Privacy Policy

Information we collect

We collect information you provide (such as name, email, phone where applicable, date of birth where required for your account type, profile details, and content you upload), data needed to operate accounts and features, and security-related data (such as session and device context used to protect accounts).

Sign in with Google

If you choose to sign in or link a Google account, we use Google's OAuth 2.0 and OpenID Connect. We request the minimum identifiers needed to recognize your account: we use Google's ID token to read your Google subject identifier (sub), email address, name, and profile picture URL. We use this information to create or log you into your Univerze account, to link your Google account to an existing account when applicable, and to show basic profile information in the product. We do not use Google sign-in to access your Gmail, Drive, or other Google product data except as described under "Google Calendar (optional)" below.

Google Calendar (optional)

If you connect Google Calendar in product settings, we request permission to create and manage calendar events on your behalf (Google scope https://www.googleapis.com/auth/calendar.events). We store OAuth access and refresh tokens securely with your account so we can sync events, update meetings (including Google Meet links where you enable them), and keep your in-app calendar consistent with your Google Calendar when you use those features. We use Google Calendar data only to provide the calendar and scheduling features you initiate. You can disconnect Google Calendar in settings; after disconnecting, we stop using those tokens for new actions. You may also revoke the app's access in your Google Account security settings; some operations may fail until you reconnect.

How we use information

We use personal information to provide and improve Univerze, authenticate users, personalize features you choose, communicate service-related messages, maintain safety and integrity, troubleshoot issues, comply with law, and enforce our terms.

Sharing

We do not sell your personal information. We may share information with infrastructure and service providers that process data on our behalf to host the service, send email or notifications, analyze reliability, or provide security capabilities. Those providers are permitted to use the information only to deliver services to us and are subject to appropriate confidentiality and security obligations.

Protection of sensitive data

We treat account credentials, authentication tokens (including Google OAuth tokens where stored), and other sensitive account data with heightened care. Measures we apply include:

• Encryption in transit: We use HTTPS (TLS) for connections between your browser or client and our services to protect data from eavesdropping and tampering in transit.
• Protected storage: Sensitive values such as OAuth tokens are stored in our databases with access limited to production systems and authorized personnel who need them to operate the service. Our databases are hosted with providers that support industry-standard protections for data at rest and network isolation appropriate to a cloud-hosted application.
• Access controls: Internal access to systems that hold user data is restricted on a need-to-know basis, and we use administrative and technical controls designed to reduce unauthorized access.
• Purpose limitation: Information obtained from Google sign-in and Google Calendar is used only for the features described in this policy and in-product disclosures, consistent with applicable Google API Services User Data Policy requirements for restricted scopes where they apply.

Google API Services User Data Policy

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements: we use Google user data only to provide or improve user-facing features that require that data, as disclosed here; we do not sell Google user data; and we do not use Google user data for advertising models trained on user data from Google APIs in violation of that policy.

Retention

We retain personal information for as long as your account is active and as needed to provide the service, comply with legal obligations, resolve disputes, and enforce our agreements. Google-related tokens are retained until you disconnect Google services or delete your account, subject to short backup or log retention where applicable.

Your choices

You may update certain account information in the product. You may disconnect Google Calendar or revoke Google access from your Google Account. To request deletion of your account or for privacy requests, contact us at support@univerze.app.

Changes

We may update this Privacy Policy from time to time. If we make material changes to how we use Google user data, we will update this page and, where appropriate, notify you in the product or by email.