隐私政策

1. 总则

The Service can be used locally without Google sign-in. If you choose to connect Google Calendar, we process the Google account identifier, email address, display name, profile image URL, session cookie, Daily Loop project/section/task data, calendar event identifiers, and an encrypted Google refresh token needed to keep Calendar sync working. We do not read your full calendar contents for general profiling; Calendar access is used to create, update, or delete events requested from Daily Loop and to read calendar list metadata so tasks can be placed on a matching calendar when available.

2. 自动收集与第三方处理(在启用时)

根据部署设置,以下内容可能被启用。如已禁用,则不适用。

• Google OAuth: sign-in profile, email address, consented scopes, and session handling
• Google Calendar API: creating, updating, and deleting Daily Loop time-block events; reading calendar list metadata to choose a matching calendar name when available
• Cloudflare Workers/D1/KV: account profile, Daily Loop project/section/task data, sync metadata, and encrypted integration credentials
• Google Analytics: usage statistics (cookies and similar identifiers, when enabled)

Google user data is used only for the user-facing features described in this policy and is not sold, used for advertising, or used to train AI models. Google API data handling is also subject to the Google API Services User Data Policy: https://developers.google.com/terms/api-services-user-data-policy.

3. 处理目的

1. Providing local vision, goal, and Daily Loop features
2. Authenticating with Google when you choose to sign in
3. Syncing projects, sections, tasks, and time blocks for Daily Loop
4. Creating, updating, or deleting Google Calendar events that correspond to your timed tasks
5. Selecting a Google Calendar whose name matches a Daily Loop section when possible
6. Improving quality, reliability, and security of the Service

4. 保留与删除

Local data remains on your device until you clear browser or app data. Server-side Daily Loop records and encrypted integration credentials are retained while you use sync features, unless you delete or revoke them where the Service provides that control or request deletion. You can also revoke Google access from your Google Account permissions page.

5. 与第三方共享

We do not sell personal information or Google user data. We share data only with infrastructure providers needed to operate the Service, with Google APIs as necessary to perform Calendar actions you request, or where required by law. Google user data is not transferred to advertising platforms, data brokers, or AI model training systems.

6. 基础设施与处理方

我们可能使用以下服务用于托管及相关功能:

7. 您的权利

You can delete local data through your browser or device settings. You can revoke Google access in your Google Account security settings. If server-side sync data exists, you may request deletion or remove integration credentials where the Service provides that control.

8. Cookie

The Service uses essential cookies for Google OAuth state and signed-in sessions. Analytics cookies or similar technologies may be used when analytics is enabled. You can refuse non-essential cookies in your browser, but sign-in or analytics may be affected.

9. 政策变更

If we update this policy, we will post the revised text and effective date in the Service. If the way we use Google user data materially changes, we will ask for consent where required before using the data in the new way.

10. Security safeguards

We use HTTPS for network communication where applicable, signed HTTP-only cookies for authentication sessions, and AES-GCM encryption for stored integration credentials such as Google refresh tokens and Obsidian tokens. Access to server-side sync data is scoped to the signed-in user. No internet service can be guaranteed completely secure, but these safeguards are intended to protect the confidentiality and integrity of Google user data and other sensitive integration data.