Privacy Policy

What gcal Accesses

gcal requests read and write access to your Google Calendar data via OAuth 2.0. This access is used solely to:

• List your calendars and events
• Create, update, and delete events on your behalf
• Detect scheduling conflicts across calendars

Where Your Data Lives

All data accessed by gcal stays on your local machine. Specifically:

• OAuth tokens are encrypted and stored at ~/.config/supabase-calendar/
• Calendar and event data is cached locally in JSON files
• No data is transmitted to any third-party server operated by this project

Google OAuth Tokens

gcal uses Google's OAuth 2.0 protocol to authenticate you. Tokens are:

• Encrypted at rest using AES-256-GCM before being written to disk
• Never transmitted beyond your machine and Google's OAuth servers
• Automatically refreshed when expired
• Removable at any time via gcal auth:logout

You can also revoke access directly in your Google Account security settings.

This Website

The calendar-sync-cli.web.app domain is used only to:

• Serve the OAuth callback page (bridges Google's redirect to your local CLI)
• Host this privacy policy and terms of service

Firebase Hosting serves these static pages. Firebase may collect standard web server logs (IP address, timestamp, path) per Google's standard policies. No analytics, cookies, or tracking scripts are used on this site.

Google API Scopes Requested

• calendar.readonly — read calendar metadata and events
• calendar.events — create, update, and delete events
• userinfo.email — identify which account is authenticated
• userinfo.profile — display your name in the CLI output

Data Deletion

To remove all locally stored data:

• Run gcal auth:logout --email your@email.com
• Or delete ~/.config/supabase-calendar/ manually

Contact

Questions about this policy? Open an issue on the project repository or contact tech@technicalpartners.co.