Privacy Policy

Last updated: 2025-12-06

This self-hosted Calendar Service connects to Google Calendar using your provided credentials. Data access is limited to the scopes you authorize.

What we access

• Calendar events (read/write) via the scope https://www.googleapis.com/auth/calendar.

What we store

• Refresh token: held in memory by the running process; persisted only if you place it in environment variables (.env/.env.dev).
• Access tokens: short-lived, cached in memory only.
• No calendar event data is stored locally; operations are proxied to Google.

Sharing

No data is shared with third parties. All requests go directly to Google’s APIs from this service.

Security

• Protect your OAuth client ID/secret and refresh token in environment variables or your secrets manager.
• Use HTTPS for public endpoints (e.g., production/ngrok).
• Set a strong SERVICE_API_KEY to guard API endpoints.

Your control

• Revoke access anytime in your Google Account → Security → Third-party access.
• Remove the refresh token from env and restart the service to drop access.

Back to dashboard