How Poyntr uses Google user data

Google Calendar API (read-only), Poyntr reads your upcoming events from the Google Calendar you connect, so the coach can render your day-at-a-glance and weight coaching context against your actual schedule. We do not write, modify, or delete events.

Google OpenID Connect (openid, email), Poyntr verifies the email address of the Google account you choose, so we can associate the calendar connection with your Poyntr identity. We do not request your profile, contacts, or any other Google data.

https://www.googleapis.com/auth/calendar.readonly, read-only access to your Google Calendars.

openid, verify your Google account identity at the moment of connection.

email, confirm the email address of the Google account you are connecting.

You initiate the connection from your Poyntr account settings, under Settings then Integrations. We never use service-account impersonation or domain-wide delegation. Each connection is authorised by you, individually, against your own Google account.

Our backend calls the Google Calendar API with the OAuth access token we received from your authorisation, scoped to the calendars you selected. The token is refreshed periodically using the refresh token; both tokens are stored only in encrypted form (see "How Poyntr stores Google user data" below).

Day-at-a-glance rendering. The coach surfaces a brief view of your upcoming events (title, time, location, organiser) so you can orient quickly.

Coaching context. Event metadata is fed into the coaching prompt as background context, weighted by whether the calendar is "personal" or "work" and by whether you have opted in to direct event references. By default, the coach may use event timing to weight day-shape but will not name specific events. You can opt in per-calendar to allow direct references.

No model training. Poyntr does not use any Google user data to train, fine-tune, or improve AI models. Our AI providers are contractually bound to zero-retention agreements.

No advertising. Poyntr does not run advertising and does not share Google user data with any advertising platform.

No data sale. Poyntr does not sell or rent Google user data to any third party.

No human reads. Google user data is processed by our automated systems; no Poyntr employee reads the content of your calendar events unless you explicitly authorise it as part of a support investigation, recorded in our immutable audit log.

Poyntr operates a self-hosted AI model on infrastructure it controls. Google Workspace data, for example your Google Calendar events, is processed by this self-hosted model when you select an event to prepare a coaching prompt; it is not transferred to any third-party AI provider for that feature.

Poyntr also uses third-party AI sub-processors for general coaching responses. Where you have permitted it, Google Calendar context may be included in a coaching response processed by such a sub-processor. All sub-processors operate under zero-retention agreements that contractually prohibit using your data for training, fine-tuning, or any purpose beyond delivering your real-time response. No Google Workspace data, raw or derived, is ever used to train or improve any AI model.

OAuth access tokens and refresh tokens are stored only in envelope-encrypted form, under a per-user data encryption key (DEK), which is itself wrapped by a per-tenant key encryption key (KEK), which is itself wrapped by an HSM-bound root key in a managed key-management service. Plaintext tokens never touch disk.

Event metadata fetched from the Calendar API (title, time, location, organiser) is held in memory for the duration of the coaching turn and used to construct the prompt context. It is not persisted as a separate database record beyond what is necessary to render the day-at-a-glance for your current session.

All Google user data at rest is held in UK-based cloud infrastructure (London region).

Poyntr does not transfer Google user data to any third party except as strictly necessary to deliver the coaching service to you.

AI inference. The calendar event-preparation feature (selecting an upcoming event to prepare for) is processed by Poyntr's self-hosted AI model, running on infrastructure Poyntr controls, and is NOT shared with any third-party AI provider. For general coaching responses, limited Google-derived context (event timing used to weight your day-shape; specific event details only if you opt in per calendar) may be passed to a third-party large-language-model sub-processor under a zero-retention agreement that contractually prohibits training. No AI provider receives your OAuth refresh token; it sees only the minimal snippet relevant to the current turn.

No transfer to your employer or organisation. Calendar event content is never surfaced to your organisation's administrators. Only platform-level aggregate counts (e.g. "number of users with a calendar connected") are visible to administrators, and only above minimum cohort thresholds.

The use and transfer of raw or derived user data received from Google Workspace APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

(a) Poyntr uses Google user data only to provide or improve user-facing features that are prominent in the requesting application's user interface (day-at-a-glance, coaching context).

(b) Poyntr does not transfer Google user data to third parties except (i) as necessary to provide or improve user-facing features and (ii) for security purposes (e.g. investigating abuse).

(c) Poyntr does not use Google user data for serving advertisements.

(d) Poyntr does not allow humans to read Google user data unless we have obtained the user's affirmative agreement, it is necessary for security purposes, or to comply with applicable law.

In Poyntr: open Settings then Integrations, choose the Google Calendar connection, and click Disconnect. Poyntr immediately deletes the encrypted token envelope and stops calling the Google Calendar API on your behalf.

In Google: visit https://myaccount.google.com/permissions, find Poyntr in the list, and click "Remove access". This revokes the OAuth grant from Google's side. You may want to do this in addition to disconnecting in Poyntr; both paths work independently.

After revocation, any cached refresh token in our system becomes unusable. Encrypted token material is removed from our database within 30 days as part of standard retention. To accelerate that removal, you can request data erasure via [email protected].

You can request a copy of the Google-derived data we hold about you (typically a list of recent events Poyntr has read), correction of any inaccuracies, and erasure of all your data, by writing to [email protected]. Erasure is performed by crypto-shredding (key destruction) so backups containing the encrypted envelope are rendered permanently unrecoverable.

For questions about our use of Google APIs, our verification status, or to report a Google-data-related concern, contact [email protected] with subject "Google API". For general privacy questions, see our Privacy Policy.