Privacy Policy

SyncBlock (the "Service") is a calendar integration service operated by an independent developer. This policy describes what personal information the Service collects, why it is collected, how long it is retained, and what rights you have.

The Service collects the following personal information.

When you sign up:

• Email address
• Name (optional)
• Password (for email sign-up, stored encrypted)

When you connect a Google account:

• Google account ID
• Email address
• Name
• Profile picture URL

When you connect a Microsoft account:

• Microsoft account ID
• Email address
• Name

Collected automatically during use:

• User preferences such as language, timezone, and theme
• Local events and tags created within the Service

Event data from Google Calendar and Outlook Calendar is NOT stored in the Service's database. When you view your calendar, the Service calls each platform's API in real time to display events. Response data is discarded from memory after rendering.

Local events created directly within the Service are stored in the Service's database.

• Providing the calendar integration service (Google Calendar, Outlook Calendar sync)
• User authentication and account management
• Saving user preferences (language, timezone, theme, etc.)
• Providing schedule sharing features

SyncBlock's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

• Data received through Google APIs is used solely to provide calendar integration features.
• Google user data is not transferred to or sold to third parties.
• Google user data is not used for advertising purposes.
• A human may read Google user data only with your explicit consent, for security purposes, to comply with applicable law, or as necessary to provide the Service.

Data received through the Microsoft Graph API is used solely for calendar integration and user authentication. Microsoft user data is not shared with third parties or used for advertising purposes.

• OAuth access tokens: approximately 1 hour (automatically refreshed upon expiry)
• OAuth refresh tokens: deleted when you disconnect the account or delete your account
• Account information: deleted immediately upon account deletion
• Local events and tags: deleted immediately upon account deletion

When you delete your account, the Service revokes Google and Microsoft OAuth tokens and permanently deletes all your data from the database.

The Service does not sell or share your personal information with third parties, except in the following cases.

• When you choose to share your schedule using the sharing feature
• When required by law

You have the right to:

• Request access to your personal data
• Update your personal data (via the Settings page)
• Disconnect calendar accounts (via the Settings page)
• Delete your account and all associated data

The Service uses HttpOnly cookies for authentication. These cookies are used solely to maintain your login session and are not used for advertising or tracking.

The Service implements the following security measures to protect your personal data.

• Encryption in transit: All data transmissions are encrypted using HTTPS (TLS) protocol.
• Password protection: User passwords are hashed using a one-way hash function (bcrypt) before storage. Original passwords are never stored on the server.
• Authentication token security: JWT tokens are signed with a server-side secret key and delivered via HttpOnly, Secure, and SameSite cookies.
• OAuth token management: Google and Microsoft OAuth tokens are stored in the database and immediately revoked upon account deletion.
• Access control: All API endpoints are protected by JWT-based authentication guards, and unauthenticated access is blocked.
• Infrastructure security: The Service is hosted on a cloud platform with HTTPS enforcement, and the database is accessed through encrypted connections.

If this policy is updated, we will notify you through an in-service announcement.

For privacy-related inquiries: contact@sync-block.app