← Back to TimeSlot

Privacy Policy

Last updated: March 13, 2026

1. Introduction

TimeSlot is a task scheduling and timer application. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

2. Information We Collect

Account Information

When you sign in with Google, we receive your name, email address, and profile picture from your Google account. This information is managed by Supabase Authentication.

Task Data

We store the tasks you create, including titles, descriptions, tags, priorities, deadlines, scheduled times, and completion status. This data is stored in our database and is associated with your user account.

Timer Data

We store timer session data including start times, pause times, break durations, and completed session records to provide you with productivity statistics.

Google Calendar Data

If you choose to connect your Google Calendar, we access your calendar events to avoid scheduling conflicts. We store a cached copy of your calendar event titles, start times, end times, and busy/free status. We also create, update, and delete calendar events on your behalf when you create, reschedule, or complete tasks.

Google Classroom Data

If you choose to connect Google Classroom, we access your course list and coursework (assignments) to automatically import upcoming assignments as tasks. We store a record of which assignments have been imported to prevent duplicates. We do not modify any data in your Google Classroom account — access is read-only.

Canvas LMS Data

If you choose to connect Canvas LMS, we use your Canvas API token to fetch upcoming assignments from your courses. We store a record of which assignments have been imported to prevent duplicates. Your Canvas API token is stored securely in our database and is only used to authenticate requests to your institution's Canvas instance.

We request the following Google API scopes:

  • auth/calendar — to read, create, update, and delete calendar events for task scheduling and conflict detection
  • auth/classroom.courses.readonly — to list your Google Classroom courses (read-only, optional)
  • auth/classroom.coursework.me.readonly — to read your assignments and due dates (read-only, optional)

Google Classroom scopes are only requested when you explicitly choose to connect the Classroom integration from Settings. They are not required for core functionality.

Google OAuth Tokens

We securely store your Google OAuth access and refresh tokens to maintain your Google Calendar and (optionally) Google Classroom connections. These tokens are stored in our database and are only used to authenticate API requests to Google services on your behalf.

3. How We Use Your Information

  • To provide task scheduling and timer functionality
  • To automatically schedule tasks around your existing calendar events
  • To create and manage Google Calendar events for your scheduled tasks
  • To detect and resolve scheduling conflicts
  • To provide productivity statistics and task completion tracking
  • To estimate task durations using AI (task titles and descriptions may be sent to OpenAI's API for duration estimation)
  • To import assignments from Google Classroom and Canvas LMS as tasks (when connected)

4. Third-Party Services

We use the following third-party services:

  • Supabase — for authentication and database storage. See Supabase Privacy Policy.
  • Google APIs — for Google Sign-In and Google Calendar integration. See Google Privacy Policy.
  • OpenAI — for AI-powered task scheduling and duration estimation. Task titles, descriptions, and tags may be sent to OpenAI. See OpenAI Privacy Policy.

5. Data Storage and Security

Your data is stored securely in Supabase with row-level security (RLS) policies ensuring that users can only access their own data. All data transmission is encrypted using HTTPS. Google OAuth tokens are stored securely in our database and are never exposed to the client.

6. Data Retention and Deletion

Your data is retained as long as your account is active. You can request deletion of your account and all associated data by contacting us. Upon deletion, we will remove all your tasks, timer sessions, calendar data, and stored OAuth tokens.

7. Google API Services User Data Policy

TimeSlot's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only use Google Calendar and Google Classroom data to provide and improve task scheduling features
  • We do not sell your Google data to third parties
  • We do not use your Google data for advertising purposes
  • We do not allow humans to read your Google data unless required for security purposes, to comply with applicable law, or with your explicit consent
  • Our use of Google data is limited to providing the functionality described in this policy

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Disconnect your Google Calendar at any time by revoking access in your Google Account settings

9. Children's Privacy

TimeSlot is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes by updating the "Last updated" date at the top of this page.

11. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact Saloni Shah.