← Back

Privacy Policy

Last updated: April 6, 2026

TL;DR

CovertLunch processes your calendar data entirely inside your browser. No events, titles, or calendar data are ever sent to a server. We only store your email if you voluntarily join our waitlist.

What the Chrome extension collects

Nothing. The extension uses OAuth to talk directly to Google Calendar from your browser. No intermediary server. No telemetry. No analytics on calendar content. OAuth tokens are stored in Chrome's secure identity store.

What the website collects

If you join the waitlist, we store your email address, signup timestamp, and the referral source (e.g. utm_source query parameter) in a Supabase database. We will send you one launch announcement email, and then nothing else unless you opt in.

We use privacy-respecting analytics (Plausible) to understand traffic volume. No cookies. No personal identifiers. No cross-site tracking.

OAuth scopes used

  • calendar.events.owned — create/edit events on your own calendar
  • calendar.events.freebusy — check availability before placing blocks
  • calendar.calendarlist.readonly — list calendars for the settings UI

We intentionally avoid Google's Restricted scopes. CovertLunch never reads the content of your real meetings.

Your data, your rules

To unsubscribe from the waitlist, email hello@covertlunch.com and we'll delete your record. To revoke the extension's calendar access, visit Google account permissions.

Contact

Questions? hello@covertlunch.com