Privacy Policy

Last updated: March 31, 2026

Overview

Calendar MCP ("we", "our", "the service") is a bridge service that connects AI agents to your Google Calendar via the Model Context Protocol. This policy describes how we handle your personal information.

Information We Collect

Account Information

  • Your email address (from Google OAuth)
  • Your display name (from Google OAuth, if available)
  • OAuth refresh token for Google Calendar API access
  • Generated API key for MCP authentication

Calendar Data

We do not store your calendar events or personal calendar data. All calendar information is retrieved from Google Calendar in real-time and passed directly to your AI agent through the MCP protocol.

How We Use Your Information

We use your information solely to:

  • Authenticate and authorize access to your Google Calendar
  • Provide MCP server functionality to your connected AI agents
  • Maintain your account and API key

Data Storage and Security

Your account information is stored securely in our Supabase database with encryption in transit and at rest. Your OAuth refresh token is stored encrypted and is only used to authenticate API requests to Google Calendar on your behalf.

Calendar data flows directly between Google Calendar and your AI agent without being stored on our servers.

Data Sharing

We do not share, sell, or disclose your personal information to third parties except:

  • When required by law or legal process
  • To protect the security and integrity of our service
  • With your explicit consent

Google OAuth Permissions

When you connect your Google Calendar, you grant us permission to:

  • Read and modify your calendar events
  • Access your basic profile information (email address)

These permissions are necessary to provide the calendar integration functionality. You can revoke these permissions at any time through your Google Account settings or by disconnecting your calendar in our dashboard.

Your Rights

You have the right to:

  • View your stored account information in the dashboard
  • Regenerate your API key at any time
  • Disconnect and delete your account completely
  • Revoke Google OAuth permissions

Data Retention

We retain your account information until you choose to disconnect your account. When you disconnect, all stored information including your email, API key, and OAuth tokens are permanently deleted from our database.

Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us through our GitHub repository or support channels.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date.

← Back to Calendar MCP