Privacy Policy

Last updated: March 26, 2026

What We Do

Dayfile ("the Service") connects your Google Calendar accounts to AI assistants via the Model Context Protocol (MCP). This policy explains what data we access, how we use it, and how we protect it.

Data We Access

When you connect a Google account, we request access to the following through Google's OAuth 2.0:

• Calendar data (read and write): Event titles, times, locations, descriptions, and attendee lists from calendars you choose to enable. Your AI assistant can also create events on your behalf. Scope: calendar.events
• Basic profile info: Your email address and display name, used to identify your connected accounts. Scopes: userinfo.email, userinfo.profile

How We Use Your Data

Your calendar data is used exclusively to:

• Display your events in the Dayfile web interface
• Respond to queries from your connected AI assistant (via MCP tools)
• Create calendar events on your behalf when requested through your AI assistant

We do not:

• Sell, share, or transfer your data to third parties
• Use your data for advertising or marketing
• Train AI models on your calendar data
• Access calendars you have not explicitly enabled

Data Storage & Security

• OAuth tokens are encrypted at rest using AES-256 (Fernet) encryption before being stored in the database.
• Calendar events are fetched on demand from Google's API and are not permanently stored. They exist only in memory during a request.
• If you self-host Dayfile, all data remains on your own infrastructure.

Data Retention

We store your Google OAuth credentials (encrypted) and your calendar display preferences (which calendars are enabled/disabled) for as long as your account is connected. When you disconnect an account, all associated data is immediately deleted from the database.

Your Rights

You can at any time:

• Disconnect any Google account from the Settings page, which immediately deletes all stored data for that account
• Revoke access directly from your Google Account permissions
• Request data deletion by contacting us at the email below

Google API Services User Data Policy

Dayfile's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through the application interface.

Contact

Questions or concerns? Reach us at: hello@cristiano.io