Calendar sync tools access your OAuth tokens and event data, but legitimate tools only store what is needed for synchronization and encrypt sensitive information at rest. SYNCDATE uses AES-256-GCM encryption, EU-hosted infrastructure (Hetzner, Germany), and "Busy" privacy mode by default to ensure your calendar stays private — even from your own synced calendars.
When you connect multiple calendars, you are granting a third-party tool access to sensitive personal information: meeting times, attendees, locations, and sometimes medical appointments or salary reviews. According to Reclaim.ai's productivity research, the average professional's calendar contains over 25 meetings per week — each one a data point that needs protection. Understanding what data sync tools actually access, store, and share is critical to making an informed choice.
What Data Do Calendar Sync Tools Access?
OAuth Scopes and Permissions
Calendar sync tools request specific permissions through OAuth 2.0, the industry-standard authorization protocol. When you click "Connect Calendar," you are granting access to:
- Event data: Event titles, descriptions, times, recurrence rules, attendee lists, locations
- Calendar metadata: Calendar names, colors, timezone, availability information
- Sync tokens: Proprietary Google tokens to fetch only new changes since the last sync (incremental sync)
- Account identity: Your email address and basic profile information
What they cannot access without additional permissions:
- Your Gmail inbox
- Your Google Drive files
- Your phone contacts or location data
- Other users' calendars (only those you have permission to edit)
Google's OAuth system enforces these permission boundaries at the API level. A calendar sync tool cannot request broader access without showing you a new consent screen. You can review and revoke permissions at any time from your Google Account security settings. The same applies to Microsoft Outlook accounts connected via the Microsoft Graph Calendar API.
Real vs. Transient Data Access
The critical distinction is between access and storage:
| Data Type | Accessed | Stored | Duration |
|---|---|---|---|
| OAuth token (access + refresh) | Yes | Yes (encrypted) | Until revoked |
| Event titles and descriptions | Yes | No (transient processing) | Milliseconds during sync |
| Event times and attendees | Yes | No (transient processing) | Milliseconds during sync |
| Sync tokens | Yes | Yes (encrypted) | Until next sync |
| Event mappings (source ID to target ID) | Yes | Yes | While sync active |
| Event content not in scope | No | No | N/A |
SYNCDATE accesses event data to perform synchronization but only stores event mapping records (which source event corresponds to which target event) and encrypted tokens. We do not cache event titles, descriptions, attendee lists, or any event content beyond the moment of processing.
How SYNCDATE Protects Your Data
Encryption at Rest: AES-256-GCM
Your most sensitive data — OAuth tokens (access and refresh tokens) — are encrypted using AES-256 in Galois/Counter Mode (GCM), the same encryption standard recommended by NIST (National Institute of Standards and Technology) and used by government agencies worldwide. These encrypted tokens are stored in our database and decrypted only when needed to fetch or push calendar changes.
What this means in practice:
- Even if our database were breached, encrypted tokens would be cryptographically locked without the encryption key
- Encryption keys are stored separately from the encrypted data (not in the same database)
- Each token has a unique encryption context (initialization vector), preventing pattern-based attacks
- AES-256-GCM provides both confidentiality and integrity verification — tampering with encrypted data is detected automatically
Event data is transmitted over HTTPS/TLS (encrypted in transit) between SYNCDATE, your browser, and Google's API servers. Data at rest is stored in our EU-hosted PostgreSQL database with encrypted token fields.
Privacy Modes: "Busy" by Default
When SYNCDATE syncs an event to another calendar, it can display the event as:
- "Busy" (default): Shows only that you are unavailable. Hides event title, description, and attendees. Other people viewing your synced calendar see a blocked time slot with no details.
- Full details: Syncs title, description, times, and attendees (you choose per sync process)
This prevents your personal or medical appointments from exposing sensitive details on shared work calendars — even if someone gains access to that calendar. The "Busy" default means privacy is protected from the moment you start syncing, without requiring any configuration.
For more on how sharing permissions compare to sync privacy controls, see our guide on calendar sharing vs syncing.
OAuth Tokens: Never Seen or Logged
We store encrypted tokens but enforce strict handling rules:
- Tokens are never logged to text files, error messages, or monitoring systems
- Tokens are never transmitted to third-party services (analytics, error tracking, support tools)
- Tokens are never used for purposes outside the sync (we cannot use your token to access your Gmail, for example)
- You can revoke access anytime from your Google Account settings, and SYNCDATE's access is immediately disabled
This approach follows Google's OAuth security best practices for third-party integrations.
