Privacy Policy

Last updated: April 17, 2026

1. Scope

This Privacy Policy explains how cocal collects, uses, stores, and shares information when you use cocal.io, mcp.cocal.io, the account management UI, and related authentication and calendar connection flows (together, the "Service").

2. Information We Collect

  • Account and identity information — your email address, Google account identifiers we receive through authentication, and account labels you choose inside the Service.
  • Google authorization data — OAuth access tokens, refresh tokens, granted scopes, and expiration timestamps needed to access Google Calendar on your behalf.
  • Connected calendar metadata — calendar IDs, summaries, summary overrides, access roles, primary-calendar flags, background colors, and enabled/disabled state.
  • Session and authentication artifacts — cookies, nonces, short-lived tokens, and MCP client registrations needed to keep you signed in and to authorize MCP clients on your behalf.
  • Operational logs and diagnostics — request timestamps, auth and security events, client type, error information, and infrastructure metadata generated by our hosting, database, and analytics providers during normal operation.
  • Communications you send us — support requests, bug reports, and messages sent through our contact form, GitHub issues, or other support channels.

3. How We Use Information

We use the information above solely to provide and maintain the user-facing calendar-management features of the Service. Specifically, we:

  • Authenticate you and maintain your account session.
  • Connect, refresh, manage, and revoke Google Calendar access on your behalf.
  • Route requests from supported AI assistants and MCP clients to the correct Google Calendar account and calendars at your direction.
  • Protect the Service against security threats.
  • Comply with applicable law.

4. Data We Do Not Persist By Default

In ordinary operation, we do not persist calendar event content — such as event titles, descriptions, attendee lists, or message bodies — in our application database. We also do not persist AI conversation history or prompt/response content by default.

Calendar data necessarily passes through the Service in memory when handling requests and is delivered to the AI assistant or MCP client you choose to connect. It may also appear in support messages you send us or in error reports you submit.

5. How We Share Information

We share information only as needed to operate the Service:

  • Google. We send authorized requests to Google Calendar using the credentials you grant to us.
  • AI assistants, MCP clients, and model providers you choose to connect. If you connect cocal to Claude or another client, calendar data requested through the Service is returned to that client and processed under that provider's own terms and privacy policy.
  • Infrastructure providers. We use third-party hosting, database, and related operational providers to run the Service.
  • Analytics and error-monitoring providers. We use a third-party provider for server-side product analytics and exception tracking in the MCP service, limited to operational metadata (see §7).
  • Legal and safety disclosures. We may disclose information if required by law or to protect users or the Service.
  • Business transfers. In the event of a merger, acquisition, financing, or asset sale, Google user data may be transferred only to a successor bound by obligations equivalent to the Google API Services User Data Policy, including the Limited Use requirements.

We do not sell your personal information.

6. Google User Data — Limited Use Disclosure

cocal's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Our use of Google user data is limited to providing and maintaining user-facing features of the Service. We do not use Google user data for:

  • Serving, targeting, or personalizing advertisements
  • Retargeted, interest-based, or personalized advertising
  • Selling data to third parties, data brokers, or information resellers
  • Determining credit-worthiness or for lending purposes
  • Training artificial intelligence or machine learning models
  • Building databases or datasets for any of the above purposes

We do not transfer Google user data to third parties except as necessary to provide the user-facing features you request, to comply with law, or, in connection with a business transfer, to a successor bound by obligations equivalent to the Limited Use requirements. We do not transfer Google Calendar event content — including event titles, descriptions, locations, attendee email addresses, or other free-text fields — to our analytics or error-monitoring providers.

When you connect cocal to an AI assistant or MCP client, calendar data is returned to that client at your direction and solely to provide the user-facing calendar-management feature you requested. cocal does not control how that client's provider processes data after delivery. You should review the privacy policy and terms of any AI assistant or MCP client you connect.

7. Analytics and Diagnostics

We use a third-party provider on the server side of the MCP service for product analytics and exception monitoring, solely to provide and maintain the user-facing features of the Service. These events are limited to operational metadata — account and client identifiers, session and request identifiers, tool names, auth-flow milestones, boolean feature indicators (for example, whether a request included attendees or recurrence), error diagnostics, and calendar and account identifiers needed to attribute activity.

We do not send Google Calendar event content — including event titles, descriptions, locations, attendee email addresses, or other free-text fields — to any analytics or error-monitoring provider. We do not use analytics for advertising, cross-site tracking, or client-side behavioral profiling.

8. Retention

  • Connected Google account records and cached calendar metadata are retained until you disconnect the account or remove it from the Service.
  • Session and authentication artifacts (cookies, nonces, link tokens, auth codes, access tokens, refresh tokens) expire automatically on the timescales required to keep the Service secure — from minutes to about 30 days.
  • Operational logs are retained per provider configuration, incident response needs, and legal obligations.

Removing a connected account deletes the associated Google account record and cached calendar metadata. Short-lived session, token, and log records may continue to exist until they expire or are rotated out under the systems above.

9. Security

We use technical and organizational measures to protect the Service and the data we store, including encryption in transit, authenticated sessions, scoped credentials, and access controls for administrative systems. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

10. Your Choices and Rights

You may revoke cocal's access to your Google account at any time via your Google account settings or through the cocal accounts page.

Depending on where you live, you may also have rights to request access to, correction of, or deletion of certain personal information we hold about you. We will evaluate and respond to such requests as required by applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the date above and may provide additional notice. If we materially expand the categories of Google user data or personal data we collect or the purposes for which we use that data, we will update this policy before doing so and obtain any consent required by law or platform policy.

12. Contact

For privacy-related questions, please use our contact form.