AllMins Privacy Policy

Service operator: Andrei Savinkov — AllMins (allmins.io / app.allmins.io). Contact: privacy@allmins.io

5. Google API Data

This section applies when you connect Google Calendar. AllMins does not create, modify, or delete Google Calendar events.

5.1 Data we access

AllMins requests read-only access using OAuth scope https://www.googleapis.com/auth/calendar.events.readonly to list future events from your primary calendar. We may access and store: OAuth tokens; event identifiers; titles; start and end times; descriptions; locations; meeting links; event type, transparency, and status. We do not store attendee lists, organizer contact details, or the full Google event payload.

5.2 How we use Google user data

AllMins uses Google Calendar data only to display upcoming meetings, sync a local copy you can manage in the Calendar section, and store completion status you set locally (not written back to Google). We do not use Google Calendar data for advertising or marketing analytics.

5.3 Storage and retention

OAuth access and refresh tokens are stored using Fernet authenticated encryption server-side in our database (Supabase-hosted PostgreSQL) and are never exposed to the browser. Imported events remain until you delete them, disconnect with delete imported data, or your account is deleted. Disconnect revokes tokens and clears encrypted credentials.

5.4 Sharing, transfer and disclosure

We disclose Google user data only to service providers required to operate the integration:

  • Supabase — stores OAuth integration records, encrypted OAuth tokens, saved event fields, and account/database infrastructure.
  • Google Cloud Platform — hosts and processes AllMins API/backend infrastructure; Google Calendar data passes through this infrastructure during OAuth and sync.
  • OpenAI — Google Calendar data is not disclosed to OpenAI and is not included in transcription or meeting-document generation requests.

Google Calendar event data and OAuth tokens are not disclosed to email, notification, advertising, or analytics providers. We may disclose information when required by applicable law or to protect the security and integrity of the service. We do not sell Google user data.

5.5 What we do not do

  • We do not sell Google user data.
  • We do not use Google user data for advertising or advertising profiles.
  • We do not use Google user data to train generalized AI or machine-learning models.

5.6 Limited Use

AllMins's use and transfer of information received from Google Workspace APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

AllMins does not use Google Workspace API data to develop, improve, or train generalized or non-personalized AI or machine-learning models.

5.7 AI/ML disclosure

Google Calendar data is not submitted to AI providers. OpenAI receives only content you explicitly upload for transcription or document generation.

5.8 User control and deletion

Disconnect Google Calendar in the app Calendar section. You can disconnect while keeping imported events, or disconnect and delete imported Google Calendar data. Account deletion removes Google OAuth credentials and imported Google calendar data.

5.9 Security

Google OAuth credentials use Fernet authenticated encryption at rest, TLS in transit, restricted database access, and row-level security policies where enabled. OAuth client secrets are not exposed to the browser.