Privacy Policy

This Privacy Policy explains how FlapDeck accesses, uses, stores, and shares data, including Google user data when you choose to connect Google Calendar.

Information We Collect

Only when necessary to provide the requested service, we may collect basic account information such as name, email address, and app settings or preferences.

We do not sell personal information.

We do not use personal data for advertising or cross-app tracking.

Google User Data

If you connect Google Calendar, FlapDeck requests read-only Google Calendar access and uses Google user data only to provide the user-facing calendar features you enable, including showing selected calendars and calendar events in FlapDeck boards and configuration screens.

Google user data is processed only by service providers that are necessary to operate, secure, and provide FlapDeck, such as secure hosting, authentication, and infrastructure providers, and only as needed to provide the requested functionality.

We do not sell Google user data or use Google user data for advertising.

Limited Use

FlapDeck's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Data Retention and Deletion

FlapDeck retains personal information and Google user data only for as long as necessary to provide the requested service, maintain security, comply with legal obligations, resolve disputes, or enforce our agreements.

For Google Calendar, FlapDeck does not store Google Calendar event content. Calendar event data is retrieved only as needed to display entries in FlapDeck boards and configuration screens.

FlapDeck may store Google account connection information, OAuth tokens, selected calendar metadata, and calendar display preferences only for as long as the user chooses to keep the Google Calendar feature connected.

Users may revoke FlapDeck's access to Google Calendar at any time through their Google Account permissions. Users may also request deletion of their personal information or stored Google account connection information by contacting [email protected].

When access is revoked or deletion is requested, we delete stored Google account connection information and revoke or invalidate stored OAuth tokens within 30 days of request/revocation, unless legally required otherwise. When data is no longer needed, we delete or anonymize it unless a longer retention period is required or permitted by law.

Service Providers

Data may be processed by vendors used to operate FlapDeck (for example hosting, authentication, analytics, and billing providers), solely to provide and secure the service.

Protection of User Data

We use reasonable administrative, technical, and organizational safeguards to protect all user data. These safeguards include HTTPS encryption in transit, OAuth-based authorization, access controls, limited access to production systems, and secure cloud infrastructure intended to protect against unauthorized access, disclosure, alteration, or destruction of data.

Access to systems that may process user data is limited to authorized personnel or service providers who need access to operate, maintain, or secure the service.

Contact

Questions about privacy or data use: [email protected].