Privacy Policy

Last updated: March 28, 2026

SyncBusy ("we", "us", "the service") syncs events between your personal and work Google Calendars. This policy explains what data we access, how we use it, and how you can control it.

What we access

When you connect your Google accounts, we request these permissions:

• Email address. We request your Google account email address to identify your account and prevent duplicate sign-ups. We use Google's OpenID Connect protocol for this.
• Personal calendar — read-only. We read event times, titles, and status (accepted/declined/free) to determine when you're busy. We never modify your personal calendar.
• Work calendar — read and write. We create, update, and delete "busy block" events on your work calendar that mirror your personal schedule. We never read or modify your other work events.

What we store

• OAuth tokens — encrypted at rest with AES-256-GCM. These allow us to access your calendars on your behalf. We never see or store your Google password.
• Event mappings — a table linking personal event IDs to the corresponding work calendar busy block IDs, so we can update or delete them when your schedule changes.
• Sync configuration — your preferences (naming style, sync range, pause settings).
• Email address — from your Google account, used to identify your account in the dashboard.

What we do NOT store

• Event descriptions, attendees, locations, or attachments
• Your Google password
• Any data from calendars other than the ones you connect
• Analytics, tracking cookies, or advertising identifiers

How data is protected

• OAuth tokens are encrypted with AES-256-GCM before being stored in Google Cloud Firestore.
• All traffic is encrypted in transit via HTTPS/TLS.
• Session cookies are signed with HMAC and marked HttpOnly, Secure, and SameSite.
• The service runs on Google Cloud Run with no persistent local storage.

Third-party services

SyncBusy uses these Google Cloud services to operate:

• Google Calendar API — to read and write calendar events
• Google Cloud Firestore — to store user data
• Google Cloud Run — to host the service

We do not share your data with any other third parties. We do not use analytics or tracking services.

Data retention and deletion

Your data is stored as long as your account is active. You can delete your account and all associated data at any time by signing out. When you disconnect:

• All busy blocks created on your work calendar are deleted.
• Your OAuth tokens, event mappings, and configuration are permanently removed from our database.

Google API Services User Data Policy

SyncBusy's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Changes to this policy

If we make material changes, we'll update the date at the top of this page. For significant changes, we may notify users via the dashboard.

Contact

Questions about this policy? Contact us at support@syncbusy.dev.