Privacy Policy | PaxFlow

PaxFlow integrates with Google Calendar to let staff sync their work schedule. This page explains exactly what Google user data PaxFlow accesses, why, and how we handle it.

Limited Use commitment

PaxFlow’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

We only use Google user data to provide and improve the calendar-sync features described below.
We do not transfer Google user data to third parties except as necessary to provide these features, for security purposes, or to comply with applicable law.
We do not use Google user data for serving advertisements.
We do not allow humans to read Google user data unless we have your explicit consent, it is necessary for security, or to comply with applicable law.

We do not use Google user data to develop, improve, or train generalized or non-personalized AI and/or machine learning models.

What we access and why

PaxFlow requests the following Google OAuth scopes:

See your email address and basic profile (openid, email): to identify which PaxFlow account the calendar connection belongs to.
Create a PaxFlow-owned calendar (calendar.app.created): PaxFlow creates and writes only to a dedicated sub-calendar it owns. We push your PaxFlow shifts into this calendar. We cannot read or modify your other calendars through this scope.
View your calendar list (calendar.calendarlist.readonly): to show you a picker of your calendars so you can choose which ones to mirror.
View events on calendars you select (calendar.events.readonly): PaxFlow reads events from the calendars you select and mirrors them as unavailability. For events you mark Private or Confidential in Google Calendar, only an opaque “Unavailable (external)” placeholder with the time range is stored – no title or details. For ordinary events, the title and description are stored so you and your managers see the reason for the unavailability. PaxFlow does not store attendees or locations.

How we protect your data

Google access and refresh tokens are encrypted at rest using AES-256-GCM. Calendar data is processed solely to power the sync features above.

Disconnecting

You can disconnect Google Calendar at any time from PaxFlow settings. On disconnect we revoke the Google token, delete the PaxFlow-owned sub-calendar we created, and remove the mirrored “Unavailable (external)” entries from your PaxFlow schedule.

Contact

If you have questions or comments about our privacy practices or Google data handling, please contact us by e-mail at dev@paxflow.io.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.