ACOD
← Back to ACOD

Privacy Policy

Last updated: March 14, 2026

Section 1: Information We Collect

Account Information

When you sign in with Google or Microsoft, we receive and store your name, email address, and profile photo from that provider. We do not store your Google or Microsoft password.

Calendar Data

When performing a sync, ACOD reads event content from your source calendar and writes it to your target calendar. This content — including titles, descriptions, and locations — passes through ACOD transiently during the sync operation and is never persisted in readable form.

To detect when events change between sync runs, ACOD stores a cryptographic fingerprint (SHA-256 hash) of each event's title, description, and location. A SHA-256 hash is a one-way mathematical function: it produces a unique fixed-length string from any input, but that process cannot be reversed. ACOD uses these fingerprints to identify that something has changed and needs to be re-synced, without retaining the readable content of your calendar events.

Users also control how much detail is passed to target calendars via sync rules — options include full event details or free/busy only.

Start and end times are stored as timestamps, since they are required for sync scheduling and conflict detection.

This data is used solely to operate the sync service and is never analyzed, shared, or sold.

OAuth Tokens

We store OAuth access tokens and refresh tokens provided by Google and Microsoft. These tokens allow ACOD to access your calendars on your behalf without requiring you to sign in repeatedly. Tokens are stored securely in our database and are never shared with third parties.

Billing Information

Payments are processed by Stripe. We do not see or store your credit card number, billing address, or other payment details. We store a Stripe customer ID and your subscription status (free or pro).

Usage Data

We collect basic server logs including IP addresses, browser type, pages visited, and error information for debugging and security purposes. We do not use third-party analytics services.

Section 2: How We Use Your Information

We use the information we collect to:

  • Authenticate you and maintain your session
  • Sync calendar events between your connected calendars according to your sync rules
  • Send calendar invite emails on your behalf to target calendars using your configured settings
  • Process subscription payments through Stripe
  • Diagnose errors and improve the reliability of the Service
  • Communicate with you about your account, billing, and service updates

Section 3: Calendar Invite Emails

For calendars where direct API access is not available, ACOD delivers sync updates using standard iCalendar (RFC 5545) format invites. When you configure a sync rule targeting such a calendar, ACOD sends calendar invite emails to that calendar's email address via Resend using your configured sender address. The recipient of these invites is a calendar you own or control — ACOD does not send emails to third parties without your explicit configuration.

Section 4: Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Neon, which runs on Amazon Web Services infrastructure. OAuth tokens are stored in the database and are never logged or exposed in application responses.

We use HTTPS for all data transmission. Access to the database is restricted to the application server. We do not have a formal SOC 2 certification at this time.

Section 5: Cookies and Sessions

ACOD uses cookies solely to maintain your signed-in session. When you sign in with Google or Microsoft, a session cookie is stored in your browser that keeps you authenticated between page loads. This cookie is strictly necessary for the Service to function and is deleted when you sign out or your session expires.

No advertising, analytics, or tracking cookies are used. ACOD does not use Google Analytics, Meta Pixel, or any other third-party tracking service.

Stripe, our payment processor, may set cookies for fraud prevention and payment security purposes. These cookies are governed by Stripe's privacy policy.

Because we use only strictly necessary cookies, no cookie consent banner is displayed. By using the Service, you acknowledge this cookie usage as described in this policy.

Section 6: Data Sharing

We do not sell, rent, or share your personal information or calendar data with third parties, except:

  • Google and Microsoft — to perform calendar reads and writes on your behalf via their APIs, subject to their respective privacy policies
  • Stripe — to process subscription payments
  • Resend — to deliver calendar invite emails
  • Neon — as our database infrastructure provider
  • Vercel — as our application hosting provider
  • Law enforcement — if required by applicable law or valid legal process

All service providers listed above are contractually prohibited from using your data for any purpose other than providing their services to ACOD.

Section 7: Google API Disclosure

ACOD's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We request the following Google Calendar scope: https://www.googleapis.com/auth/calendar (which allows ACOD to read, create, update, and delete calendar events on your behalf). This scope is required to perform bidirectional calendar sync — reading events from source calendars and writing or removing synced events on target calendars. We do not request access to Gmail, Google Drive, Google Contacts, or any other Google services.
  • We do not use Google user data to serve advertising
  • We do not allow humans to read your Google Calendar data except to provide or improve the Service, or as required by law
  • We do not transfer your Google user data to third parties except as described in this policy

Section 8: Microsoft API Disclosure

ACOD accesses Microsoft Calendar data through the Microsoft Graph API using delegated permissions. We request only the permissions necessary to read and write calendar events (Calendars.ReadWrite, User.Read). We do not access your email, files, contacts, or any other Microsoft data.

Section 9: Data Retention

We retain your account data, calendar connections, and sync records for as long as your account is active. If you delete your account, we will delete your personal information, OAuth tokens, calendar records, and sync history within 30 days, except where retention is required by law.

Stripe may retain billing records as required by financial regulations.

Section 10: Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Delete your account and associated data
  • Revoke Google or Microsoft OAuth access at any time through your Google or Microsoft account settings — this will stop ACOD from accessing your calendars
  • Export a description of your sync configuration upon request

To exercise any of these rights, contact us at support@ablconsulting.co.

Section 11: California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request deletion of your personal information, and opt out of the sale of personal information. We do not sell personal information. To submit a request, contact support@ablconsulting.co.

Section 12: European Users (GDPR)

If you are located in the European Economic Area, our legal basis for processing your data is your consent (provided when you sign in with Google or Microsoft) and the performance of our contract with you (providing the sync service). You have the right to lodge a complaint with your local data protection authority.

Section 13: Children

The Service is not directed to children under 13. We do not knowingly collect personal information from children.

Section 14: Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

Section 15: Contact

For privacy questions or data requests, contact us at:

Email: support@ablconsulting.co
Website: https://acod.app