Google Calendar MCP

Privacy Policy

Last updated: May 8, 2026

Overview

Google Calendar MCP ("the Service") is operated by Paytience. This policy describes what data we collect, how we use it, and your rights.

Data We Collect

  • Email address and display name from your Google account during OAuth sign-in.
  • OAuth tokens (access and refresh tokens) encrypted at rest using AES-256-GCM. Used solely to authenticate API requests to Google Calendar on your behalf.
  • Payment information processed by Stripe. We do not store card numbers or billing details on our servers.
  • Usage metadata (last access timestamp, session identifiers) for operational purposes.

Data We Do Not Collect

  • Calendar event content, titles, descriptions, or attendee lists are never stored on our servers.
  • Calendar data passes through the MCP server at runtime and is returned directly to your AI client.
  • We do not read, analyze, or retain your calendar data.

How We Use Your Data

  • Authenticate requests to the Google Calendar API on your behalf.
  • Process payments and manage your license.
  • Send transactional emails (setup instructions, API key delivery).

Data Storage and Security

  • OAuth tokens are encrypted with AES-256-GCM before storage.
  • Data is stored in Supabase (hosted on AWS) with row-level security.
  • API keys are stored as SHA-256 hashes (irreversible).
  • All communication uses TLS/HTTPS.

Third-Party Services

  • Google for OAuth authentication and Calendar API access.
  • Stripe for payment processing.
  • Supabase for encrypted token storage.
  • Vercel for website hosting and analytics.
  • Brevo for transactional email.

Your Rights

  • Revoke access: Remove the app from your Google account at any time via Google Account Permissions.
  • Delete data: Contact us to permanently delete all stored data associated with your account.
  • Export data: Request a copy of all personal data we hold.

Data Retention

We retain your encrypted tokens and account data for as long as your license is active. If you request deletion or your license is revoked via refund, all associated data is permanently removed within 30 days.

Contact

For privacy inquiries, data deletion requests, or questions about this policy, open an issue on our GitHub repository or email privacy@gcalmcp.com.

Changes

We may update this policy from time to time. Material changes will be posted on this page with an updated "Last updated" date.