Google API Data Policy

Compliance to Google API Services User Data Policy

Schedule4Later for Google Chat™'s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Compliance Statement

Schedule4Later's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

What This Means

Schedule4Later is committed to protecting your data and respecting your privacy. Our use of information received from Google APIs is subject to strict requirements set by Google to ensure your data is handled responsibly and securely.

Limited Use Requirements

In accordance with Google's Limited Use requirements, Schedule4Later:

  • Only uses Google API data for the purpose of providing and improving the scheduling service – We access your Google Chat data solely to enable message scheduling functionality
  • Does not transfer Google API data to third parties – Except as necessary to provide the service (e.g., cloud infrastructure) or as required by law
  • Does not use Google API data for advertising purposes – We never use your Google data to serve ads or for marketing purposes
  • Does not allow humans to read Google API data – Except with your explicit consent, for security purposes, or as required by law
  • Does not use or transfer Google API data to develop, improve, or train generalized AI or ML models – We do not send Google Workspace content to LLMs/Gemini and we do not build AI features that rely on your messages

Google API Scopes We Request

Schedule4Later requests the following Google API scopes to function:

  • https://www.googleapis.com/auth/chat.messages (user scope) – Required for our scheduler worker to post each programmed message in the target Google Chat space on behalf of the installer.
  • https://www.googleapis.com/auth/chat.memberships.readonly (user scope) – Used to confirm the user still belongs to the space before sending and to show space names in `/schedule list` dialogs.
  • https://www.googleapis.com/auth/chat.bot (service account scope) – Used by our bot identity to receive slash commands and fetch Google Chat metadata; no user content leaves Google.

We only request the minimum permissions necessary to provide our scheduling service.

AI/ML Usage Statement

Schedule4Later does not provide AI or ML features that analyze user content, and we do not send Google Workspace data to any generative or classification models. Under the Google API Services User Data Policy:

  • We do not use or transfer Google API data to develop, improve, or train generalized AI or ML models.
  • We do not feed message content to external LLMs, Gemini, or internal ML experiments.
  • We only use message content to queue, reschedule, or deliver the notification requested by the user.

Any future AI capabilities would require renewed consent and a public update to this policy before launch.

How We Use Google API Data

Data received from Google APIs is used exclusively to:

  1. Authenticate and identify users – To ensure scheduled messages are sent by the correct user
  2. Schedule and deliver messages – To store scheduled message content and deliver it at the requested time
  3. Manage scheduled messages – To enable editing, duplicating, and canceling of scheduled messages
  4. Provide support – To troubleshoot issues and respond to user inquiries (with explicit user consent)

Data Storage and Security

  • Encryption: All data received from Google APIs is encrypted in transit (TLS) and at rest
  • Temporary storage: Scheduled message content is encrypted with AES-256-GCM using our MESSAGE_ENCRYPTION_KEY secret until delivery, then deleted within 24 hours
  • Access controls: Strict access controls limit who can access Google API data within our organization
  • Compliance: We follow industry best practices and comply with GDPR and other applicable data protection regulations

Data Retention and Deletion

  • Scheduled messages are AES-256-GCM encrypted at rest and deleted within 24 hours after successful delivery
  • User profile data is retained while your account is active
  • OAuth tokens are encrypted with AES-256-GCM using our AUTH_ENCRYPTION_KEY secret and deleted as soon as access is revoked
  • All data is deleted within 30 days after you uninstall Schedule4Later
  • You can request immediate deletion by contacting contact@protosoft.co

Third-Party Sharing

We do not sell, rent, or share Google API data with third parties for their own use. We only share data:

  • With service providers who help us operate the service (e.g., cloud hosting), under strict contractual obligations
  • When required by law, such as in response to a valid legal process
  • With your explicit consent, for specific purposes you authorize

Your Rights and Control

You have full control over your data:

  • Revoke access: You can revoke Schedule4Later's access to your Google account at any time from your Google Account Permissions page
  • Delete data: Uninstall the app to trigger automatic data deletion within 30 days
  • Request information: Contact us to request a copy of your data or ask questions about how it's used

Updates to This Policy

We may update this policy to reflect changes in our practices or in Google's requirements. We will notify you of significant changes and update the "Last updated" date.

Your continued use of Schedule4Later after changes indicates acceptance of the updated policy.

Questions and Contact

If you have questions about our use of Google APIs or this policy, please contact us:

For more information about Google's data protection policies, visit the Google API Services User Data Policy.

Additional Resources