Privacy Policy

Last updated: March 28, 2026

1. Information We Collect

When you sign in with Google, we collect your email address and Google Calendar OAuth tokens. We do not store your calendar data — events are fetched in real time when requested by your AI assistant.

2. How We Use Your Information

Your email address is used to identify your account and scope access to your connected calendars. OAuth tokens are used solely to authenticate with Google Calendar on your behalf when your AI assistant makes requests through the MCP server.

3. Data Storage

Account information and encrypted OAuth tokens are stored in a PostgreSQL database. We do not store calendar event data, conversation history, or any content from your AI assistant interactions.

4. Third-Party Access

cocal acts as a bridge between your AI assistant and Google Calendar. Your AI assistant accesses your calendar data through cocal's MCP server using your authorized credentials. We do not sell, share, or provide your data to any other third parties.

5. Data Retention

Your account data is retained as long as you have an active account. You can disconnect your Google accounts at any time from the accounts page, which revokes our access and deletes the associated tokens. To fully delete your account, disconnect all calendars.

6. Security

We use industry-standard security measures including encrypted database connections, HMAC-signed authentication assertions, and secure token storage. All communication between services is encrypted in transit.

7. Your Rights

You may revoke cocal's access to your Google account at any time via your Google account settings or through the cocal accounts page.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of the Service after changes constitutes acceptance of the updated policy.

9. Contact

For privacy-related questions, please open an issue on our GitHub repository.