Account Information

When you create an account, we collect your name, email address, and password (hashed). If you sign in with Google, we receive your name, email, and profile picture from Google.

Calendar Data

If you connect your Google Calendar, we access your calendar events in read-only mode to display them within Plinth. We do not modify, delete, or share your calendar data with any third party.

Usage Data

We collect anonymised usage data (pages visited, features used) to improve the service. This data is processed by Vercel Analytics and does not include personal identifiers.

• To provide and maintain the Plinth service
• To authenticate your identity and manage your account
• To display your calendar events within the application
• To send transactional emails (password resets, account confirmations)
• To improve the service based on aggregated usage patterns

Plinth's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only request the minimum scopes necessary (calendar read-only)
• We do not use Google data for advertising purposes
• We do not sell or share Google user data with third parties
• Users can revoke access at any time via their Google Account permissions

Your data is stored securely using Supabase (hosted on AWS) with encryption at rest and in transit. We implement row-level security policies to ensure users can only access data within their own workspace. Access to production systems is restricted to authorised personnel.

We retain your data for as long as your account is active. Deleted items are soft-deleted and retained for 30 days before permanent removal. You may request full account deletion at any time by contacting us — we will delete all associated data within 30 days of your request.

We use the following third-party services to operate Plinth:

• Supabase — database, authentication, and storage
• Vercel — hosting and analytics
• Sentry — error tracking
• Google — OAuth authentication and Calendar integration

Each service processes data in accordance with their own privacy policies.

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Revoke third-party access (e.g. Google Calendar) at any time
• Export your data in a portable format

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date.

If you have questions about this Privacy Policy, please contact us at support@plinthmusic.com.