Privacy Policy

This Privacy Policy describes how we collect, use, and protect your information when you use our Todoist-Google Calendar integration service.

Information We Collect

We collect and process the following types of information:

Google Account Information

  • Email address: Used for account authentication and identification
  • Google Calendar data: Calendar names, events, event details (title, description, date, time)
  • OAuth tokens: Securely stored to access your Google Calendar on your behalf

Todoist Information

  • API tokens: Your Todoist API token to access your tasks and projects
  • Task data: Task names, descriptions, due dates, project assignments
  • Project information: Project names and organizational structure

Usage Information

  • Sync configuration: Which projects sync to which calendars
  • Subscription data: Payment information processed via Stripe
  • Application logs: Technical logs for debugging and performance monitoring

How We Use Your Information

We use your information solely to provide our synchronization service:

  • Core functionality: Synchronize tasks between Todoist and Google Calendar
  • Bidirectional sync: Update tasks and events when changes are made in either system
  • Account management: Maintain your user account and sync preferences
  • Service communications: Send important service updates or account notifications
  • Payment processing: Process subscription payments via Stripe

Data Access and Permissions

Our application requests the following Google Calendar permissions:

  • Read calendar events: To sync existing events with Todoist tasks
  • Create calendar events: To create new events from Todoist tasks
  • Update calendar events: To modify events when tasks are updated
  • Delete calendar events: To remove events when tasks are completed or deleted

We only access calendars you explicitly select for synchronization. We do not access other Google services or data beyond what's necessary for calendar synchronization.

Data Storage and Security

We implement industry-standard security measures to protect your data:

  • Encryption: All sensitive data is encrypted both in transit and at rest
  • AWS Infrastructure: Data is stored securely on Amazon Web Services with appropriate access controls
  • Token security: OAuth tokens and API keys are encrypted and securely stored
  • Access controls: Strict access controls limit who can access user data
  • Regular updates: We maintain up-to-date security practices and dependencies

Data Sharing and Third Parties

We use the following third-party services to operate our application:

  • Google Calendar API: To access and modify your calendar data
  • Todoist API: To access and modify your task data
  • Amazon Web Services (AWS): For secure data storage and hosting
  • Stripe: For secure payment processing (we do not store payment card details)

We do not sell, rent, or share your personal data with any other third parties.

Data Retention

We retain your data only as long as necessary to provide our services:

  • Account data is retained while your account is active
  • Sync data is retained to maintain synchronization between services
  • When you delete your account, we delete all associated data within 30 days
  • Some data may be retained in encrypted backups for up to 90 days for disaster recovery

Your Rights and Choices

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data and account
  • Data portability: Request your data in a portable format
  • Withdraw consent: Revoke permissions for Google Calendar access at any time
  • Account control: Disable sync or delete specific project configurations

International Data Transfers

Your data may be processed and stored in countries other than your country of residence. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date below.

Contact Us

If you have any questions about this Privacy Policy, your data, or our privacy practices, please contact us:

  • Email: support@todoist-sync.com
  • Response time: We respond to privacy inquiries within 72 hours

Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data on the following legal bases:

  • Consent: You have given clear consent for us to process your Google Calendar data
  • Contract: Processing is necessary to provide the synchronization service you requested
  • Legitimate interests: To improve our service and ensure security

Last updated: December 2024
Effective date: December 2024