> For the complete documentation index, see [llms.txt](https://monthly-calender-widgets.gitbook.io/docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://monthly-calender-widgets.gitbook.io/docs/privacy-and-support/privacy.md). # Privacy policy **Effective date:** 2026-01-28 Monthly Calendar Widgets ("the app", "we", "us") helps you view your schedule in beautiful widgets. You can use it with: * **Apple Calendar (iOS Calendar)** -- Shows events using iOS Calendar permissions. * **Google Calendar (optional)** -- Connects via Google OAuth and syncs events with exact Google colors. We built the app to be **privacy-first**: * Your **calendar content is not uploaded to our servers**. We do not operate a backend server that stores your data. * **We cannot see your calendar events.** All event data stays on your device. * There are **no ads**, **no analytics SDKs**, and **no cross-app tracking**. * All data used by the app stays **on your device** in local storage, the iOS Keychain, or the shared App Group container. ## Quick summary | Data | What happens | | -------------------- | --------------------------------------------------------------------------- | | Calendar events | Read from your device to display in the app and widgets. Never uploaded. | | Google Calendar sync | Your device communicates directly with Google's API. We never see the data. | | Purchases | Handled by Apple (StoreKit) and RevenueCat (subscription status only). | | Google OAuth tokens | Stored in the iOS Keychain on your device. Never sent to us. | ## Permissions ### Calendar access (required) The app requests **Full Access** to your calendars via Apple's EventKit framework. This permission allows the app to: * Read event titles, times, calendar names, colors, locations, and all-day status. * Create and edit events (when you choose to do so). * Write lightweight event snapshots to the widget extension via App Group storage, so widgets can display your schedule. The exact permission strings shown to you are: * "Calndly requires full calendar access to read and write your events." * "Monthly Calendar Widgets needs permission to add events to your calendar." * "Calndly needs access to your calendar to display and manage your events in the widget." If you only grant **Write Only** access, the app can create events but cannot read or display existing events in widgets. ### Google sign-in (optional) If you connect Google Calendar, the app initiates a Google OAuth 2.0 flow in your browser using PKCE (Proof Key for Code Exchange). The OAuth scope requested is `https://www.googleapis.com/auth/calendar.readonly`, which grants read-only access to your Google Calendar data. The app reads and displays your events but never creates, edits, or deletes them. **Important:** * We do not see or store your Google password. * The OAuth flow happens between your device and Google's servers. * You can revoke access at any time from [Google Account permissions](https://myaccount.google.com/permissions). ## What data the app uses (on-device) ### Calendar data (Apple Calendar / EventKit) If you grant Calendar access, the app reads: * Event title * Start and end time * All-day status * Calendar name and color * Location (if present) * Event identifier (for editing and deduplication) This data powers the app's core features: displaying events, creating/editing events, and rendering widgets. Up to 4,000 events are snapshot for widget display, covering 2 years in the past and 1 year in the future. ### Google Calendar data (optional) If you connect Google Calendar, the app uses the Google Calendar API to fetch: * Event titles, times, all-day status, and locations * Calendar names and Google's event color IDs (mapped to exact hex colors) * Your primary calendar's email address (to identify the connected account) The app stores: * **OAuth tokens** (access token, refresh token, expiry) in the **iOS Keychain**, encrypted by iOS. * **Event data** in the shared App Group container for offline access and widget rendering. * **Connected account metadata** (email, display name) in UserDefaults. Each sync fetches events from 2 years in the past to 1 year in the future (approximately 3 years of data). Events are stored locally and available offline after sync. ### App settings and preferences The app stores user preferences (theme selection, widget tap action, calendar toggles, timer/stopwatch data, custom widget configurations) in UserDefaults and the shared App Group container. This data stays on your device. ### Purchase and subscription status The app uses **RevenueCat** (and Apple's StoreKit) to manage in-app purchases. When you interact with purchase features, RevenueCat may process: * Purchase and transaction information. * App instance identifiers used for purchase validation. * Subscription/entitlement status. * IP address (for fraud prevention and regional pricing). RevenueCat's privacy policy applies to data they process: . ## What data is shared with third parties We do **not** operate a backend server. Your calendar data is never sent to us. However, some features involve communication with third-party services: ### Google (optional) If you connect Google Calendar, your device communicates directly with Google's servers: * **OAuth endpoints** (`accounts.google.com`, `oauth2.googleapis.com`) for authentication and token refresh. * **Google Calendar API** (`googleapis.com/calendar/v3`) for fetching events and calendar metadata. Google's Privacy Policy applies to data they handle: . ### RevenueCat RevenueCat manages subscription status. They process purchase validation data as described in their privacy policy. ### Apple Purchases are processed by Apple via StoreKit. Apple's privacy policy applies. ## How widgets work (App Group storage) iOS widgets run as a separate process and cannot always access Calendar data directly. To make widgets reliable, the app writes a snapshot of upcoming events to a shared **App Group** container (`group.yash.calndly`) on your device. This snapshot includes: * Event title, time range, all-day flag * Calendar name and color (including custom per-event colors) * Location (if present) * Widget configuration and display state * Subscription status (for gating premium features in the widget) * Timer and stopwatch state (for Lock Screen utility widgets) This data stays entirely on your device and is never transmitted to us or any third party. ## What we do NOT collect * We do not collect or store your Google password. * We do not sell your data. * We do not include advertising SDKs. * We do not include analytics or tracking SDKs. * We do not build a profile about you across other apps. * We do not use your calendar data for any purpose other than displaying your schedule. ## Tracking and advertising * We do **not** show third-party ads. * We do **not** sell your data to anyone. * We do **not** track you across other companies' apps or websites. * `NSPrivacyTracking` is set to `false` in the app's Privacy Manifest. ## Data retention and deletion * **Calendar access**: Revoke anytime in iOS Settings > Privacy & Security > Calendars. * **Google Calendar**: Disconnect your account in the app (Settings > Data Sources > Google Calendar > Disconnect). This removes OAuth tokens from the Keychain and clears cached Google events. * **App removal**: Uninstalling the app deletes all local storage, App Group data, and Keychain entries associated with the app. * **Stale data cleanup**: The app automatically removes old custom color mappings and legacy local cache entries (approximately 180 days) to keep local storage lean. ## Security- Google OAuth tokens are stored in the **iOS Keychain**, which is hardware-encrypted on iOS devices. * PKCE (S256 code challenge) is used for the Google OAuth flow to prevent authorization code interception. * All network communication uses HTTPS (App Transport Security defaults are enforced). * No data is stored on external servers controlled by us.## Children's privacyThe app is not designed for or directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided personal information through the app, contact us and we will address it.## Changes to this policyWe may update this policy to reflect product changes or legal requirements. Updates will be posted on this page with a new effective date.## ContactFor privacy questions, contact us at ****. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://monthly-calender-widgets.gitbook.io/docs/privacy-and-support/privacy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.