Privacy Policy

1. Introduction

Welcome to Buddy Calendar. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our calendar application and AI-powered recommendation services.

2. Information We Collect

2.1 Authentication Information

• Email address (obtained through Google OAuth)
• Google account profile information (name and profile picture)
• OAuth access tokens (used solely for Google Calendar synchronization)

2.2 Google Calendar Data

When you log in with Google OAuth and grant calendar permissions, we access and sync:

• Calendar events from your primary Google Calendar
• Event details including titles, start/end times, locations, and descriptions
• Event modifications (additions and deletions you make in Buddy Calendar are synced to Google Calendar)

Note: We use the following Google API scopes:
• calendar - To read your calendar events
• calendar.events - To create and delete events on your behalf

3. How We Use Your Information

• Authenticate your identity through Google OAuth
• Display your calendar events from Google Calendar in our interface
• Synchronize events you create or delete in Buddy Calendar with your Google Calendar
• Maintain your session and provide access to your calendar data
• Ensure security and prevent unauthorized access

Important: We only use your Google Calendar data to provide calendar synchronization services. Your calendar data is not used for marketing, advertising, or any other purposes beyond displaying and managing your events.

4. Data Sharing and Third Parties

4.1 Third-Party Services

We use the following third-party services to operate Buddy Calendar:

• Google OAuth & Calendar API: For user authentication and calendar synchronization
• Clerk: Authentication and session management
• Cloud hosting providers: Application infrastructure and data storage

4.2 We DO NOT

• Sell your personal data to third parties, advertisers, or marketers
• Share your calendar data with other users or external parties
• Use your calendar data for AI training, analytics, or any purpose beyond synchronization
• Store your Google access tokens permanently (they are only kept in your session)
• Access your Google account for any purpose other than calendar synchronization

5. Data Security

• End-to-end encryption for data transmission
• Secure database storage with access controls
• Regular security audits and updates
• OAuth 2.0 for secure third-party integrations
• Limited employee access on a need-to-know basis
• Industry-standard security practices and compliance

6. Your Rights and Choices

• Revoke Google Calendar access at any time through your Google Account settings
• Create and delete events in your calendar
• Delete your Buddy Calendar account and all associated data
• Log out to end your session and clear access tokens

To revoke access: Visit your Google Account Permissions page and remove Buddy Calendar from the list of apps with access to your account.

7. Data Retention

• Session data: Access tokens are stored only during your active session and cleared when you log out
• Calendar events: We display events from your Google Calendar in real-time; no permanent copies are stored on our servers
• Account information: Basic profile information (email, name) is retained while your account is active
• AI Agent Proposals: Conflict resolution and AI suggestions are stored temporarily:
  • PENDING proposals: Retained for 30 days (awaiting your action)
  • REJECTED/EXECUTED/FAILED proposals: Retained for 7 days (after you've made a decision)
• Chat conversations: Conversation history is retained for 1 year for reference and service improvement
• Chat messages: Individual messages are retained for 1 year; older messages are automatically deleted
• Completed events: Events that have ended are retained for up to 2 years for historical reference, then automatically deleted
• Deleted accounts: All personal data is permanently removed within 30 days of account deletion

Automatic Cleanup: We use automated processes to periodically delete old data according to the retention schedule above. This helps maintain database performance while preserving your recent history for reference.

8. Cookies and Session Management

We use cookies and browser storage to:

• Maintain your login session (via Clerk authentication)
• Store OAuth tokens temporarily during your session
• Cache calendar data locally for improved performance

These are essential cookies required for the application to function. If cookies are disabled, you will not be able to use Buddy Calendar.

9. Children's Privacy

Our service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. International Users

Our services are hosted and operated from various locations. By using our service, you consent to the transfer of your data to countries where we operate, which may have different data protection laws than your country.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes by email or through the application. Your continued use of our service after changes become effective constitutes acceptance of the updated policy.