Privacy Policy

Last Updated: December 30, 2025

1. Data Accessed

ScheduleSync accesses the following types of Google user data through the Google Calendar API:

• Calendar List: We access the list of calendars you can view and manage to allow you to select which calendar to add events to.
• Calendar Events: We access calendar events only to create new events from your course schedule and to delete events that were previously created by this application.

We do not read, modify, or delete any existing calendar events that you did not create through ScheduleSync.

2. Data Usage

How ScheduleSync uses the Google user data it accesses:

• Calendar List: Used solely to display your available calendars in a dropdown menu so you can choose which calendar to use for your course schedule events.
• Creating Events: Your course schedule data (parsed from uploaded Excel files) is used to create recurring calendar events in your selected Google Calendar. This includes course titles, meeting times, days, locations, and instructor information.
• Deleting Events: We only delete calendar events that were created by ScheduleSync, identified through batch IDs. We do not access or delete any other calendar events.

All processing of your schedule data happens in your browser or on our servers temporarily. Uploaded Excel files are processed in memory and immediately discarded—they are never permanently stored.

3. Data Sharing

We do not share Google user data with any third parties.

Google user data is only sent to Google's servers when you explicitly choose to add events to your calendar. This is necessary for the app's core functionality of creating calendar events.

• We do not sell, trade, or share your data with advertisers, analytics services, or any other external parties.
• We do not use your data for marketing purposes.
• We do not transfer your data to third-party services for processing or storage.

4. Data Storage & Protection

How we securely store and protect your data:

• OAuth Tokens: Stored in encrypted session cookies that are transmitted only over HTTPS in production. Tokens are stored temporarily and expire after 24 hours of inactivity.
• Session Data: All session data is stored in secure, HTTP-only cookies that cannot be accessed by JavaScript, preventing XSS attacks.
• Uploaded Files: Excel files are processed entirely in memory and are never written to disk or stored permanently on our servers.
• Course Data: Your parsed course schedule data is temporarily stored in your browser's sessionStorage during your session and is automatically cleared when you close the browser tab.
• Server Security: Our servers use HTTPS encryption for all data transmission, and we follow industry-standard security practices.

We do not maintain any permanent database or long-term storage of your personal information, schedule data, or calendar content.

5. Data Retention & Deletion

Data Retention:

• OAuth Tokens: Retained only for the duration of your active session, with a maximum retention period of 24 hours from your last activity. Tokens are automatically deleted when they expire or when you disconnect.
• Session Data: Automatically deleted after 24 hours of inactivity or immediately when you disconnect your Google Calendar account.
• Uploaded Files: Not retained—files are processed in memory and immediately discarded.
• Course Schedule Data: Stored only in your browser's sessionStorage during your active session and cleared when you close the browser tab.

Data Deletion:

You have full control over your data and can request deletion at any time:

• Disconnect from Google Calendar: Click the "Disconnect" button in the app, which immediately deletes all stored OAuth tokens and session data from our servers.
• Revoke Access via Google: You can revoke ScheduleSync's access to your Google Calendar at any time through your Google Account permissions page. This immediately prevents us from accessing your calendar data.
• Delete Calendar Events: Use the "Remove from Calendar" button in the app to delete all events created by ScheduleSync, or delete them manually from your Google Calendar.
• Clear Browser Data: Clearing your browser's cookies and sessionStorage will remove all locally stored course data.

We do not retain any data after you disconnect or your session expires. There is no separate data deletion process required, as no data is permanently stored.

6. Google API Services User Data Policy

ScheduleSync's use of information received from Google APIs adheres to the Google API Services User Data Policy , including the Limited Use requirements.

7. Your Rights

You have the right to:

• Access and review what data we have access to through your Google Account settings
• Disconnect ScheduleSync from your Google Calendar at any time
• Revoke our access through your Google Account permissions
• Delete any calendar events created by ScheduleSync
• Request information about how your data is used (though we maintain no permanent records)

← Back to App