Privacy Policy

Last updated: May 2, 2026

SyncBusy ("we", "us", "the service") syncs events between your personal calendar (Google Calendar or iCloud) and your work Google Calendar. This policy explains what data we access, how we use it, and how you can control it.

What we access

When you connect your accounts, we request the following access:

• Email address. We request your Google account email address to identify your account and prevent duplicate sign-ups. We use Google's OpenID Connect protocol for this.
• Personal calendar (Google) — read-only. We read event times, titles, and status (accepted/declined/free) to determine when you're busy. We never modify your personal Google Calendar.
• Personal calendar (iCloud) — read-only by default; write only with reverse sync (Pro). When you choose iCloud as your personal calendar, we connect to Apple iCloud Calendar via the CalDAV standard using an app-specific password you generate at appleid.apple.com. We read your event start times, end times, titles, and free/busy status. If you enable reverse sync (Pro), we additionally create, update, and delete events on a single iCloud calendar of your choice that you designate as the reverse-sync target — and only on that calendar. The app-specific password can be revoked at any time at appleid.apple.com → Sign-In and Security → App-Specific Passwords.
• Work calendar — read and write. We create, update, and delete "busy block" events on your work Google Calendar that mirror your personal schedule. We never read or modify your other work events.

What we store

• OAuth tokens (Google accounts) — encrypted at rest with AES-256-GCM. These allow us to access your calendars on your behalf. We never see or store your Google password.
• iCloud credentials — for iCloud connections, we store your Apple ID email address and the 16-character app-specific password in encrypted form (AES-256-GCM). We never store your main Apple ID password.
• Event mappings — a table linking personal event IDs to the corresponding work calendar busy block IDs, so we can update or delete them when your schedule changes.
• Calendar URLs — for iCloud users, the public CalDAV URLs of the calendars you've selected for sync (forward and, if reverse sync is enabled, the single reverse target). These contain no credentials.
• Sync configuration — your preferences (naming style, sync range, pause settings).
• Email address — from your Google account (and/or Apple ID for iCloud users), used to identify your account in the dashboard.

What we do NOT store

• Event descriptions, attendees, locations, or attachments
• Your Google password
• Any data from calendars other than the ones you connect
• Analytics, tracking cookies, or advertising identifiers

How data is protected

• OAuth tokens are encrypted with AES-256-GCM before being stored in Google Cloud Firestore.
• All traffic is encrypted in transit via HTTPS/TLS.
• Session cookies are signed with HMAC and marked HttpOnly, Secure, and SameSite.
• The service runs on Google Cloud Run with no persistent local storage.

Third-party services

SyncBusy uses these services to operate:

• Google Calendar API — to read personal events and write busy blocks to work calendars
• Apple iCloud Calendar (CalDAV) — to read personal events from iCloud, when you choose iCloud as your personal calendar provider
• Google Cloud Firestore — to store user data
• Google Cloud Run — to host the service

We do not share your data with any other third parties. We do not use analytics or tracking services.

Data retention and deletion

Your data is stored as long as your account is active. You can delete your account and all associated data at any time by signing out. When you disconnect:

• All busy blocks created on your work calendar are deleted.
• Your OAuth tokens, event mappings, and configuration are permanently removed from our database.

Google API Services User Data Policy

SyncBusy's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Changes to this policy

If we make material changes, we'll update the date at the top of this page. For significant changes, we may notify users via the dashboard.

Contact

Questions about this policy? Contact us at support@syncbusy.dev.