Calendar Privacy: Clockwise vs Reclaim vs a Local Tool

Your calendar is one of the most sensitive datasets you produce at work. It reveals who you talk to, how often, for how long, at what time of day, with what frequency, and with what level of priority. Forensic analysts in legal discovery routinely use calendar metadata to reconstruct organizational structure, identify confidential projects, and surface pre-acquisition due diligence patterns.

When you grant a calendar tool access to your Google Workspace or Microsoft 365 account, you are handing over that dataset.

Three of the most popular calendar tools handle this data very differently. Below is a side-by-side breakdown.

The Short Version

The differences matter for three reasons: who controls the data, what they can do with it, and what changes if their parent company is acquired, hacked, or subpoenaed.

Clockwise: Calendar Data Inside Salesforce

Clockwise was acquired by Salesforce in late 2025 and the standalone product shut down March 27, 2026. The remaining infrastructure was folded into Slack's calendar group, which is itself a Salesforce subsidiary.

What this means for any calendar data Clockwise still holds:

• It is governed by Salesforce's master services agreement and privacy policy, not Clockwise's original terms.
• It sits in Salesforce's data plane alongside CRM data, support tickets, and Slack messages.
• It is subject to Salesforce's lawful access procedures, which are publicly documented in their transparency report.
• It is subject to whatever cross-product analytics Salesforce chooses to run.

This is not necessarily worse than any other large vendor. It is different from what users signed up for. If you joined Clockwise in 2022 to defragment your team's meetings, you did not sign up for your calendar metadata to be operationally adjacent to Salesforce's CRM stack.

The Salesforce transparency report (trust.salesforce.com) documents government data requests across all Salesforce-owned products. Calendar data is included.

Reclaim.ai: Calendar Data Inside Dropbox

Reclaim was acquired by Dropbox in 2024. The product still operates under the Reclaim.ai brand, but its infrastructure now runs on Dropbox's AWS deployments and is governed by Dropbox's privacy policy.

What this means:

• Your calendar metadata is co-resident with Dropbox file storage infrastructure.
• Dropbox has its own legal request handling, documented in their transparency report (dropbox.com/transparency).
• Cross-product analytics between Dropbox file activity and Reclaim calendar patterns are possible by policy, even if not currently practiced.
• Reclaim's OAuth scope requests full calendar read/write access. The AI scheduler needs to read all your meetings to optimize around them.

Dropbox's privacy posture is generally strong. The concern is structural: the more calendar data lives at one large vendor, the more concentrated the risk of breach, subpoena, or policy change.

The OAuth Scope Question

Every cloud calendar tool needs OAuth permission to your Google Workspace or Microsoft 365 account. The scope of that permission determines how much of your calendar the tool can actually see.

Reclaim and Clockwise both request full calendar read/write access. This is necessary for them to do their job: an AI scheduler cannot reschedule meetings it cannot see, and it cannot defragment focus time without knowing the full shape of your day.

The cost is that the vendor's infrastructure receives a full copy of your calendar, including:

• Every meeting title
• Every attendee email
• Every meeting description and embedded notes
• Every recurring pattern
• Every external invite, including from candidates, vendors, and acquisition targets

This is more sensitive than your email in many cases, because emails are about what you said, while calendars are about who you are coordinating with and when.

CovertLunch: Local-Only, Write-Only

CovertLunch was built specifically to avoid this tradeoff. The Chrome extension runs entirely on your machine. The cloud version uses a minimal write-only scope.

Chrome extension:

• Runs in your browser as a Manifest V3 extension.
• OAuth scope is calendar.events only. This grants the ability to write events to your calendar. It does not grant the ability to read any events except the ones the extension wrote itself.
• No data is transmitted to CovertLunch servers. There are no CovertLunch servers in the loop.
• The only network calls the extension makes are to Google Calendar's official API to write your lunch-window events.
• Open source — the source for the Chrome extension is auditable.

Cloud version (for users who cannot install browser extensions):

• Runs on minimal serverless infrastructure in US-East.
• OAuth scope is calendar.events only. Same as the extension: write-only.
• Stores: your email, your subscription status, your lunch window configuration, your fake-meeting title pool. Nothing about meetings outside your lunch window.
• Does not store: your real meeting contents, attendee lists, or any calendar event we did not create ourselves.

