🔒 Privacy Policy

Last updated: May 2026

            Your privacy matters. VoiceScheduler is designed with privacy in mind. We collect minimal data and never sell your information.
        

1. Information We Collect

VoiceScheduler collects the following information to provide our service:

Voice Data: Audio is processed on-device for speech recognition. Voice recordings are not stored or transmitted to our servers.
Schedule Data: Event information you create is stored locally on your device and synced with Google Calendar if you enable this feature.
Google Account: If you choose to sync with Google Calendar, we access your calendar data through Google's secure OAuth authentication.

2. How We Use Your Information

To convert your voice input into calendar events
To sync events with Google Calendar (optional)
To improve app functionality and user experience

3. Sharing, Transfer, and Disclosure of Google User Data

            We do not sell, share, transfer, or disclose your Google user data to any third parties.
        

When you sign in with Google and authorize Google Calendar access:

Your Google Calendar data is accessed only on your device to display and create calendar events within the app.
We do not transfer your Google user data to any third-party servers, advertisers, or data brokers.
We do not share your Google account information (name, email, profile picture) with any external parties.
Google Calendar data is transmitted directly between your device and Google's servers using secure OAuth 2.0 authentication. VoiceScheduler acts only as an intermediary client.
Your Google authentication tokens are stored securely in the device Keychain and are never transmitted to our servers.

VoiceScheduler's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4. Third-Party Services

VoiceScheduler uses the following third-party services:

Google Calendar API: For calendar synchronization. Data flows directly between your device and Google's servers. Governed by Google's Privacy Policy.
Google Gemini AI: Used solely to parse free-form schedule text (e.g., "lunch with Sam tomorrow at noon") into structured event fields (title, date, time). What is sent: only the transcribed text of what you spoke, plus a fixed system instruction. What is NOT sent: your name, email address, Google account profile, OAuth tokens, calendar contents fetched from Google Calendar, contacts, device identifiers, or any other personally identifying information. Requests to Gemini use VoiceScheduler's standard Google Generative Language API key and are not opted into any model-training program.
Apple Speech Recognition: For on-device voice-to-text conversion. Audio is processed locally on your device.

5. Data Protection & Security Measures

VoiceScheduler implements the following technical and organizational measures to protect sensitive data, including Google user data:

5.1 Encryption

In transit: All communication with Google APIs (OAuth 2.0, Google Calendar API) and Google Gemini AI is encrypted using TLS 1.2 or higher (HTTPS). Apple's App Transport Security (ATS) is enabled and enforces HTTPS for every network connection the app makes.
At rest: Calendar event data stored locally on your device is protected by Apple's iOS Data Protection, which uses AES-256 hardware encryption tied to your device passcode and biometrics.

5.2 Authentication & Credential Storage

We use OAuth 2.0 for Google account access. VoiceScheduler never sees, handles, or stores your Google password.
Google OAuth access tokens and refresh tokens are stored exclusively in the iOS Keychain using the kSecAttrAccessibleWhenUnlockedThisDeviceOnly accessibility class. Tokens never leave your device and are never transmitted to any VoiceScheduler-operated server.
VoiceScheduler requests only the minimum scope required: https://www.googleapis.com/auth/calendar.events. With this scope the app can only read and modify events it has created, and cannot access events created by other applications.

5.3 Access Controls

Google user data is processed only on your device. VoiceScheduler does not operate a backend server that stores, analyzes, or has the ability to access your Google user data.
No employee, contractor, or third party at VoiceScheduler/ValueWave has access to your Google user data, calendar contents, or voice recordings.
You can revoke VoiceScheduler's access to your Google Account at any time at https://myaccount.google.com/permissions.

5.4 Data Minimization & Retention

Voice audio is processed on-device by Apple's Speech framework and is not retained after transcription.
Only the transcribed text (without your name, email, or other personal identifiers) is sent to Google Gemini for natural-language parsing into calendar event fields.
Calendar data fetched from Google is held in memory only for as long as required to display the events; it is not persisted to any third-party storage.
You can delete all locally stored app data at any time from within the app or by uninstalling it.

5.5 Secure Software Practices

All source code is reviewed before each App Store release.
Security-relevant dependencies (Google Sign-In SDK, GoogleAPIClientForREST) are kept up-to-date with the latest stable versions.
The app is distributed exclusively through Apple's App Store, which provides code signing and integrity verification.
Any security incident affecting Google user data will be disclosed to affected users and reported to Google in accordance with the Google API Services User Data Policy. Reports may be sent to privacy@voicescheduler.app.

5.6 Limited Use Compliance

VoiceScheduler's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Google user data is used solely to provide the user-facing scheduling features described in this policy. We do not use Google user data for advertising, do not sell it, and do not transfer it to third parties except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.

5.7 AI/ML Training Disclosure (Workspace APIs)

            VoiceScheduler does not use any data obtained through Google Workspace APIs (including the Google Calendar API) to develop, improve, or train generalized or non-generalized AI/ML models — of any kind, ours or any third party's.
        

Calendar event data obtained via the calendar.events scope is used only to display events back to the same signed-in user during their app session and to create or update events the user explicitly requests.
Calendar event data is never transmitted to Google Gemini, OpenAI, or any other AI/ML system.
The natural-language parsing performed by Google Gemini operates only on the user's freshly transcribed voice text, never on data fetched from Google Calendar or other Workspace APIs.
VoiceScheduler does not store Google user data on any backend server and therefore has no dataset that could be used for model training.
No human review of Google user data is performed for any purpose, including model improvement.

6. How VoiceScheduler Uses the Google Calendar Scope

This section explains, in plain language, the user-facing reason VoiceScheduler requests the https://www.googleapis.com/auth/calendar.events scope, in line with Google's "minimum scope" requirement.

User benefit: The scope allows users to convert spoken sentences such as "meeting with Alex next Tuesday at 3pm" directly into Google Calendar events without manual typing. Created events appear instantly on every device where the user's Google Calendar is synced.
Why calendar.events and not calendar: The reduced calendar.events scope grants access only to event-level resources, and only for events the user explicitly creates or modifies through VoiceScheduler. It does not grant access to calendar lists, ACLs, settings, or events created by other applications. This is the minimum scope required to deliver the feature.
What happens if the user declines the scope: The app continues to function as a local voice-to-schedule tool, storing events on-device only. No Google Calendar features are used until the user grants consent.
Operations performed under the scope: read events VoiceScheduler created (to display them in the app), create new events from voice input, and update or delete events the user explicitly requests to modify. All operations are user-initiated.
Frequency & volume: API calls are made only in direct response to a user action (speaking a command, opening the app's calendar view, or editing an event). VoiceScheduler does not perform background polling or batch retrieval of calendar data.

7. Your Rights

You have the right to:

Access your data stored in the app
Delete your data at any time
Revoke Google Calendar access through your Google Account settings
Opt out of any data collection

8. Children's Privacy

VoiceScheduler is not intended for children under 13. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date.

10. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: privacy@voicescheduler.app