Calendar Sync

Privacy Policy

Last updated: February 2026

Google API Services Disclosure

Calendar Sync's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Introduction

Calendar Sync ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your information when you use our calendar synchronization service.

Calendar Sync synchronizes busy times between multiple Google calendars. Your data is stored securely on our servers and is used solely for the synchronization functionality.

Information We Collect

We collect the following information to provide our calendar synchronization service:

Google Calendar Data

When you connect your Google Calendar accounts, we access the following information via Google OAuth:

  • Calendar events (title, time, duration, location, description)
  • Calendar metadata (calendar names, IDs, access permissions)
  • Event status (accepted, declined, tentative)
  • Event visibility settings

Important: Calendar event data is processed temporarily in memory during synchronization operations and is not stored on disk. Only the metadata necessary to track synced events (event IDs and timestamps) is persisted.

User Account Information

When you sign in with Google OAuth, we collect:

  • Email address
  • Name
  • Profile picture (optional)
  • Google account ID

Authentication Tokens

We store OAuth access and refresh tokens to maintain your calendar connections. These tokens are stored securely on our servers.

How We Use Your Information

We use your information solely for the purpose of providing calendar synchronization services:

  • Reading calendar events from source calendars
  • Creating placeholder events on target calendars to prevent double-booking
  • Maintaining sync rules and configurations
  • Authenticating your Google account access

We do NOT:

  • Share your data with third parties
  • Use your data for advertising or marketing
  • Analyze your calendar data for any purpose other than synchronization
  • Sell or monetize your personal information

Data Storage

Your data is stored securely on our servers. We maintain separate storage for each user to ensure data isolation:

  • OAuth tokens: Stored in user-specific isolated storage on our servers
  • User profile: Basic account information including email and name
  • Sync rules: Your calendar synchronization configurations
  • Sync history: Records of synchronization activities for auditing

All data is transmitted over HTTPS. User data is stored in isolated per-user directories on our servers. We do not share your data with third parties except as necessary for the Google Calendar API integration.

Data Sharing

We do not share your personal information with any third parties. The only external service we interact with is Google Calendar API, which is necessary for the synchronization functionality.

We comply with Google API Services User Data Policy and follow the Limited Use requirements:

  • Calendar data is used only for calendar synchronization functionality
  • We do not transfer calendar data to third parties
  • We do not use calendar data for serving advertisements
  • We do not allow humans to read calendar data except in limited circumstances (e.g., debugging with your explicit permission)

Your Rights

You have the following rights regarding your data:

  • Access: You can view all your data through the application interface
  • Revocation: You can revoke calendar access at any time through Google Account settings or by disconnecting calendars in the application
  • Data Control: You have full control over which calendars are synchronized and can modify sync rules at any time
  • Deletion: You can delete your account and all associated data at any time through the application settings
  • Portability: You can export your sync rules and configuration through the application interface

Data Retention & Deletion

We retain your data as follows:

  • User account data: Retained until you delete your account
  • OAuth tokens: Retained until you disconnect the calendar or delete your account
  • Sync rules: Retained until you delete them or delete your account
  • Sync history: Rolling retention of the most recent 100 sync operations per user
  • Server logs: Retained on a rolling basis (approximately 50 MB maximum)

Account Deletion: When you delete your account through the application:

  • All your user data is permanently deleted from our servers
  • All OAuth tokens for connected calendars are deleted
  • All sync rules and sync history are deleted
  • This action is immediate and cannot be undone

Calendar Disconnection: When you disconnect a calendar account:

  • The OAuth tokens for that calendar are immediately deleted
  • Sync rules using that calendar are disabled
  • You can also revoke access from your Google Account settings

Google OAuth Integration

Calendar Sync uses Google OAuth 2.0 for authentication and calendar access. When you connect your Google account:

  • You authorize Calendar Sync to access your Google account data
  • We request the following OAuth scopes:
    • openid - To verify your identity
    • email - To identify your account
    • profile - To display your name and picture
    • https://www.googleapis.com/auth/calendar - Full read/write access to your calendars, required to create placeholder events and manage sync operations
  • OAuth tokens are stored in isolated user directories on our servers
  • Tokens are never shared with third parties
  • You can revoke access at any time through Google Account settings

Cookies and Local Storage

Calendar Sync uses browser localStorage to store authentication tokens (JWT tokens) for your session. We do not use:

  • Tracking cookies
  • Analytics cookies
  • Advertising cookies
  • Third-party cookies

The JWT tokens stored in localStorage are used only to maintain your authenticated session and are automatically cleared when you log out.

Security

We implement the following security measures to protect your data:

  • Server Storage: All data is stored securely on our servers with user isolation
  • HTTPS: All communications are encrypted using HTTPS
  • Token Security: OAuth tokens are stored in isolated user directories with access controls
  • Access Control: User data is isolated per user account
  • API Security: Data transmission to Google APIs is secured and limited to necessary operations

Children's Privacy

Calendar Sync is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@timezoneengineering.com so we can delete such information.

Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page. Your continued use of Calendar Sync after such changes constitutes your acceptance of the updated Privacy Policy.

Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@timezoneengineering.com.

For issues related to Google OAuth or calendar access, you can also manage your permissions directly through your Google Account settings.