Privacy Policy

Last Updated: December 18, 2024

Introduction

Calintent ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our time management and productivity application, including our web application and Chrome browser extension (collectively, the "Service").

By using Calintent, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

Data Collection

We collect information in the following ways:

1. Account Information

When you create an account using Google Sign-In, we collect:

• Email address - Account identification, communication (Source: Google OAuth)
• Full name - Personalization, display in app (Source: Google profile)
• Profile picture URL - Avatar display (Source: Google profile, optional)

2. Google Calendar Data

When you connect your Google Calendar, we access and store the following event data:

• Event titles - Display, rule automation, analytics
• Event times (start, end) - Scheduling, analytics calculations
• Event locations - Display, automation rules
• Event attendees (up to 10 per event) - Automation rules based on attendees
• Attendee email domains - Domain-based automation rules
• Event colors - Life domain mapping, analytics
• Event status - Sync management (confirmed, tentative, cancelled)
• Recurrence rules - Proper handling of recurring events

Important: We do NOT access or store:

• Event descriptions or notes
• Attachments
• Conference/meeting links (e.g., Google Meet URLs)
• Full attendee details beyond email addresses

3. User-Created Data

Data you create within Calintent:

• Life Domains - Categories you define for organizing activities (e.g., "Work," "Health")
• Automation Rules - Rules you create for automatic event categorization
• Feedback Tickets - Suggestions or issues you submit through the app
• Analytics Settings - Calendar mappings and preferences for insights
• Onboarding Progress - Your progress through the initial setup flow

4. Automatically Collected Data

We automatically collect certain information when you use the Service:

• Device/browser type - Compatibility, debugging (Retention: Aggregated only)
• App version - Release tracking, support (Retention: With analytics events)
• Error logs - Bug fixing, stability (Retention: 90 days)
• Usage analytics - Feature improvement (Retention: Anonymized after 24 months)

Google User Data

Limited Use Disclosure

Calintent's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Scopes Requested

We request the following Google OAuth scopes:

• email - Account identification
• profile - Display name and avatar
• calendar.calendarlist.readonly - See the list of Google calendars you're subscribed to
• calendar.events - View and edit events on all your calendars

How We Use Google User Data

We use Google Calendar data exclusively to:

1. Sync calendar events to provide time management features
2. Apply automation rules that you configure to categorize and color-code events
3. Generate analytics showing how you spend your time across life domains
4. Human Review of Data - We do not allow our employees or contractors to view your Google Calendar data unless we have obtained your explicit permission for troubleshooting a specific support issue, or it is necessary for security purposes or to comply with applicable law

What We Do NOT Do with Google User Data

• We do NOT sell your Google data to third parties
• We do NOT use your data for advertising purposes
• We do NOT share your calendar content with other users
• We do NOT train AI/ML models on your personal data
• We do NOT access data beyond what is necessary for the Service
• We do NOT use Google User Data to train, retrain, or fine-tune generalized AI or Machine Learning models. If any event data is processed via AI (e.g., via our n8n workflows), it is processed for ephemeral, real-time categorization only and is not stored by the AI provider to improve their models

Token Storage

OAuth tokens are stored securely in our database with the following protections:

• Row-Level Security (RLS) ensures users can only access their own tokens
• Tokens are automatically refreshed and old tokens are invalidated
• You can revoke access at any time through Google Account settings or by disconnecting within Calintent

Use of Data

We use collected information for the following purposes:

Service Delivery

• Provide and maintain the Service
• Sync and display your calendar events
• Execute automation rules you configure
• Generate time-use analytics and insights

Improvement and Support

• Identify and fix bugs and technical issues
• Understand how features are used to improve the Service
• Respond to your support requests and feedback

Communication

• Send service-related notices (e.g., sync failures, feature updates)

Cookies and Local Storage

Cookies

We use minimal cookies:

• sidebar_state - Remember sidebar open/closed preference (Duration: 7 days)

Local Storage

We store the following in your browser's local storage:

• theme - Your light/dark mode preference
• calintent-settings - App display settings
• supabase.auth.token - Authentication session (managed by Supabase)
• pwa-install-dismissed - PWA install prompt preference
• integration_oauth_state - Temporary OAuth flow state (cleared after use)

Session Storage

• calintent_in_extension - Detect when running in Chrome extension

Chrome Extension Storage

The Chrome extension uses chrome.storage.local for:

• Authentication session tokens
• PKCE code verifier (OAuth security)

Third-Party Services

We use the following third-party services to operate Calintent:

Infrastructure and Hosting

• Supabase (Privacy Policy) - Database, authentication, serverless functions. Data processed: All user data.
• Vercel (Privacy Policy) - Web application hosting. Data processed: Web traffic, deployment.

