Privacy Policy

Last updated: March 2026

1. Overview

Dashboard is a personal productivity application. This policy describes what data is collected, how it is used, and how it is protected. We do not sell, share, or otherwise disclose your data to third parties.

2. Data we collect

Account information — your name, email address, and profile picture, obtained from Google OAuth or stored as a hashed password if you use credential-based sign-in.
Widget configuration — settings you enter for each dashboard widget (e.g. location, stock tickers, calendar IDs). Sensitive values are encrypted at rest.
Google OAuth tokens — short-lived access tokens and refresh tokens that allow the application to fetch your Google Calendar events and Google Tasks on your behalf. These are stored only in your encrypted session cookie and are never written to a database.

3. How we use your data

To authenticate you and maintain your session.
To display your Google Calendar events and Google Tasks inside the dashboard. Data retrieved from Google APIs is displayed directly to you and is not stored on our servers beyond the duration of the API response.
To save and restore your widget layout and configuration.

4. Google API scopes used

We request the following Google OAuth scopes:

openid, email, profile — to identify you and display your name/avatar.
https://www.googleapis.com/auth/calendar.readonly — to read your calendar events (read-only; we never write to your calendar).
https://www.googleapis.com/auth/tasks.readonly — to read your task lists (read-only; we never create or modify tasks).

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5. Data sharing

We do not sell, rent, or share your personal data or Google user data with any third party. Data fetched from Google APIs is used solely to render your personal dashboard and is not retained beyond the server-side request.

6. Data retention

Account records and widget configuration are stored in a private database and retained for as long as you have an active account. OAuth tokens are stored only in your encrypted session cookie, which expires when you sign out. You may request deletion of your data at any time by contacting the application owner.

7. Security

All data in transit is protected by TLS. Sensitive widget configuration values are encrypted at rest using AES-256-GCM. Session tokens are stored in HTTP-only, secure cookies.

8. Changes to this policy

We may update this policy periodically. The "last updated" date at the top of this page reflects when changes were last made.