Privacy Policy
Last updated: March 2026What our sync engine accesses
The sync engine accesses only the minimum data needed from your Google Calendar:
Event start and end times
To determine when you’re busy
Calendar IDs
To know which calendars to sync
Event response status
To skip events you’ve declined
What our sync engine never reads
The sync engine only reads start/end times. It never reads the following:
Event titles or summaries
Event descriptions or notes
Event attendees or organizers
Event locations
Event attachments
How we use your data
Sync Engine
Processes only start/end times. Event titles, descriptions, and attendees are never read by the sync engine.
Calendar View
When you enable the Calendar View, event details (titles, times, descriptions, locations, attendees, and meeting links) are fetched from Google on each page load, displayed only to you, and immediately discarded. They are never stored in our database or logged. This is the only feature that accesses event content beyond start/end times.
Scheduling
Your public booking page shows available time slots without revealing event details. No event titles, descriptions, or account details are visible to bookers.
Email alerts
When email is enabled, we send you alerts about booking updates, sync errors, and re-authentication needs through our email provider. These emails never contain your event titles, descriptions, or attendees. You can turn off any alert type from Settings. Email sends are logged for 30 days for troubleshooting.
Booking and scheduling
Booker information
Name, email, and timezone are stored to manage bookings
Accepted bookings
A Google Calendar event is created and the booker receives an invite from Google
Rejected bookings
Permanently deleted from our database
Cancelled bookings
A record is retained for reference
Account deletion
Removes all associated booking records
Data storage
Email and display name
From your Google account, stored in our database
OAuth tokens
Encrypted with ChaCha20-Poly1305 before storage
Sync and scheduling settings
Preferences and link configurations
Booking records
Booker name, email, timezone, and time slot
Email send log
Recipient, alert type, and delivery status — kept 30 days
Event data from sync engine
Processed in memory only — never stored
Google API usage
BusyBlocks requests full calendar access (not read-only) because the service creates and deletes “Busy” block events on your behalf. We also request email and profile scopes for account identification.
Our use of Google API data complies with the Google API Services User Data Policy, including the Limited Use requirements.
You can revoke BusyBlocks’s access at any time from your Google Account permissions page.
Cookies
Session cookie (busyblocks_session)
HttpOnly; keeps you signed in
CSRF cookie (busyblocks_csrf)
Security protection against cross-site request forgery
Tracking or analytics cookies
We do not use any
Data deletion
Delete your account any time from the Settings page. This permanently removes all your data including connected accounts, calendar settings, booking records, and sync history. You can also export your data before deletion.
Third parties
We do not share your data with any third parties for advertising or analytics. We use the Google Calendar API for calendar access and Resend for delivering email alerts. No event details are ever included in emails.