DeepCanvas — Google Calendar Integration Privacy Policy
At a Glance
This is a deliberately short summary. The full policy is below.
- What we read: Read-only access to your Google Calendar events. We do not write to, modify, or delete anything in your calendar.
- What we store: Event details (title, description, time, location, attendees) only while your account is connected.
- What touches AI: Nothing. Calendar data is never sent to any AI or LLM provider.
- Where data lives: Hetzner data centers in Frankfurt, Germany (European Union).
- Who else can see it: No one. Your calendar is visible only to you within DeepCanvas, not to your teammates or organization admins.
- When you disconnect: All calendar data is permanently deleted immediately. No retention period.
1. Introduction
This Privacy Policy describes how DeepCanvas (operated by Uluwatu AI, based in Türkiye; collectively “DeepCanvas”, “we”, “us”) accesses, uses, stores, and shares information obtained from your Google Account when you connect Google Calendar to your DeepCanvas workspace.
This document is specific to the Google Calendar integration. For our general data practices, see our main Privacy Policy at https://deepcanvas.studio/privacy.
By connecting Google Calendar to DeepCanvas, you agree to the practices described in this policy.
2. Information We Access from Google
2.1 OAuth scope requested
DeepCanvas requests a single, read-only OAuth scope:
https://www.googleapis.com/auth/calendar.readonly— view your Google Calendar events and the list of calendars you have access to.
We do not request — and the OAuth grant does not allow us — to create, modify, or delete events, change calendar settings, or access any other Google service such as Gmail, Drive, Contacts, or Meet.
2.2 Data fields accessed
Within the read-only scope, we read the following fields from the Google Calendar API:
- Calendar list:calendar IDs, calendar names, time zones, and the user's access role on each calendar.
- Event details:
- Event title (summary) and description
- Start time and end time
- Location
- Attendee email addresses and response status (accepted, declined, tentative, needs action)
- Organizer name and email
- Event status (confirmed, tentative, cancelled)
- Recurrence rules for repeating events
- Event ID and last-modified timestamp
We also store the OAuth refresh and access tokens required to maintain the connection.
We do not access or store: Google profile photos, contact lists, Gmail content, Drive files, Meet recordings, or any data outside the read-only Calendar scope.
3. How We Use Your Calendar Data
We use your Google Calendar data only to:
- Display your upcoming and recent events inside your DeepCanvas project workspace, in a view called “Agenda”.
- Let you link calendar events to documents and tasks for context (the event itself remains in Google Calendar; we only reference it).
- Surface scheduling information relevant to your active project — for example, indicating when a meeting was held that produced a project document.
That is the complete list of use cases. Specifically, we do not:
- Send notifications, reminders, or emails based on your calendar
- Cross-reference your calendar with other users' calendars
- Use calendar data for analytics, behavioral profiling, or A/B testing
- Use calendar data for advertising of any kind
- Sell, rent, or trade calendar data
4. AI Processing — Important Disclosure
DeepCanvas uses third-party AI providers (currently Alibaba Cloud's Qwen models) to power document authoring and assistant features in other parts of the product.
Google Calendar data is never processed by any AI or LLM provider. Calendar events, attendees, descriptions, and any other information obtained via the Google Calendar API are not sent to Qwen or to any other third-party AI service. This separation is enforced in our application architecture: the data pipeline that feeds AI agents is isolated from the storage layer that holds Google Calendar data.
We do not use Google user data — including calendar data — to develop, improve, or train any generalized artificial intelligence or machine learning models, whether our own or those of any third party.
If we ever change this practice (for example, to introduce an AI feature that operates on calendar data), we will:
- Update this policy before the change takes effect.
- Notify all connected users by email at least 14 days in advance.
- Require explicit, in-app re-consent before enabling the feature for any user.
5. How We Store Your Calendar Data
- Storage location. All calendar data is stored in Hetzner Online GmbH data centers in Frankfurt, Germany. Data does not leave the European Union.
- Encryption in transit.All communication between DeepCanvas, your browser, and Google's APIs uses TLS 1.2 or higher.
- Encryption at rest. Disk-level encryption (AES-256) protects all database storage.
- OAuth tokens. Refresh and access tokens are additionally encrypted at the application layer before being written to the database, with keys managed separately from the data they protect.
- Caching.To reduce calls to Google's API and improve responsiveness, calendar events are cached for up to 5 minutes per user. The cache refreshes automatically when you open the Agenda view.
- Backups. Calendar data is not separately archived. It exists only in the live database and is removed from incidental database backups within 30 days as part of our backup rotation.
6. How We Share Your Calendar Data
6.1 Between DeepCanvas users
Your Google Calendar data is private to you.It is not visible to other members of your organization, your project managers, your organization owner, or any other DeepCanvas user, regardless of role. The Agenda view is a per-user view; there is no shared, team, or organization-wide calendar feature that reveals one user's events to another.
6.2 With third parties (sub-processors)
We share calendar data only with the sub-processors strictly required to operate the integration:
| Sub-processor | Purpose | Location | Data shared |
|---|---|---|---|
| Hetzner Online GmbH | Hosting and database storage | Frankfurt, Germany (EU) | All calendar data we store |
That is the complete list of sub-processors with access to Google Calendar data. In particular, we do not share calendar data with:
- AI or LLM providers (including Qwen)
- Advertising networks or marketing platforms
- Product analytics providers
- Customer support tooling
- Any other third party
We do not sell calendar data under any circumstances, and we do not transfer it as part of any commercial arrangement.
