Outlook ↔ Google Calendar Sync

View project on GitHub

Feature Packed, Open Source .... and Free!
User Guide Wiki & Blog Get Involved About

Privacy Policy Notice

The policy

This privacy policy notice is served by Outlook Google Calendar Sync under the website; https://www.outlookgooglecalendarsync.com. The purpose of this policy is to explain to you how we control, process, handle and protect your personal information through the business, while you browse or use this website and/or the desktop application. If you do not agree to the following policy you may wish to cease viewing / using this website and associated application, and or refrain from submitting your personal data to us.

The policy is split into three areas:-

General Policy Terms

Policy key definitions

“I”, “our”, “us”, or “we” refer to the open source software and developer of Outlook Google Calendar Sync, as obtained from this website. “you”, “the user” refer to the person(s) using this website and associated application. OGCS means Outlook Google Calendar Sync, the application. GDPR means General Data Protection Act. PECR means Privacy & Electronic Communications Regulation. ICO means Information Commissioner’s Office. Cookies mean small files stored on a users computer or device.

Key principles of GDPR

Our privacy policy embodies the following key principles; (a) Lawfulness, fairness and transparency, (b) Purpose limitation, (c) Data minimisation, (d) Accuracy, (e) Storage limitation, (f) Integrity and confidence, (g) Accountability.

Processing of your personal data

Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases.

Lawful basis: Legitimate interests
Where our purpose for processing is: To accurately identify which users of the application have donated and/or subscribed.
Which is necessary because: To verify and ensure only those users receive value-added benefits within the application.
We process your information in the following ways: Your Google account email address, as configured for use by OGCS, is (a) stored privately for internal records, (b) stored publically as an encrypted MD5 hash for automatic verification by OGCS.
Data retention period: We will continue to process your information under this basis until you withdraw consent or it is determined your consent no longer exists.
Sharing your information: We do not share your information with any third parties.

Your individual rights

You can read more about your GDPR rights in detail here. In summary, under the GDPR your rights are as follows:-

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object; and
  • the right not to be subject to automated decision-making including profiling.

You also have the right to complain to the ICO if you feel there is a problem with the way we are handling your data.

We handle subject access requests in accordance with the GDPR.

Fair & transparent privacy explained

We have provided these explanations about user privacy and the way we use this website and OGCS to help promote a transparent and honest user privacy methodology.

Email marketing messages

We do not issue any newsletters, subscribed or otherwise, or maintain a marketing mailing list.

Resources & further information

Website Privacy Policy

Under the website https://www.outlookgooglecalendarsync.com, the following personal information may be processed.

Internet cookies

A cookie is a small text file placed on your device / computer hard drive and helps determine how you use a website.

The sole direct use of cookies on this website supports a user through their donation or subscription journey, by storing and passing on their Google account email address to third party payment platform(s). This allows subsequent automatic verification by OGCS to enable value-added benefits within the application.

Indirect use of cookies occur through the placement of adverts and Google Analytics is deployed to provide anonymous basic usage statics which may store cookies to achieve this. Although not visible to us in Google Analytics reports, Google does capture user’s IP addresses before aggregating them into geolocation reports. To protect your personal information IP address anonymisation has been configured before IP data is sent to Google.

Our website may contain adverts, sponsored and affiliate links on some pages. These are typically served through our advertising partners; Google Adsense, Developer Media or are self served through our own means. We only use trusted advertising partners who each have high standards of user privacy and security. However we do not control the actual adverts seen / displayed by our advertising partners. Our ad partners may collect data and use cookies for ad personalisation and measurement. Where ad preferences are requested as ‘non-personalised’ cookies may still be used for frequency capping, aggregated ad reporting and to combat fraud and abuse.

Clickable sponsored or affiliate links may be displayed as a website URL like this; www.rugby.co.uk/rwc or as a titled text link like this: Rugby World Cup UK Times.

Clicking on any adverts, sponsored or affiliate links may track your actions by using a cookie saved to your device. You can read more about cookies on this website above. Your actions are usually recorded as a referral from our website by this cookie. In most cases we earn a very small commission from the advertiser or advertising partner, at no cost to you, whether you make a purchase on their website or not.

We use advertising partners in these ways to help generate an income from the website, which allows us to continue our work and provide you with the best overall experience and valued information.

If you have any concerns about this we suggest you do not click on any adverts, sponsored or affiliate links found throughout the website.

Application Privacy Policy

Authentication with third-party calendar services

In order to synchronise calendars, the application connects to your cloud account(s) for Google and, optionally, Microsoft. It does this by authenticating using the industry standard OAuth2 protocol, which never exposes your username or password to us or any other third-party.

I, as the developer of OGCS, have been formally vetted and approved by both Google and Microsoft for OGCS to authenticate via OAuth2, as evidenced during the authentication process.

During the authentication process, you will also be required to approve the permission set required by OGCS in order to function properly; namely calendar read and write access.

OGCS access can be revoked at any time by you, the user, from your Google and Microsoft accounts. This facility is also available within OGCS through the Revoke Access buttons.

Corporate M356 Accounts

A Microsoft Entra tenant administrator may wish to control which applications have received user consent to access data within their organisation. They can also choose to grant tenant-wide admin consent for OGCS or even individual user consent on their behalf.

Permissions can be reviewed and revoked from applications, including OGCS, at any time by an administrator via Microsoft Entra admin center.

Calendar data

OGCS sychronises calendar data between Google and Microsoft. The data is never accessed, viewed or stored without your consent, and never commoditised. Options within the application provide the ability to log synchronisaton activity, store calendar data into CSV files, automatically report errors to me and control telemetry. These features assist in troubleshooting application problems you may encounter.

Configuration within OGCS also provides control over which calendar data is accessed and synchronised. As a minimum, date, time and subject/title of each in-scope calendar item is synchronised, yet even the words in the subject/title can be obfuscated for your individual privacy needs.

Logging

OGCS logs its activity to a file on your computer. Daily log files are stored for a maximum of 30 days and can be manually deleted at any time. Log verbosity is controlled from within the application, from OFF (none) through to ULTRA-FINE with DEBUG as the default.

Log files are crucial to effectively troubleshoot and perform root cause analysis of software bugs. Before providing access to log files, it is the your responsiblity to review their contents and ensure they do not contain information you are not happy sharing.

Error reporting

At your discretion, any errors generated by OGCS can be automatically submitted to me for analysis. This is achieved by sending the 50 lines of logging preceeding the error to Google Cloud Logging. Reports are anonymised, though some logging lines may include personal information; users are informed of this before enabling automatic reporting and can opt-out at any time.

Telemetry

Within OGCS, Google Analytics Measurement Protocol is used to help focus development of OGCS in areas that will benefit the most by understanding which versions of OGCS and Outlook are in use, number of syncs performed, feature utilisation and so forth. An option is available within OGCS to disable all telemetry.


Privacy Policy