Privacy

Summary

We collect the minimum needed to run Olene: your email, the calendars you connect, the events that flow through them, and the screenshots you upload. We use that data to operate the product. We do not sell it, share it with advertisers, or train third-party AI on it.

What we collect

• Account. Your email and (if you sign in with Google) your name and profile photo.
• Calendar data. When you connect a source (Google, Outlook, Apple, ICS), we store events from that source so we can display them, detect conflicts, and sync changes back. We hold the OAuth tokens needed to read and write to the source calendar.
• Screenshots and PDFs. When you upload an image or PDF for event extraction, we store it temporarily so the extraction can run and you can review the result. After review, the image is deleted; only the structured event data persists.
• Usage logs. Standard server logs (IP, user agent, request timestamps) for security, debugging, and abuse prevention. Retained for 30 days.

How we use it

• To run the product — show your unified calendar, detect conflicts, sync to your sources.
• To send transactional email — receipts, magic links, security notices.
• To improve accuracy — we may review anonymized extraction failures to make the model better. You can opt out in Settings.
• To prevent abuse — rate limits, fraud detection, account safety.

Who we share it with

Only with the service providers we need to run Olene: our cloud host (Supabase / Vercel), our payment processor (Stripe), our email provider (Resend), and our extraction model (Anthropic). Anthropic processes only the screenshots and PDFs you explicitly upload for event extraction — your calendar data from Google, Outlook, Apple, and ICS feeds is never sent to any AI model. Each provider processes data on our behalf under their own published privacy terms. We do not sell or rent your data, ever.

Storage and security

All data is encrypted in transit (TLS) and at rest. OAuth tokens are stored encrypted with per-user keys. Access to production data is limited to a small number of engineers and audited.

Your rights

• Export — every event in Olene exports as ICS at any time.
• Delete — you can delete your account and all associated data with one click in Settings. Deletion is permanent and immediate.
• Access — email privacy@olene.app to request a copy of everything we hold about you.

Google API services user data policy

Olene's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, Olene will not:

• Use Google user data for serving advertisements.
• Allow humans to read Google user data, except (a) with the user's affirmative agreement for specific messages, (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) for internal operations where the data has been aggregated and anonymized.
• Transfer Google user data to others except as necessary to provide or improve user-facing features prominent in the Olene user interface, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with the user's prior notification.
• Use Google user data, or any data derived from it, to train generalized AI/ML models.

The Google API scopes Olene requests are:

• openid, email, profile — identify the user during sign-in.
• https://www.googleapis.com/auth/calendar.calendarlist.readonly — list the user's calendars so they can choose which to sync.
• https://www.googleapis.com/auth/calendar.events— read and write events for two-way sync between Google Calendar and the user's Olene account.

Children

Olene is not intended for users under 16. We do not knowingly collect data from children.

Changes

If we change anything material in this policy, we'll email every active account at least 30 days before the change takes effect.

Contact

Questions: privacy@olene.app.