If we engage a new sub-processor that would have access to Google Calendar data, we will update this policy and notify affected users at least 30 days before the change takes effect.
7. Limited Use Compliance
DeepCanvas's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Concretely, this means:
- We use Google Calendar data only to provide and improve the user-facing Agenda feature described in Section 3.
- We do not transfer Google data to others except as needed to provide that feature, comply with applicable law, or as part of a merger or acquisition with the user's prior consent.
- We do not use or transfer Google data for serving advertising, including retargeting, personalized, or interest-based advertising.
- We do not sell Google data.
- Humans at DeepCanvas do not read your Google Calendar data, except in the following narrow cases:
- You explicitly grant us permission to view specific data (for example, to help diagnose a support issue you reported).
- We are investigating suspected abuse, fraud, or a security incident.
- We are required to by applicable law, with appropriate legal process.
- The data has been aggregated and de-identified for the sole purpose of internal operations (and even then, only when strictly necessary).
8. Your Controls
8.1 Disconnect from inside DeepCanvas
You can disconnect Google Calendar from DeepCanvas at any time:
- Go to Settings → Integrations → Google Calendar.
- Click Disconnect.
When you disconnect:
- All calendar data we hold on your behalf — events, attendees, calendar metadata, cached items — is permanently deleted within seconds.
- The stored OAuth refresh and access tokens are revoked with Google and erased from our database.
- There is no retention period, no “soft delete”, and no archive copy.
8.2 Revoke access from your Google Account
You can also revoke DeepCanvas's access directly from your Google Account, without visiting DeepCanvas:
- Visit https://myaccount.google.com/permissions
- Find DeepCanvas and click Remove access.
When we detect the revocation on our next API call (typically within minutes), all stored calendar data is deleted as described in Section 8.1.
8.3 Export your data
You can request a JSON export of the Google Calendar data DeepCanvas holds about you at any time, from Settings → Privacy → Export My Data. Exports are made available within 24 hours.
8.4 Contact us directly
For any data access, correction, or deletion request that is not handled by the in-app controls above, email privacy@deepcanvas.studio. We respond within 30 days, in line with applicable data protection law.
9. Data Retention
| Data type | Retention |
|---|---|
| Calendar events (active cache) | Up to 5 minutes; refreshed on Agenda view open |
| Calendar events (stored) | Only while the integration is connected |
| OAuth refresh and access tokens | Only while the integration is connected |
| Calendar data after you disconnect | None — immediately and permanently deleted |
| Incidental presence in database backups | Rotated out within 30 days |
We do not retain Google Calendar data after disconnection under any circumstances.
10. Security
We protect calendar data with the following controls:
- TLS 1.2+ for all data in transit, including between DeepCanvas and Google's APIs.
- AES-256 disk-level encryption for data at rest.
- Application-layer encryption for OAuth tokens, with key material stored separately.
- Role-based access control: only the application services strictly necessary for the integration can read calendar data.
- Audit logging of all administrative access to systems that hold calendar data.
- Regular review and patching of dependencies.
If we become aware of a security incident affecting your calendar data, we will notify you and, where required, the relevant supervisory authority within 72 hours of becoming aware, in line with GDPR Article 33.
11. International Data Transfers
Google Calendar data processed by DeepCanvas is stored in Hetzner data centers in Frankfurt, Germany (European Union).
For users located in the EU or EEA, no international transfer of Google Calendar data takes place.
For users located outside the EU/EEA, your calendar data is still processed and stored exclusively within the EU. The connection from Google to DeepCanvas may transit international networks, but the data at rest remains in the EU at all times.
12. Children's Privacy
DeepCanvas is not directed to, and we do not knowingly collect data from, individuals under the age of 16. If you are under 16, please do not connect a Google Calendar to DeepCanvas. If you believe that a person under 16 has connected Google Calendar to a DeepCanvas account, please contact us at privacy@deepcanvas.studio and we will delete the data.
13. Changes to This Policy
We may update this policy from time to time. The “Last Updated” date at the top of this page reflects the most recent change.
If we make material changes affecting how we handle Google Calendar data — for example, adding a new sub-processor, expanding the scopes we request, or changing how the data is used — we will:
- Post the updated policy on this page with a new “Last Updated” date.
- Notify users with an active Google Calendar connection by email at least 14 days before the change takes effect.
- Where the change expands how we use Google data (for example, introducing AI processing of calendar data), require explicit in-app re-consent before the change applies to your account.
Previous versions of this policy are kept on file and available on request.
14. Contact Us
For any questions about this policy or about how we handle Google Calendar data:
- Email: privacy@deepcanvas.studio
- Web: https://deepcanvas.studio
- Postal address: Uluwatu AI, Kadıköy Caferağa Mah., 34987 İstanbul, Türkiye
For EU users: you have the right to lodge a complaint with your local data protection authority. A list of authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
This policy applies specifically to the Google Calendar integration. For our general data practices covering account information, billing, and other DeepCanvas features, see https://deepcanvas.studio/privacy.