookkeeping, IT): No calendar access unless there's a specific project reason—and then time-limited.
Review access quarterly. When someone leaves, revoke their permissions the same day.
Onboarding checklist
When you add a new tutor or admin, include these steps:
Calendar created and shared with correct role
"Make available to public" confirmed OFF
Default event visibility set to Private or Default
Tutor acknowledges calendar privacy policy (one-line email is fine)
What to do if a calendar was accidentally made public
Immediately turn off "Make available to public."
Review the calendar's event list for the past 90 days and note which events contained sensitive details.
Audit "Share with specific people" and remove anyone who shouldn't have access.
If client-identifiable information was exposed, decide whether you need to notify affected families (consult your privacy policy and local regulations).
Document the incident and the fix so you can update your SOP.
Most how-to guides note that fixing a public calendar is a sub-30-minute task if you act fast—but the reputational cleanup can take much longer.
Which scheduling tools and integrations can still leak details (even if your calendar is private)?
Locking down Google Calendar is critical. But if you're using third-party booking pages, automation tools, or calendar sync services, those can create new exposure points.
Booking pages and ICS feeds
Many scheduling tools generate a public ICS feed or a shareable link so clients can see your availability. If that feed is pulling from a calendar where event details are visible, it can leak titles, participant names, and locations—even if you think the calendar itself is private.
API permissions
When you connect a third-party app to Google Calendar, it requests permission scopes like "read all calendars" or "read and write events." If an app is compromised or misconfigured, it can access—and potentially expose—everything you granted.
Google warns that you should only connect apps from trusted providers and review what data they're requesting. If a scheduling tool asks for full calendar write access but only needs to create appointments, that's a red flag.
Zapier, automation, and multi-calendar sync
Automation platforms are powerful, but they can also copy data from a private calendar into a less-secure one. For example, syncing your tutoring calendar to a shared team calendar that has looser permissions can undo all your privacy work through automation risks.
Best practice: Audit connected apps every quarter. Go to myaccount.google.com/permissions and review which services have calendar access. Revoke anything you're not actively using.
Decision guide: when is Google Calendar alone enough?
If you're a solo tutor or a small team (under five people) and you only need basic scheduling, Google Calendar plus tight privacy settings can work.
But if you're managing client intake, session notes, billing, tutor assignments, and recurring schedules, a tutoring-specific platform is safer and more efficient. A comprehensive tutor scheduling software guide will show how specialized tools reduce the risk of calendar leaks because sensitive context lives in a protected system, and only minimal appointment data syncs to Google Calendar for tutor convenience.
How does Tutorbase reduce calendar privacy risk for tutoring businesses?
Here's the core idea: keep detailed scheduling context inside Tutorbase, and sync only what staff need to stay on time.
When you run scheduling through Tutorbase:
Private booking links collect client availability without exposing your full calendar to the public.
Role-based permissions ensure tutors see only their own sessions and admins control who accesses what.
Controlled calendar sync pushes just the appointment time and a generic event title (like "Session – Math") to each tutor's Google Calendar. Client names, session notes, and payment status stay inside Tutorbase.
Audit-ready logs record who booked, rescheduled, or canceled each session, so you can trace any access question.
This is the difference between a general-purpose scheduler and a tutoring operations platform. General tools often sync everything to your calendar because they don't know what's sensitive. Tutoring-specific workflows understand that student data, learning plans, and billing details should stay protected and only surface the minimum needed for day-to-day coordination.
Drawing on our work with hundreds of tutoring centres, we've seen how this model cuts "who has access?" support tickets and prevents the most common leak: a well-meaning tutor sharing their Google Calendar link with a parent, inadvertently exposing other students' sessions.
Tutorbase also integrates tightly with Google Calendar, so your team still gets the convenience of phone notifications and calendar apps—without the exposure risk of putting everything in a shared calendar.
What's a 30-day implementation playbook to lock this down across a team?
Change management matters. Effective tutoring software implementation requires a plan. Here's a phased rollout you can adapt:
Week 1: Audit and secure
Owner / Admin tasks:
Inventory every calendar in use (individual tutors, shared team calendars, resource calendars).
