← Back to Home

Privacy Policy

Last updated: March 19, 2026

Google API Services User Data Policy

LifeOS's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We use the Google Calendar API solely to read calendar event data (using the calendar.events.readonly scope) for the purpose of displaying your upcoming events and automating “Recovery Buffers” — rest periods scheduled after high-drain meetings. This data is processed in real-time and is not stored beyond the current session’s processing needs.

Sharing, Transfer, and Disclosure of Google User Data

LifeOS does not share, transfer, sell, or disclose Google user data to any third parties, except in the following limited circumstances:

  • No sale of data: We do not sell your Google user data to any third party, for any purpose whatsoever.
  • Google Calendar data is never sent to AI: Although LifeOS uses Google’s Gemini API for productivity features (see “AI-Powered Features” section below), no Google Calendar data is ever sent to Gemini or any other AI model. The AI features process only user-created content (task descriptions, uploaded documents) that users explicitly submit.
  • Infrastructure providers (as necessary to provide the service): Your authentication data (email address, profile name) is processed by Clerk (our authentication provider) and stored in our Neon PostgreSQL database. These providers act as data processors on our behalf and are contractually obligated to protect your data.
  • Google Calendar event data is never stored or shared: Calendar event data retrieved from the Google Calendar API is processed in real-time within your active browser session only. It is not persisted to any database, not transmitted to any third party, and not used for any purpose other than displaying your schedule and suggesting recovery buffers.
  • Legal obligations: We may disclose your information if required to do so by law, such as in response to a court order or subpoena.

In summary: Google user data received via the Google Calendar API is never shared with, transferred to, or disclosed to any third party — including AI services. It is used exclusively within the LifeOS application to provide calendar-related features to you.

AI-Powered Features (Google Gemini)

LifeOS uses Google’s Gemini API (documentation) as a third-party AI integration to power the following productivity features:

  • Natural language task parsing: Converting free-text input into structured tasks
  • Intelligent day planning: Optimizing task order based on energy levels and time constraints
  • Task decomposition: Breaking complex tasks into actionable subtasks
  • Document extraction: Parsing uploaded documents (syllabi, PDFs) into structured tasks
  • Weekly productivity digest: Generating narrative insights from your productivity data

Models Used

Gemini 2.5 Flash, Gemini 2.5 Pro, and Gemini 2.5 Flash Lite — all accessed server-side via Google’s @google/generative-ai SDK.

What Data Is Sent to Gemini

  • User-created task descriptions and titles (only when the user explicitly triggers an AI feature)
  • Uploaded document content (only when the user explicitly requests document extraction)
  • Aggregated productivity metrics for digest generation (task counts, focus minutes — no personal identifiable information)

What Data Is Never Sent to Gemini

  • Google Calendar data — never sent to any AI model
  • Authentication credentials — email, passwords, OAuth tokens
  • Biometric sensor data — keystroke/mouse patterns remain on your device
  • Journal entries — private journal content is never processed by AI

Google’s Gemini API is subject to Google’s API Terms of Service and Google’s Privacy Policy.

Google Calendar Integration

LifeOS integrates with Google Calendar using read-only access (calendar.events.readonly scope). This integration allows LifeOS to:

  • Display your upcoming calendar events within the LifeOS schedule view
  • Identify long-duration meetings (60+ minutes) to suggest post-meeting recovery periods

Data Usage

  • We read calendar event start times, end times, titles, and durations
  • This data is processed in real-time within your browser session
  • Calendar data is not stored in any database or persisted beyond your active session
  • Calendar data is not shared with any third-party service, AI model, or analytics provider
  • No calendar event details (descriptions, attendees, location) are stored or transmitted to our servers

Revoking Access

You can revoke LifeOS’s access to your Google Calendar at any time through:

Upon revocation, all stored OAuth tokens are immediately deleted from our systems.

Biometric Sensor Data Processing

LifeOS processes biometric sensor data, including keystroke patterns and mouse movements, solely to generate a local-first ‘neuroScore’ that helps optimize your productivity and cognitive load management.

This processing occurs entirely on your device and is used to:

  • Calculate your current cognitive energy level
  • Recommend optimal work modes (Focus, Calm, or Recovery)
  • Schedule tasks based on your peak performance windows
  • Prevent cognitive burnout through proactive rest suggestions

Local-First Security: The Vault

Raw sensor logs are stored ONLY in your local ‘Vault’ (WatermelonDB) and are NEVER synced to LifeOS servers.

Your privacy is our top priority. All raw keystroke and mouse movement data remains on your device. Only aggregated, anonymized features (such as average typing speed or movement patterns) are used for local machine learning inference.

The Vault architecture ensures that:

  • Raw biometric data never leaves your device
  • Only refined scores (neuroScore) are synced to our servers for cross-device continuity
  • You maintain complete control over your sensitive data

What Data We Collect

We collect the following types of data:

  • Account Information: Email address, display name (via Clerk authentication)
  • Productivity Metrics: Task completion, focus session duration, XP and level progression
  • Aggregated Neuro Data: Refined neuroScore values (0-100 scale), not raw sensor data
  • Usage Patterns: Feature usage statistics to improve the product
  • Google Calendar Events (transient): Read in real-time during your session; never stored or shared

How We Use Your Information

  • To provide, maintain, and improve our services
  • To personalize your experience and deliver relevant content
  • To process transactions and manage your account
  • To send you notifications and updates about your tasks and progress
  • To analyze usage patterns and improve our algorithms
  • To detect and prevent fraud or abuse

Third-Party Services

We use the following third-party services. Each service receives only the minimum data necessary to perform its function:

  • Clerk (Privacy Policy): User authentication and account management. Receives your email address and profile information.
  • Google Gemini API (Terms | Privacy Policy): AI-powered productivity features including task parsing, day planning, and document extraction. Receives only user-created content when explicitly triggered. Never receives Google Calendar data.
  • Google OAuth & Google Calendar API (Privacy Policy): Google sign-in and read-only calendar access. Calendar data is processed in real-time and never stored or shared.
  • Neon PostgreSQL (Privacy Policy): Secure database hosting for your account and productivity data.
  • Stripe (Privacy Policy): Payment processing for subscriptions. We do not store your payment card details; Stripe handles all payment data.
  • Vercel (Privacy Policy): Application hosting and deployment infrastructure.

Important: While we use Google’s Gemini API for AI features, no Google Calendar data or other Google user data is ever sent to the AI service. See the “AI-Powered Features” section above for full details.

Data Storage and Security

All data is stored securely using industry-standard encryption. Your account information is managed by Clerk, a trusted authentication provider. Productivity data is stored in our secure database (Neon PostgreSQL).

  • Data is encrypted in transit using HTTPS/TLS
  • Data is stored in secure databases with access controls
  • Google OAuth tokens are encrypted at rest using AES-256 encryption
  • Raw biometric sensor data remains exclusively on your device in the local Vault and is never transmitted to our servers

Your Rights

You have the right to:

  • Access your personal data
  • Request deletion of your account and associated data
  • Revoke Google Calendar access at any time
  • Export your productivity data
  • Opt out of data collection (note: this may limit app functionality)

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with services. If you delete your account, we will delete or anonymize your personal information within 30 days, unless we are required to retain it for legal or regulatory purposes.

Google Calendar data is never retained — it is processed transiently during your active session only.

Children’s Privacy

Our services are not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have questions about this Privacy Policy, please contact us at lifeosvc@gmail.com

Terms of Service →