Legal Document

Privacy Policy

Last updated: January 11, 2026

1Introduction

Welcome to eido ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our calendar synchronization service. We are committed to protecting your privacy and handling your data transparently.

By using eido, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2Information We Collect

Account Information

  • Email address (from your Google or Microsoft account)
  • Name and profile picture (as provided by your OAuth provider)
  • OAuth tokens for calendar access (stored encrypted)

Calendar Data

  • Calendar event details (titles, descriptions, times, locations, attendees)
  • Calendar metadata (calendar names, sync tokens)
  • Synchronization logs (to track which events have been synced)

3How We Use Your Information

We use the information we collect solely to provide and improve our calendar synchronization service:

  • Synchronize calendars: Read events from your source calendars and create/update corresponding events in your target calendars
  • Process webhooks: Receive notifications when your calendars change to trigger real-time sync
  • Apply filters: Process events according to your configured filters and sync modes
  • Prevent duplicates: Track synced events to avoid creating duplicate entries

4Google API Services User Data Policy

eido's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

We limit our use of Google user data solely to providing and improving the calendar synchronization features you request. For details on how we share or disclose this data, see the "Data Sharing and Disclosure" section below.

5Data Security

We implement robust security measures to protect your data:

Encryption at Rest

OAuth refresh tokens are encrypted using AES-256-GCM before storage

Encryption in Transit

All data transmitted to and from our servers uses HTTPS/TLS encryption

Access Controls

Database access is restricted and protected by authentication

Minimal Data Retention

We only store data necessary for the service to function

6Data Retention

We retain your data only as long as necessary to provide our services:

  • Account data: Retained while your account is active
  • Sync logs: Retained to maintain synchronization state
  • OAuth tokens: Deleted when you disconnect a calendar account

When you delete your account or disconnect a calendar, all associated data is permanently deleted from our systems.

7Your Rights and Choices

You have full control over your data:

Delete Your Data

You can disconnect calendar accounts at any time from the Account Management page. Disconnecting removes all stored tokens and sync data for that account.

Access Your Data

You can view all connected accounts and sync configurations in your dashboard.

Revoke Access

You can revoke eido's access to your calendars at any time through your Google Account settings (myaccount.google.com/permissions) or Microsoft Account settings.

8Third-Party Services

eido integrates with the following third-party services to provide its functionality:

  • Google Calendar API: To access and manage your Google Calendar events
  • Microsoft Graph API: To access and manage your Outlook Calendar events
  • Supabase: For secure database storage

These services have their own privacy policies, and we encourage you to review them. For information about how we share user data with these services, see the "Data Sharing and Disclosure" section below.

9Data Sharing and Disclosure

We do not share, transfer, or disclose your user data (including Google and Microsoft user data) to third parties except as described below:

Service Providers

We use the following third-party service provider who may have access to your user data solely for the purpose of providing our service:

  • Supabase: Our database hosting provider stores encrypted OAuth tokens and calendar metadata. All data is encrypted at rest and in transit. Supabase does not use this data for any purpose other than providing database storage services.

Your Calendar Services

eido accesses your own calendar data through the following APIs on your behalf:

  • Google Calendar API: We access your Google Calendar events to synchronize them with other calendars you've connected. We do not share this data with third parties.
  • Microsoft Graph API: We access your Outlook Calendar events to synchronize them with other calendars you've connected. We do not share this data with third parties.

What We Do NOT Do

  • We do NOT sell your user data to any third party
  • We do NOT share your user data with advertisers or advertising networks
  • We do NOT use your user data for analytics or tracking purposes
  • We do NOT transfer your user data to data brokers or other third parties for commercial purposes
  • We do NOT share your user data with other users of our service

Legal Requirements

We may disclose your user data if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

10Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

11Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: