Privacy Policy

Last Updated: May 2026

1. Introduction

Welcome to CalenSync. We built this service because we believe that managing your schedule shouldn't require sacrificing your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our website and service.

2. The "Read-Only" Promise

CalenSync is designed with a strict read-only architecture for your external data:

  • We cannot send emails. Our OAuth scopes only allow us to read your inbox.
  • We cannot delete or modify events. We only read your calendar to display it on your timeline.
  • In-memory AI processing. When our AI scans your emails for hidden events or deadlines, it does so in memory. We do not store the bodies of your emails in our database.

3. Data We Collect

To provide our service, we collect and store the following:

  • Account Information: Your name, email address, and profile picture provided via Google OAuth.
  • OAuth Tokens: We securely store access and refresh tokens to maintain your connection. These are encrypted at rest.
  • Extracted Event Metadata: We store the metadata of events (title, date, participants) that are either synced from your calendar or extracted by our AI to display them on your dashboard.
  • Assistant Context: We store sanitized calendar/task context for source-grounded AI answers. This context excludes provider tokens, secrets, and full raw email bodies by default.
  • AI Query Logs: We may store limited operational metadata such as source IDs, confidence, feedback, latency, token usage, and short answer previews for quality, abuse prevention, cost monitoring, and retention cleanup.

4. How AI Uses Your Data

CalenSync's assistant answers schedule questions using your synced event metadata and sanitized source snippets. You can turn AI assistant features off from Settings.

  • AI context is limited to schedule-relevant metadata such as titles, times, locations, event type, and short descriptions.
  • Full raw email bodies are not stored in RAG context by default.
  • Assistant query logs are kept only for a limited retention window and can be pruned from the database.
  • Disconnecting a linked account removes associated RAG context and clears assistant query logs for that user.

5. Third-Party Services

We use trusted third-party providers to run CalenSync securely:

  • Supabase: Our database and authentication provider. Your data is stored securely in their managed infrastructure.
  • Anthropic (Claude): We use Anthropic's API to process email context and generate your AI Insights. Data sent to Anthropic via their API is not used to train their public models.
  • Voyage AI: We use Voyage embeddings to search your sanitized calendar context for relevant source-grounded answers.
  • Vercel: Our hosting and deployment platform.

6. Your Rights

You have complete control over your data. You can disconnect any linked Google account at any time from your dashboard, which immediately revokes our access. If you wish to delete your entire CalenSync account and all associated data, please contact us, and we will process the deletion promptly.

7. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you through the application or via email. Your continued use of CalenSync after such changes constitutes your acceptance of the updated policy.

8. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please reach out to our team at privacy@calensync.com.