Skip to main content

Legal

Privacy Policy

This policy explains what Google user data Auto Cron processes, how it is protected, who it is shared with, and how retention and deletion work.

Security OverviewPrivacy Questions
Google scopes5
AnalyticsOpt-in only
Last updated2026-02-25

Data Accessed

Auto Cron accesses only the Google user data needed to authenticate you, read calendar availability, and create or update schedule blocks you request.

  • Google account identifier data (email and basic profile) for sign-in and account identity.
  • Calendar metadata (calendar IDs, names, access roles, and sync tokens) to keep sync state.
  • Calendar event data required to detect occupied time and sync planner changes to Google Calendar.
  • OAuth tokens required to maintain your connected Google Calendar integration.

Data Usage

Auto Cron uses Google user data only to provide and secure the Google Calendar features you enable.

  • Authenticate your account and associate your session with the correct user profile.
  • Read calendar availability and existing events so scheduling avoids occupied time.
  • Create, update, and delete Auto Cron-managed schedule blocks in your Google Calendar when you enable sync and make planner changes.
  • Maintain sync state (such as calendar IDs and sync tokens) to support incremental sync.
  • Detect, troubleshoot, and prevent abuse or operational failures in sync workflows.
  • No sale of Google user data.
  • No advertising use based on Google Calendar content.
  • No use of Google user data to train generalized AI or ML models.

Google OAuth scopes requested

  • openid
  • https://www.googleapis.com/auth/userinfo.email
  • https://www.googleapis.com/auth/userinfo.profile
  • https://www.googleapis.com/auth/calendar.readonly
  • https://www.googleapis.com/auth/calendar.events

Google OAuth scope mapping

For each requested scope, we describe the data it enables, why Auto Cron needs it, and whether it is stored or transiently processed.

  • openid

    Data enabled: OpenID identity claims used to establish the signed-in session.

    Why needed: Authenticate the user and associate the Auto Cron account with the correct user identity.

    Storage/processing: Processed for sign-in/session handling; not used for advertising.

  • https://www.googleapis.com/auth/userinfo.email

    Data enabled: Google account email address.

    Why needed: Display and associate the connected account and support account-level operations.

    Storage/processing: Stored as part of account identity data handled by the authentication stack.

  • https://www.googleapis.com/auth/userinfo.profile

    Data enabled: Basic Google profile information (such as name/profile metadata returned by Google).

    Why needed: Improve account identity display and sign-in experience.

    Storage/processing: Processed for identity/profile display; not used for ads or model training.

  • https://www.googleapis.com/auth/calendar.readonly

    Data enabled: Calendar metadata and event details needed to read availability, busy time, and existing commitments.

    Why needed: Import and sync Google Calendar events so Auto Cron schedules around existing calendar commitments.

    Storage/processing: Calendar sync metadata (for example calendar IDs and sync tokens) is stored; event data is processed and stored as needed to provide synchronization and scheduling.

  • https://www.googleapis.com/auth/calendar.events

    Data enabled: Read/write access to calendar events on calendars the user authorizes.

    Why needed: Create, update, and remove Auto Cron scheduling blocks in Google Calendar and keep planner changes synchronized.

    Storage/processing: Processed to perform user-approved sync operations; identifiers and sync state are stored to maintain synchronization.

Data Sharing

We do not sell Google user data. We share data only with service providers and platforms used to deliver Auto Cron, and only for the purposes described in this policy.

  • WorkOS (AuthKit): handles sign-in and OAuth exchange/session infrastructure for account authentication and connected Google access.
  • Convex: application database and background job processing for scheduling and sync.
  • Vercel: web hosting and delivery infrastructure.
  • PostHog: product analytics only when analytics consent is granted by the user (opt-in).
  • Autumn (billing): processes subscription and billing metadata; Auto Cron does not use Autumn to process Google Calendar event content for scheduling sync.
  • Google APIs: data is exchanged with Google to read calendar availability and write approved schedule updates.
  • Legal disclosures: we may disclose data when required by law or to enforce platform security and abuse prevention.

Data Storage & Protection

Google user data and related account/integration data are stored and processed in application infrastructure required to provide Auto Cron, with layered technical and organizational safeguards.

  • Application data and sync state are stored in our application database/infrastructure providers as needed to operate the service.
  • Encryption in transit over HTTPS/TLS for client and provider API traffic.
  • Provider-managed encryption at rest in backing infrastructure where supported.
  • Access controls and least-privilege access for operational systems.
  • Token handling limited to integration workflows required for calendar sync.
  • Operational monitoring and logging to detect and respond to abnormal behavior.

Data Retention & Deletion

Retention is tied to providing the service and maintaining your connected calendar experience. Users can request deletion through an accessible support channel.

  • OAuth connection data is retained while your Google Calendar connection is active.
  • When you disconnect Google Calendar or revoke access, token-based connection data is removed from active settings records.
  • Planner and sync-related data is retained while your account remains active so the product can function.
  • You can also revoke Auto Cron's Google access at any time from your Google Account permissions page; this prevents future Google API access until you reconnect.
  • You can request deletion by contacting support@auto-cron.com. We process deletion requests for active systems within 30 days.
  • Backup copies are retained only for disaster recovery and expire within 35 days.

Cookies and analytics

Necessary cookies support authentication and UI state. Analytics cookies remain disabled until consent is explicitly accepted.

Cookie preferences

Manage analytics cookie consent for this browser and account.

Review or change cookie settings

Necessary cookies stay enabled for authentication and core app functionality.

Ready to auto-schedule your week?

Start.

Start FreeView Pricing