Data Retention and Cleanup
What We Store
- Accounts table: Encrypted OAuth tokens, account nickname (you choose), provider information
- Calendar connections: Calendar list, sync cursor (technical pointer for incremental sync), webhook subscription metadata
- Synced events: Mapping of which events were synced between calendars (source ID to target ID) to prevent duplicates
- Sync logs: Timestamps, action types (created/updated/deleted), error codes for troubleshooting — no event content
What We Do Not Store
- Event titles, descriptions, or body content (processed transiently, never persisted)
- Event attachments
- Email addresses of attendees in a separate database (attendee lists are only processed during sync)
- Event locations (unless synced as part of the event itself to the target calendar)
- Chat or comment threads from meetings
- Recordings or transcripts
Automatic Cleanup
- Sync logs older than 90 days are automatically deleted (configurable)
- Orphaned event mappings are deleted 30 days after you delete a sync
- When you delete a sync, you can choose to remove all synced events from target calendars (clean exit — synced events are deleted, original events untouched)
- Account deletion removes all data within 30 days
This retention approach aligns with the GDPR data minimization principle (Article 5(1)(c)): personal data should be adequate, relevant, and limited to what is necessary.
EU Hosting and GDPR Compliance
SYNCDATE is hosted on Hetzner servers in Germany using infrastructure designed for GDPR compliance:
- Data residency: Your data never leaves the EU. No US cloud provider involvement in data storage or processing.
- Subprocessors: We use minimal third-party services, all GDPR-compliant and EU-based where possible
- Cloudflare CDN: Static assets only (caching, DDoS protection); no personal data transits Cloudflare
- Right to deletion: You can delete your account anytime, and all associated data is purged within 30 days (GDPR Article 17)
- Data portability: You can export your sync history before deletion (GDPR Article 20)
- Breach notification: We report breaches within 72 hours per GDPR Article 33
The EU Data Protection Board provides guidance on cross-border data transfers that influences how we architect our infrastructure. Unlike competitors hosted on AWS US or Google Cloud US regions, your calendar data never passes through US data centers, avoiding potential complications from US surveillance legislation (CLOUD Act, FISA Section 702). For region-specific guidance, see our guides for European teams and UK GDPR compliance.
Why EU Hosting Matters for Calendar Data
Calendar data is uniquely sensitive because it reveals behavioral patterns: when you work, who you meet, where you go, and how you spend your time. The GDPR provides stronger protections for this type of data than US federal privacy laws, including:
- Purpose limitation: Data can only be used for the stated purpose (calendar synchronization)
- Storage limitation: Data must be deleted when no longer needed
- Accountability: The data controller (SYNCDATE) must demonstrate compliance
- Individual rights: You have the right to access, correct, delete, and port your data
Comparison: Privacy Features Across Calendar Sync Tools
| Feature | SYNCDATE | CalendarBridge | OneCal | OGCS |
|---|---|---|---|---|
| Token encryption at rest | AES-256-GCM ([NIST standard](https://csrc.nist.gov/pubs/sp/800/38/d/final)) | Not documented | Not documented | Local storage (your machine) |
| EU hosting | Hetzner, Germany | US-based | US-based | Local (offline capable) |
| Privacy modes (Busy/Full) | Yes (Busy default) | No | No | Yes |
| Automatic log deletion | 90 days | Not documented | Not documented | Local (your control) |
| Right to deletion (one-click) | Yes | No documented process | No documented process | Yes (delete local app) |
| OAuth token logging blocked | Yes | Not documented | Not documented | Yes (local) |
| [Sync token](/blog/how-calendar-sync-works) (incremental sync) | Yes | Yes | Yes | Yes |
| GDPR compliance documented | Yes | Not documented | Not documented | N/A (local tool) |
Note: "Not documented" means these tools do not publicly disclose their privacy practices in their documentation or marketing materials. Competitors with cloud hosting (CalendarBridge, OneCal) use US infrastructure by default. For a full feature comparison, see our best calendar sync tool comparison.
Common Privacy Fears, Addressed
"Can my employer see my personal calendar events?"
