Privacy Policy
Effective Date: September 28, 2025
At Bound, we value your privacy and are committed to keeping your information safe. Our app and server are designed with a simple and secure approach to protect your data at all times.
What Data We Collect
Bound collects minimal data to operate its services. The following information may be collected to improve app performance and ensure reliable synchronization:
- Identifiers
- Usage Data (information about how you use the app, not your event data)
- Diagnostics
Some of this information may be processed through Google Analytics and Firebase to help improve the app experience.
What Google Data We Access
- Your Google account email address
- Google Calendar lists (names, colors, IDs)
- Calendar events (titles, start and end times, time zones, locations, descriptions, attendee information when applicable)
- Incremental sync metadata such as sync tokens
- Google Contacts (names, email addresses, and avatars) used only for attendee suggestions when creating or editing events
How Your Data Is Used
- Google Calendar data is used only to display, create, update, or delete calendar events as requested by you.
- Bound does not use your Google data for advertising or share it with third parties.
- All access to your Google data occurs through Google's secure OAuth 2.0 authorization flow and only with your explicit consent.
- Google Contacts information is used exclusively for attendee auto-completion when adding participants to your events. This data is processed only on your device.
- Bound does not upload, store, or transmit your Google Contacts to any external server.
Server Storage and Handling
Bound uses a secure backend server to support reliable and real time synchronization with Google Calendar. The server stores only what is required for synchronization:
- Your Google account email address
- Encrypted OAuth 2.0 refresh token (used only to obtain new access tokens when needed)
- Device identifiers and push notification tokens for delivering sync notifications
- Google Calendar watch channel metadata, including channel IDs, resource IDs, and expiration timestamps
Bound does not store access tokens. Access tokens are used only temporarily in memory and are never saved.
Bound does not store any of your calendar event contents such as titles, descriptions, locations, notes, reminders, or attachments. These remain on your device and within your Google account.
All sensitive data stored on the server, including refresh tokens, is encrypted using AWS Key Management Service and stored in AWS DynamoDB under strict access control. All communication between your device, the Bound server, and Google APIs occurs over encrypted HTTPS connections.
Bound does not store any of your calendar event contents such as titles, descriptions, locations, notes, reminders, or attachments. Bound also does not store Google Contacts data. All contact data is processed only on your device and never leaves it.
Real Time Synchronization and Notifications
Bound uses your encrypted refresh token and Google Calendar watch channel metadata to keep your calendars synchronized across devices. The refresh token is used only to obtain new access tokens when required. Watch channel metadata is used to detect newly created, updated, or deleted events. Your device identifier and push notification token are also stored so Bound can deliver sync notifications when changes are detected.
Bound’s use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Data Retention for Google User Data
Bound retains only the minimum Google user data required to support real time synchronization. Bound does not store Google Calendar event contents or Google Contacts data at any time.
Calendar Events
Bound does not store any Google Calendar event contents, including titles, descriptions, locations, reminders, notes, or attachments. All event data remains within your Google account and your device.
Contacts
Google Contacts data (names, email addresses, avatars) is used only for attendee suggestions and is processed exclusively on your device. This data is never uploaded, stored, or retained on any server. It is removed immediately after use.
Metadata Required for Sync
The only data retained on the server is the minimum metadata needed for synchronization:
- Your Google account email address
- Encrypted OAuth 2.0 refresh token
- Device identifiers and push notification tokens
- Google Calendar watch channel metadata
Data Deletion for Google User Data
Bound allows you to delete all Google-related user data at any time. Bound does not store Google Calendar event contents or Google Contacts data, so no such data remains once the app is closed, signed out, or removed.
Device Sign Out
When you sign out on a single device, only that device’s information is removed from the server, including:
- Device identifier
- Push notification token
Other devices connected to the same Google account will continue to operate normally.
All Devices Signed Out
If all devices associated with your Google account are signed out of Bound, the server removes all remaining account-related data, including:
- Encrypted refresh token
- Google Calendar watch channel metadata
- All device records
Google Account Revocation
You may also revoke Bound’s access from your Google Account settings. When access is revoked, the refresh token becomes invalid. Bound detects this the next time it attempts to refresh the access token and removes all server-stored data associated with your account, including the encrypted refresh token and watch channel metadata.
Permissions Requested
Bound requests access to certain features solely to provide core app functionality:
- Google Calendar: To display and manage your calendar events.
- Location: To display weather information and attach a location when creating events.
- Contacts: To search and add attendees when creating events. Google Contacts data is processed only on your device and never sent to the Bound server.
Your Privacy, by Design
Your Google account data remains within your Google account and is accessed securely through official Google APIs. Bound stores only what is required for synchronization and does not store your event contents.
You may disconnect your Google account at any time. When disconnected from all devices, all related server data is removed automatically.
Contact
If you have any questions about this Privacy Policy, please contact us at: support@daymore.com
Company: DayMore Corp.
Person in Charge: JeongMin Kang