The Chrome extension is the recommended default. It is strictly stronger from a privacy standpoint and costs less ($29.99 lifetime vs. $1.99/month).

A Concrete Threat Model

Consider an executive at a public company in the middle of acquisition due diligence. Their calendar contains:

• Daily meetings with bankers (named in the invite)
• Meetings with the target company's CEO (named)
• Meetings with deal counsel (named)
• Meetings with internal corp dev (named)

This metadata is materially nonpublic information. A breach of the calendar tool's vendor would constitute an insider-trading-grade leak. The SEC has prosecuted cases where the leak path was a third-party tool with calendar access.

In this threat model:

• Clockwise / Reclaim: full read access to the calendar. The metadata lives at a large cloud vendor with broad lawful access exposure.
• CovertLunch Chrome extension: zero read access. The metadata never leaves the browser. There is no leak path through CovertLunch.

For most users, this threat model is overkill. For executives at public companies, regulated industries, or high-stakes corporate environments, it is the right model.

What "Local-Only" Actually Means

There is a class of "private" tools that route data through their own server with end-to-end encryption. This is good. It is also not as strong as local-only.

End-to-end encrypted cloud tools:

• Can be subpoenaed for metadata (timestamps, access patterns).
• Can be required to push a software update that disables the encryption.
• Can experience implementation flaws that compromise the encryption.

Local-only tools:

• Have no server to subpoena.
• Have no update channel that can compromise data already on your machine.
• Have no implementation flaw that exposes data not present on the server.

The CovertLunch Chrome extension is genuinely local. There is no server holding your calendar data because there is no server. The calendar API calls go directly from your browser to Google.

The Tradeoffs of Going Local

We will be honest about what you give up.

• No cross-device sync of settings. If you install the extension on a new browser, you reconfigure.
• No web dashboard. Configuration is in the extension popup.
• No cross-tool integration. You cannot pipe CovertLunch into Notion, Linear, or your task manager.
• Single-product scope. CovertLunch only does lunch protection. It is not a Reclaim or Motion replacement.

If you need those features, use Reclaim or Motion. If you do not, you are paying for them with your calendar data.

What to Ask Any Calendar Tool Before Granting Access

Before clicking "Allow" on an OAuth prompt for a calendar tool, get answers to:

1. What is the minimum OAuth scope you can operate with?
2. Where does my calendar data physically reside?
3. Do you sub-process the data to any other vendor (analytics, observability, etc.)?
4. What happens to my data if your company is acquired?
5. Do you publish a transparency report covering lawful access requests?

Most vendors will not answer these questions in marketing copy. The answers are often in the privacy policy.

Related Reading

• CovertLunch vs Clockwise
• CovertLunch vs Reclaim.ai
• Clockwise alternatives in 2026

Frequently Asked Questions

Is Reclaim.ai still private after the Dropbox acquisition?

Reclaim's privacy posture is generally strong, but the threat model changed. Your calendar metadata is now governed by Dropbox's terms, not Reclaim's original ones, and is co-resident with Dropbox file infrastructure.

Did Clockwise leak any data when it shut down?

There is no public disclosure of a data incident at Clockwise. The standard concern is what happens to historical calendar data Salesforce continues to hold after the product shutdown. Salesforce's privacy policy applies.

Can CovertLunch see my real meetings?

No. The Chrome extension's OAuth scope only grants write access. It can create new events on your calendar but cannot read existing ones. The cloud version uses the same write-only scope.

What about the events CovertLunch writes?

The extension knows about events it created itself because it tracked their event IDs locally. It does not have read access to any other event.

Is local-only stronger than end-to-end encryption?

In most threat models, yes. End-to-end encryption protects data in transit and at rest on the vendor's server. Local-only means the data is never on a vendor server at all. Different threat coverage, with local-only being structurally stronger against vendor breach and subpoena.

Where is CovertLunch's company based?

Delaware C-corp, US-only operations.

Is the Chrome extension open source?

The Chrome extension's source is auditable from the Chrome Web Store package. The randomization engine, scope handling, and Google Calendar API calls can all be inspected.