Check "Access permissions" on each: is "Make available to public" off? Who's in the "Share with specific people" list?
Review connected apps at myaccount.google.com/permissions.
Document current state in a simple spreadsheet: calendar name, current sharing, who owns it.
Deliverable: A list of calendars and their risk level (public / over-shared / acceptable).
Week 2: Lock down settings and assign owners
Turn off "Make available to public" on all calendars.
Downgrade sharing permissions: anyone who doesn't need full details gets "See only free/busy."
For Workspace teams, set the external sharing default to free/busy only in the admin console.
Assign one calendar owner per shared calendar (the person responsible for reviewing access monthly).
Deliverable: All calendars secured; roles documented.
Week 3: Move booking workflow into Tutorbase (or your chosen platform)
Set up Tutorbase and configure role-based access for tutors and admins.
Import your current schedule or create booking links for new sessions.
Enable one-way sync from Tutorbase to each tutor's Google Calendar (appointment time + generic title only).
Test with a small group of tutors before full rollout.
Deliverable: Booking and session details managed in Tutorbase; Google Calendar shows only time blocks.
Week 4: Train staff and run final audit
Staff training (15-minute team call or recorded video):
Why calendar privacy matters (client trust, business risk).
What changed: "You'll still see appointments in Google Calendar, but client details live in Tutorbase."
How to book, reschedule, and add notes in Tutorbase.
Reminder: never share your Google Calendar link publicly or add sensitive info to event titles.
Final audit:
Spot-check three random tutor calendars: confirm settings are still tight.
Review Tutorbase access log to confirm only authorized users logged in.
Send a one-line confirmation email to all staff: "Calendar privacy SOP is live. Questions? Reply here."
Deliverable: Trained team, documented SOP, audit trail.
Template: Internal staff email
Subject: Quick update: Calendar privacy and new booking workflow
Hi team,
Starting [date], we're tightening calendar privacy to protect our clients and our business. Here's what's changing:
• All session bookings and notes now go into Tutorbase (login: [link]).
• Your Google Calendar will still show appointment times, but client details stay secure in Tutorbase.
• Do not share your Google Calendar link publicly or put student names in event titles.
We'll have a 15-min walkthrough on [date/time]. Questions before then? Reply to this email.
Thanks for keeping our students' information safe!
What should you budget for secure scheduling (and what does "free" really cost)?
Let's talk real costs—not just subscription dollars.
The hidden cost of "free" Google Calendar
Google Calendar itself is free (or bundled with Workspace). But managing it securely across a team costs you:
Admin time: Reviewing sharing settings, fixing misconfigurations, onboarding new staff, fielding "I can't see the calendar" tickets.
Error time: Manually rescheduling when two tutors were double-booked because someone edited the wrong shared calendar.
Risk cost: Reputational damage if a client's name or session topic leaks. Business Insider showed how one public calendar exposure led to high-profile media coverage—imagine that happening with student data.
A study on small-business scheduling inefficiencies found that manual booking and error correction consume an average of 4–6 hours per week for a team of five. At even a modest hourly rate, that's $200–$400 per week in lost productivity.
What you get with Tutorbase
Tutorbase pricing is transparent and built for tutoring operations:
Automated booking and reminders reduce no-shows and eliminate phone-tag rescheduling.
Role-based access and controlled sync mean you spend zero time policing calendar permissions.
Integrated billing ties sessions to invoices, cutting the manual reconciliation that eats up end-of-month hours.
Audit logs and secure data give you peace of mind and a ready answer if a parent or regulator asks, "Who had access to my child's information?"
Simple ROI model
Let's say your team handles 100 sessions per week. If Tutorbase saves you:
3 hours of admin/rescheduling time at $30/hour = $90/week
2 no-shows per week at $50 average session value = $100/week
1 "calendar was public" panic per quarter = $500 avoided reputation cost
That's $190/week or roughly $9,880/year in tangible savings, not counting the value of client trust and streamlined operations.
Compare that to a Tutorbase subscription and the choice becomes clear: investing in the right tool pays you back in time, revenue, and risk reduction.
FAQs: Google Calendar privacy for tutoring business teams
How do I make my Google Calendar private without canceling existing client appointments?
