Privacy Policy

Last updated: April 22, 2026

Personal Assistant is a tool that syncs external ICS calendar feeds to your Google Calendar and generates daily planning digests sent to your Gmail. This policy explains what data is accessed, how it is used, and your rights.

What data we access

When you sign in with Google, we request access to the following:

• Google account email and profile — used to identify your account and manage your session.
• Google Calendar (read and write) — used to list your calendars so you can choose a sync target, and to create, update, and delete events synced from your ICS feeds.
• Gmail (send only) — used exclusively to send your daily planning digest to your own email address. We do not read, modify, or access any of your existing Gmail messages.

How your data is used

• Your Google OAuth tokens are encrypted and stored securely in Google Firestore, scoped to your account.
• Calendar data is accessed only to perform sync operations and generate digests that you have configured.
• Emails sent via the Gmail API are always addressed to your own account — we never send email to third parties on your behalf.
• ICS feed URLs you provide are fetched on a schedule to keep your calendar up to date. These URLs are stored in your account data.

Data sharing

We do not sell, share, rent, or otherwise disclose your data to any third party. Your Google account data is never used for advertising or profiling.

Third-party services

• Google APIs — Calendar and Gmail access is provided by Google. Use is subject to Google's Privacy Policy.
• Pushover (optional) — if you configure Pushover notifications, your Pushover user key is stored in your account. No other data is sent to Pushover.
• Anthropic Claude API (optional) — if you configure an LLM API key for digest generation, event summaries are sent to Anthropic to generate your digest. Your API key is stored in your account. See Anthropic's Privacy Policy.

Data retention and deletion

Your account data (OAuth tokens, feed configurations, settings) is retained as long as your account exists. You can disconnect your Google account at any time by visiting your Google Account permissions page and revoking access. To request deletion of all stored data, contact us at the address below.

Security

OAuth tokens are encrypted at rest using industry-standard encryption before being stored. Access is restricted to authenticated sessions tied to your Google account.

Changes to this policy

If this policy changes materially, we will update the date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.

Google API Services

Personal Assistant's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Contact

For questions or data deletion requests, contact: basteinberg@gmail.com

← Back to app