Privacy Policy

Last updated: May 23, 2026

SyncNotionCal ("we", "us") operates a two-way sync service between a user's Notion database and Google Calendar. This policy explains what data we collect, how we use it, who we share it with, and how you can control or delete it.

Information we collect

Account information from Google

When you sign in with Google, we receive your Google account's unique identifier, email address, name, and profile picture. We use this to create and identify your SyncNotionCal account.

Google Calendar data

With your consent, we request the following Google Calendar OAuth scopes:

  • https://www.googleapis.com/auth/calendar.readonly — to list your calendars so you can pick which one to sync, and to read events on the selected calendar for sync reconciliation.
  • https://www.googleapis.com/auth/calendar.events — to create, update, and delete events on the calendar you selected, so that changes you make in Notion are reflected in Google Calendar.

We only read and write events on the single calendar you explicitly select during onboarding. We do not access any other calendars.

Notion data

When you connect Notion, we receive an OAuth access token scoped to the pages and databases you authorize the integration to access. We use it to list databases, read the schema and pages of the database you select, and write changes back to that database when Google Calendar events are edited.

Billing information

Subscription payments are processed by Stripe. Stripe receives your payment details directly; we receive a customer identifier and subscription status. We never see or store your card number.

Product analytics

We use PostHog to record anonymous product events (which pages were viewed, which onboarding steps were completed). We do not send the contents of your calendar events or Notion pages to PostHog.

How we use your information

  • To operate the sync between the database and calendar you chose.
  • To authenticate you on return visits and keep your session active.
  • To send transactional email about your subscription and service status.
  • To diagnose, debug, and improve the service.
  • To detect and prevent abuse of the service.

How we use Google user data

SyncNotionCal's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Concretely: we use Google Calendar data only to provide the user-facing sync feature you signed up for. We do not transfer Google user data to third parties except as necessary to provide or improve the user-facing features (for example, hosting infrastructure), as required by law, or in connection with a merger or sale where the acquirer is bound by this policy. We do not use Google user data for advertising. We do not allow humans to read your Google data, unless you give us specific permission to do so, it is necessary for security purposes (such as investigating abuse), it is necessary to comply with applicable law, or the data is aggregated and used for internal operations in accordance with the Limited Use requirements. We do not use Google user data to develop, improve, or train generalized or non-personalized AI or machine-learning models.

Storage and security

Application data is stored in a managed Postgres database (Neon) in the US-East region. OAuth access and refresh tokens are encrypted at rest using pgcrypto with a symmetric key held outside the database. The application is hosted on Vercel. All traffic to the service is over HTTPS.

International data transfers

SyncNotionCal is operated from Brazil, and its hosting and database infrastructure are located in the United States. When you use the Service, your data is transferred to and processed in the United States. By using the Service you consent to this transfer. We rely on the contractual safeguards of our sub-processors to protect data in transit and at rest. For users in Brazil, this transfer is permitted under Article 33 of the LGPD on the basis of execution of a contract and your consent.

Sharing with third parties

We use the following sub-processors to operate the service. Each receives only the data necessary for its function:

  • Google (Calendar API) — to read and write events on the calendar you selected.
  • Notion — to read and write the database you selected.
  • Vercel — application hosting.
  • Neon — managed Postgres database.
  • Stripe — payment processing.
  • Resend — transactional and notification email.
  • PostHog — anonymous product analytics.

We do not sell your data. We do not share it with advertisers.

Retention and deletion

We retain your data only as long as your account is active. You can:

  • Disconnect the Google or Notion integration at any time from the dashboard. This deletes the stored OAuth tokens and stops the sync.
  • Revoke access directly from Google at myaccount.google.com/permissions or from Notion under Settings → Connections.
  • Request full account deletion by emailing hi@syncnotioncal.com. We will erase your account, OAuth tokens, sync state, and stored metadata within 30 days. Events that were already written to your Google Calendar or Notion database will remain there; those are your data and stay under your control.

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing.

If you are in Brazil, the Lei Geral de Proteção de Dados (Lei nº 13.709/2018, "LGPD") grants you the right to confirmation of processing, access to your data, correction of inaccurate or incomplete data, anonymization, blocking, or deletion of unnecessary or excessive data, portability, information about entities with whom we share your data, revocation of consent, and the right to lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD).

To exercise any of these rights, email hi@syncnotioncal.com. We respond within 30 days.

Children

SyncNotionCal is not directed at children under 13, and we do not knowingly collect data from them. If you believe a child has provided us with personal data, contact us and we will delete it.

Changes to this policy

We may update this policy as the service evolves. We will post the revised version at this URL and update the "Last updated" date above. Material changes will be communicated by email to active subscribers.

Contact

Questions, requests, or concerns? Email hi@syncnotioncal.com.