Changing a calendar to private doesn't delete or cancel any events—it only controls who can see them. Go to Settings and sharing, uncheck "Make available to public," and audit the "Share with specific people" list. Your appointments stay intact; you've just hidden the details from unauthorized viewers.
Will changing a calendar to private break booking links or recurring sessions?
No. Booking links and recurring events will continue to work. However, if a third-party booking tool was relying on a public calendar feed, you may need to reconnect it with proper authentication after you remove public access. Test one booking flow after making changes to confirm everything still works.
What calendar-sharing settings should staff never use?
Never check "Make available to public" for calendars that contain client or student data. Avoid giving "Make changes and manage sharing" permissions to anyone who isn't an admin or owner—that role lets them invite others, which can undo your privacy controls. And never include sensitive details (student names, topics, personal notes) in event titles or descriptions on a shared calendar.
How often should I audit calendar permissions for a multi-tutor business?
Monthly spot-checks for high-risk calendars (client-facing, shared team calendars) and a full quarterly review of all calendars and connected apps. When someone leaves your team, revoke their access the same day. Drawing on Google's security best practices, most programs treat calendar access like any other sensitive system: ongoing vigilance, not one-and-done.
What immediate steps should I take if a calendar was accidentally made public?
First, turn off "Make available to public" right now. Next, check which events were visible and whether they contained client-identifiable information. Remove or downgrade anyone in the "Share with specific people" list who shouldn't have had access. If sensitive data was exposed, document the incident and decide—based on your privacy policy and applicable laws—whether you need to notify affected clients. Most guides note this is a 20–30 minute fix if you act fast.
Can I sync Tutorbase with Google Calendar without exposing event details publicly?
Yes. Tutorbase syncs only the appointment time and a generic event title (like "Session – Math") to each tutor's Google Calendar. Client names, session notes, payment status, and other sensitive details stay inside Tutorbase, where access is controlled by role-based permissions. This gives your team the convenience of calendar notifications without the privacy risk of putting everything in Google Calendar.
How do I keep staff visibility (availability) without sharing session details?
Use Google Calendar's "See only free/busy (hide details)" sharing option. Staff will see when someone is busy or available, but they won't see event titles, participants, or notes. Combine that with separate calendars for different functions (client sessions vs. internal meetings) and you maintain coordination without oversharing.
Are there compliance risks if my tutoring business's calendars leak student information?
Yes. Depending on your location and the age of your students, regulations like FERPA (in the U.S.) or provincial privacy laws (in Canada) restrict how you handle student directory information and schedules. A public calendar that reveals student names, session topics, or learning challenges can violate those rules and trigger penalties or lawsuits. Even if formal regulations don't apply, parents expect confidentiality—and a leak damages trust and referrals.
What should you do next to protect your schedule and client confidentiality?
Here's your two-step action plan:
Step 1: Run a fast calendar audit today
Set aside 30 minutes. Open every Google Calendar your business uses. Check "Access permissions" and "Share with specific people." Turn off anything public. Downgrade permissions to free/busy for anyone who doesn't need full details. Review connected apps at myaccount.google.com/permissions and revoke old integrations.
Multiple privacy guides confirm this is a quick, high-impact task that significantly cuts your exposure risk.
Step 2: Standardize the process with Tutorbase
Locking down Google Calendar settings is essential—but it's a manual, ongoing effort that depends on every team member "remembering to do it right." Tutorbase removes that dependency.
With Tutorbase, secure scheduling is built in: private booking links, role-based access, controlled sync, and audit logs that let you prove who saw what. You keep the convenience of Google Calendar notifications for your tutors, but sensitive client context stays protected in a system designed for tutoring operations—not general-purpose sharing.
Drawing on our experience with 700+ tutoring centres, we've seen how moving to a tutoring-specific platform doesn't just reduce privacy risk—it also saves hours every week in admin work, cuts no-shows with automated reminders, and streamlines billing so you get paid faster.
Ready to lock down your schedule and grow your business?
Start your free trial at https://tutorbase.com/register and see how Tutorbase makes calendar privacy automatic, so you can focus on what you do best: helping students succeed.