Only if you sync them to your work calendar yourself — and only if you use "Full details" mode. Calendar sync tools do not expose events across different accounts; they only sync between calendars you have explicitly configured. If you sync your personal calendar to your work calendar with "Busy" mode (the default in SYNCDATE), your employer sees only that you are unavailable, not what you are doing.
"Is my event data sold to advertisers?"
No. SYNCDATE generates revenue from subscriptions (free tier, Starter at EUR 1.99/mo, Pro at EUR 8.99/mo), not data sales. We have no advertising business. Your calendar data has zero commercial value to us except for providing the sync service you are paying for. This is a fundamental difference from free tools that monetize user data. For pricing details, see our calendar sync pricing guide.
"What if SYNCDATE is hacked?"
- OAuth tokens are encrypted with AES-256-GCM, so attackers would only get encrypted blobs with no practical value without the encryption key
- Event data is not stored beyond transient processing, limiting exposure
- We report breaches within 72 hours per GDPR Article 33; you would be notified immediately
- You can revoke access instantly from Google Account settings if compromise is suspected
"Does SYNCDATE read event content for AI training or profiling?"
No. We do not use machine learning, AI, or any algorithm that analyzes event content. The only processing we perform is the sync operation itself (detecting new, changed, and deleted events). Event text is never analyzed, indexed, or profiled. We do not build behavioral models from your calendar data.
"Can SYNCDATE see events from calendars I haven't connected?"
No. We have zero access to calendars you have not connected. If your Google account has multiple calendars, we can only access calendars you have individually authorized in the sync wizard. Google's OAuth scope limits access to the specific permissions you granted.
For practical tips on keeping your personal calendar private while syncing to work, see How to Keep Your Personal Calendar Private at Work. If you want to understand what to look for when granting any app calendar access, read Is It Safe to Give Apps Access to Your Google Calendar?. And if you're wondering whether colleagues can see your synced personal events, the answer depends on your setup — see can coworkers see your personal Google Calendar?
FAQ: Privacy and Security Questions
Does SYNCDATE support end-to-end encryption (E2EE)?
Not currently. E2EE would prevent us from reading event data to perform synchronization — the sync engine needs to read events from one calendar and write them to another. Instead, we use encryption at rest (protecting stored tokens with AES-256-GCM) and encryption in transit (HTTPS/TLS). For maximum privacy, use "Busy" mode when syncing sensitive calendars.
How do I delete my data if I stop using SYNCDATE?
Go to Settings and click Delete Account. This immediately deletes your syncs, accounts, calendars, and all associated data. You can optionally delete synced events from all target calendars before deletion (clean exit). Permanent deletion completes within 30 days per GDPR requirements.
Does SYNCDATE use my calendar data for analytics or product improvement?
We collect anonymized usage metrics (number of syncs, error rates, sync latency) but never event content. We do not know what your events are about — only that a sync succeeded or failed. Our analytics approach is documented in detail and uses no personal event data.
Why EU hosting specifically? Isn't US hosting fine?
EU hosting means your data is protected by GDPR, which provides stronger privacy rights than US federal laws: data portability, right to deletion, mandatory breach notification within 72 hours, and purpose limitation. US legislation like the CLOUD Act allows law enforcement to request data from US cloud providers with a warrant, while GDPR adds judicial oversight requirements that make such requests more difficult to execute.
Are my events visible to SYNCDATE support staff?
No. Support staff can only access sync logs (timestamps, action types, error codes), not event content. Event titles, descriptions, and attendee lists are never stored in our database. If you need help troubleshooting, we request permission to access specific sync logs — not your calendars.
What happens if I disconnect an account?
Your encrypted OAuth token for that account is deleted immediately. Syncs using that account are paused. You can optionally delete all events that were synced from that account to others. The disconnection is instant and irreversible — to reconnect, you must go through OAuth consent again.
How does SYNCDATE handle Google Calendar API rate limits?
Google enforces API quotas and rate limits that affect all calendar tools. SYNCDATE uses incremental sync via sync tokens to minimize API calls, processes webhooks efficiently, and employs exponential backoff when rate-limited. This means your sync stays fast without hitting Google's limits. For more on this topic, see our guide on why calendar sync can be delayed.
Is SYNCDATE's webhook connection secure?
Yes. SYNCDATE validates every incoming webhook notification against expected channel tokens and resource IDs. Webhook endpoints include rate limiting and deduplication to prevent replay attacks. All webhook traffic is encrypted via HTTPS/TLS.