InstaCal Privacy Policy

Last updated: March 22, 2026

InstaCal ("the extension") is a Chrome extension that lets you create and edit Google Calendar events using natural language. This policy explains what data is collected, how it is used, and your rights.

1. Data We Collect

• Authentication tokens — A Google OAuth access token and Firebase ID/refresh tokens are stored locally in chrome.storage.local so the extension can make authorized API calls without the popup being open. These tokens are never transmitted to any server other than Google's APIs and the extension's own backend.
• Contacts — Names and email addresses that you explicitly add to your contacts list. These are stored locally and sent to the extension's backend only to resolve attendee names in event descriptions you create.
• User preferences — Settings such as default event duration, default location, and auto-review toggle. Stored locally only.
• Selected text — When you use the right-click context menu to create a calendar event, the selected text is sent to the extension's backend for natural language parsing. It is not stored beyond the duration of the request.

2. How Data Is Used

All data is used solely to provide the extension's core functionality: creating and editing Google Calendar events. Specifically:

• Authentication tokens authorize calls to the Google Calendar API on your behalf.
• Contacts and selected text are sent to the extension's backend (us-central1-instacal-app.cloudfunctions.net) to parse natural language and resolve attendee names.
• No data is used for advertising, profiling, or any purpose unrelated to calendar management.

3. Data Sharing

We do not sell, rent, or share your data with third parties. Data is transmitted only to:

• Google APIs (www.googleapis.com) — to create and manage your calendar events.
• Firebase / Google (identitytoolkit.googleapis.com, securetoken.googleapis.com) — for authentication.
• The extension's own backend (us-central1-instacal-app.cloudfunctions.net) — for natural language parsing, accessible only with your authenticated Firebase ID token.

4. Data Storage

Tokens and preferences are stored locally on your device using chrome.storage.local. No personal data is stored in a database controlled by InstaCal. Selected text is processed transiently and not retained after the API response.

5. Remote Code

The extension does not execute any remotely hosted code. All JavaScript is bundled inside the extension package. Network requests fetch data only — no executable code is fetched or evaluated at runtime.

6. Your Rights

You can remove all locally stored data at any time by uninstalling the extension or clearing extension storage in Chrome settings (Settings → Privacy and security → Site settings → View permissions and data stored across sites). Revoking Google account access removes the OAuth token and stops all Calendar API access.

7. Changes to This Policy

If this policy changes materially, the "Last updated" date above will be revised. Continued use of the extension after a policy change constitutes acceptance.

8. Contact

Questions? Open an issue or reach out via the Chrome Web Store support link on the extension's listing page.