Privacy Policy

Last updated: May 12, 2026

What We Do

Dayfile ("the Service") is a personal calendar management application. It lets you connect multiple Google Calendar accounts, view and organize your events in a unified interface, and access your own calendar data from other applications on your devices through a local API (Model Context Protocol).

Data We Access

When you connect a Google account, we request access to the following through Google's OAuth 2.0:

• Calendar data (read and write): Event titles, times, locations, descriptions, and attendee lists from calendars you choose to enable. You can also create events through the Dayfile interface or API. Scope: calendar.events
• Basic profile info: Your email address and display name, used to identify your connected accounts. Scopes: userinfo.email, userinfo.profile

How We Use Your Data

Google user data is used exclusively to provide and improve Dayfile's user-facing features:

• Display your events in the Dayfile web interface
• Respond to queries you make through the Dayfile API (MCP tools such as searching events, checking availability, and viewing upcoming events)
• Create calendar events on your behalf when you request it through the Dayfile interface or API

We do not use Google user data for any purpose other than providing or improving the application's functionality. Specifically, we do not:

• Sell, share, or transfer your data to third parties
• Use your data for advertising, marketing, or serving ads (including retargeting or interest-based advertising)
• Use your data for training machine learning or artificial intelligence models
• Transfer your data to data brokers or information resellers
• Use your data for determining creditworthiness or lending purposes
• Access calendars you have not explicitly enabled

Data Sharing & Transfer

Dayfile does not transfer Google user data to any third party. All calendar data is processed within Dayfile's own infrastructure to provide the application's features. Your data stays between you and Dayfile — it is not shared with, sold to, or disclosed to any external service, organization, or individual, except as required by applicable law.

Data Storage & Security

• OAuth tokens are encrypted at rest using AES-256 (Fernet) encryption before being stored in the database.
• Calendar events are fetched on demand from Google's API and are not permanently stored. They exist only in memory during a request.
• All connections to Google APIs use HTTPS/TLS encryption in transit.
• If you self-host Dayfile, all data remains on your own infrastructure.

Data Retention & Deletion

We store your Google OAuth credentials (encrypted) and your calendar display preferences (which calendars are enabled/disabled) for as long as your account is connected. Calendar event data is never permanently stored — it is fetched in real time and discarded after each request.

When you disconnect a Google account, all associated data (OAuth tokens, preferences) is immediately and permanently deleted from the database. You may also request complete account deletion at any time by contacting us at the email below.

Your Rights

You can at any time:

• Disconnect any Google account from the Settings page, which immediately deletes all stored data for that account
• Revoke access directly from your Google Account permissions
• Request data deletion by contacting us at the email below

Google API Services User Data Policy

Dayfile's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through the application interface.

Contact

Questions or concerns? Reach us at: hello@cristiano.io