Analytics and Monitoring

• PostHog (Privacy Policy) - Product analytics, feature flags. Data processed: User ID, email, usage events. Privacy controls: Anonymization after 24 months.
• Sentry (Privacy Policy) - Error tracking, performance monitoring. Data processed: Error data, session replays. Privacy controls: Text masked, media blocked.

External APIs

• Google Calendar API (Privacy Policy) - Calendar sync. Data processed: Calendar events.
• n8n (self-hosted) (Privacy Policy) - Workflow automation. Data processed: Event data for AI features.

Data Retention

We retain your data as follows:

• Account information - Until you delete your account
• Calendar events - While calendar is connected; deleted on disconnect
• Life domains and rules - Until you delete them or your account
• Analytics data - Anonymized after 24 months
• Error logs - 90 days
• Sync operation logs - 7 days (for debugging)

Data Deletion

When you delete your account:

• All Google OAuth tokens are revoked with Google (not just deleted from our database)
• All personal data is permanently deleted from our database, including calendar events, life domains, automation rules, and settings
• Cached data in third-party services is deleted according to their retention policies
• Your PostHog analytics identity is reset

When you disconnect a calendar integration:

• The Google OAuth tokens for that integration are revoked with Google
• All synced events from that calendar are deleted from our database
• Automation rules associated with that calendar are deactivated

Data Security

We implement appropriate security measures to protect your data:

Technical Safeguards

• Encryption in transit: All data is transmitted over HTTPS/TLS
• Row-Level Security: Database policies ensure users can only access their own data
• OAuth 2.0 with PKCE: Secure authentication flow, especially for browser extensions
• Token refresh: OAuth tokens are automatically refreshed and validated
• Origin validation: API calls are validated against trusted origins

Operational Safeguards

• Access to production data is limited to essential personnel
• We regularly review and update our security practices
• Third-party services are selected based on their security practices

Your Rights

Depending on your location, you may have the following rights:

For All Users

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete data
• Deletion: Request deletion of your account and associated data
• Portability: Export your data in a machine-readable format
• Revoke Access: Disconnect integrations and revoke OAuth permissions

For EU/EEA Residents (GDPR)

In addition to the above, you have the right to:

• Object to processing based on legitimate interests
• Restrict processing in certain circumstances
• Lodge a complaint with your local data protection authority

For California Residents (CCPA)

California residents have additional rights:

• Right to Know: Request information about data collection practices
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: We do not sell personal information
• Non-Discrimination: We will not discriminate against you for exercising your rights

Exercising Your Rights

To exercise any of these rights, please contact us at:

Email: privacy@calintent.com

We will respond to your request within 30 days.

Children's Privacy

Calintent is not intended for use by children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

International Data Transfers

Your data may be transferred to and processed in countries other than your own. These countries may have different data protection laws. We ensure appropriate safeguards are in place for such transfers, including:

• Standard Contractual Clauses (SCCs) where applicable
• Data processing agreements with third-party providers
• Compliance with applicable data transfer mechanisms

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending you an email notification (for significant changes)

We encourage you to review this Privacy Policy periodically.

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Calintent
Email: privacy@calintent.com
Website: https://calintent.com
Address: Rua Lisboa 307, Cerqueira Cesar, São Paulo, 05413-000, SP, Brazil

Additional Information

Open Source Components

Calintent uses various open-source libraries and frameworks. These are licensed under their respective open-source licenses and do not collect personal data independently.

Chrome Extension Permissions

The Calintent Chrome extension requests the following permissions:

• storage - Store authentication tokens securely
• identity - OAuth authentication flow
• tabs - Open OAuth popup windows
• activeTab - Display extension panel on current tab

The extension does not read or modify webpage content beyond what is necessary for the authentication flow.

This Privacy Policy is effective as of December 18, 2025.