Privacy Policy

Last updated: 1/22/2026

1. Data Collection

Big Year accesses your Google user data through the Google Calendar API to provide calendar management functionality. Specifically, we collect and access the following data:

  • Authentication Information: We collect OAuth access tokens and refresh tokens that are necessary to authenticate API requests to Google Calendar on your behalf. These tokens are stored securely in our database.
  • User Profile Information: When you sign in with Google, we collect your name, email address, and profile image to identify your account and provide personalized services.
  • Calendar Data: We access your Google Calendar data, including calendar lists, calendar metadata (such as calendar names and colors), and calendar events. We specifically access all-day events (events with date-only start times) to display them in our yearly calendar view.
  • User Preferences: We store your application preferences, such as which calendars to display, which events to hide, and display settings (e.g., showing days of week, weekend alignment).

We only access data that you explicitly grant permission for through the Google OAuth consent screen. You can revoke this access at any time.

2. Data Storage

We store the following data in our secure PostgreSQL database:

  • OAuth Tokens: Access tokens and refresh tokens are stored in encrypted form in our database. These tokens are required to make API requests to Google Calendar on your behalf.
  • User Account Information: Your user profile data (name, email, profile image) is stored in our database to maintain your account and session.
  • User Preferences: Your application preferences are stored in our database to maintain your personalized settings across sessions.

Important: We do NOT store your actual calendar events. Calendar events are fetched directly from Google Calendar API in real-time when you use the application and are only displayed in your browser. Event data is not persisted to our database.

All data is stored on secure servers with appropriate access controls and encryption at rest. We retain your data only as long as necessary to provide our services or as required by law.

3. Data Usage

We use the collected data for the following purposes:

  • Calendar Display: Your calendar events are fetched from Google Calendar API and displayed in our yearly calendar interface. This allows you to visualize all your all-day events across the entire year.
  • Calendar Management: We use your OAuth tokens to allow you to create, edit, and delete all-day events directly within the application. These changes are made to your Google Calendar through the Google Calendar API.
  • Authentication: OAuth tokens are used to authenticate API requests to Google Calendar, ensuring that we can only access calendars you have authorized.
  • Personalization: User preferences are used to customize your calendar view according to your settings, such as which calendars to show and how events are displayed.

We do not use your data for advertising, marketing, or any purpose other than providing the calendar management functionality described above. We do not sell, rent, or share your data with third parties.

4. Data Protection

We implement comprehensive security measures to protect your Google user data:

  • Encryption: All data transmitted between your browser and our servers uses HTTPS/TLS encryption. OAuth tokens stored in our database are encrypted at rest using database-level encryption.
  • Secure Storage: Our database is hosted on secure cloud infrastructure with restricted access. Only authorized personnel with a legitimate need can access the database, and all access is logged and monitored.
  • Token Management: OAuth tokens are automatically refreshed when they expire to maintain secure access. If you revoke access through Google, we immediately stop using your tokens and remove them from our system.
  • Access Controls: We implement strict access controls to ensure that your data can only be accessed by authenticated users. Each user can only access their own calendar data.
  • API Security: All API requests to Google Calendar are made using secure HTTPS connections with proper authentication headers. We follow Google's security best practices for API usage.
  • No Data Sharing: We do not share your Google user data with any third parties. Your calendar data remains private and is only used to provide the calendar management functionality within our application.
  • Regular Security Updates: We keep our systems and dependencies up to date with security patches to protect against known vulnerabilities.

In the event of a data breach, we will notify affected users and relevant authorities as required by applicable data protection laws.

5. Data Sharing

We do not share, sell, rent, or disclose your Google user data to any third parties. Your calendar data, authentication tokens, and personal information remain private and are only used to provide the calendar management services within our application.

6. Your Rights

You have the following rights regarding your data:

  • Access: You can view all data we store about you through the application interface.
  • Revocation: You can revoke access to your Google Calendar at any time through your Google Account settings (at myaccount.google.com/permissions) or by disconnecting your account within the application. When you revoke access, we will immediately stop accessing your calendar data and remove your OAuth tokens from our database.
  • Deletion: You can delete your account and all associated data at any time by clicking the settings icon in the sidebar, then selecting "Delete account" from the menu. This will immediately delete your account, OAuth tokens, user preferences, and all other stored data. Alternatively, you can contact us at gabe@valdivia.works to request account deletion.
  • Export: You can export your calendar data directly from Google Calendar at any time, as we do not store your actual calendar events.

7. Google API Services User Data Policy

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:

  • We only use Google user data to provide and improve calendar management functionality within our application.
  • We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, comply with applicable laws, or as part of a merger, acquisition, or sale of assets.
  • We do not use Google user data for serving advertisements.
  • We do not allow humans to read Google user data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or our use is limited to internal operations and the data (including derivations) have been aggregated and anonymized.

8. Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page. Your continued use of the application after such changes constitutes your acceptance of the updated privacy policy.

9. Contact

If you have questions, concerns, or requests regarding this privacy policy or how we handle your Google user data, please contact us at: gabe@valdivia.works