Privacy Policy

1. Overview

This Privacy Policy describes how gtasks-mcp ("the Application", "we", "our") collects, uses, and protects information when you authorise it to access your Google account data. The Application is privately operated and is not available to the general public.

By using this Application, you agree to the practices described in this policy.

2. Information We Access

The Application requests access to the following Google user data via the Google Tasks API:

• Google Tasks data — including task lists, task titles, descriptions, due dates, completion status, and task order. This is accessed using the OAuth 2.0 scope https://www.googleapis.com/auth/tasks.

No other Google account data (such as email, contacts, calendar, or Drive) is accessed or requested.

3. How We Use Your Data

Data accessed through the Google Tasks API is used exclusively to:

• Display your task lists and tasks to you through the AI assistant interface
• Create, update, complete, and delete tasks on your behalf, as directed by you
• Perform task management operations requested by you in real time

Your data is not used for advertising, analytics, profiling, training machine learning models, or any purpose other than the task management functions described above.

4. Data Storage and Retention

The Application stores the following data locally on the machine where it is self-hosted:

• OAuth tokens — an access token and refresh token issued by Google are stored in a local file (token.json) on the host machine. These tokens are used solely to authenticate API requests to Google on your behalf.

No Google Tasks content (task titles, descriptions, due dates, etc.) is persisted to disk by the Application. Task data is retrieved from Google's servers on demand and exists only transiently in memory during request processing.

OAuth tokens are retained until you revoke access via your Google Account permissions page or until the token file is manually deleted from the host machine.

5. Data Sharing and Disclosure

We do not sell, rent, trade, or share your Google user data with any third party, including:

• Advertisers or analytics providers
• Data brokers
• Other users or organisations
• AI model training pipelines

Your data is never transmitted to any server other than Google's own API endpoints (tasks.googleapis.com). The Application acts as a local proxy between your AI assistant and the Google Tasks API; all network communication occurs directly between the host machine and Google.

6. Google API Services User Data Policy

The Application's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy , including the Limited Use requirements. Specifically:

• Access to Google user data is limited to providing and improving the task management features described in this policy.
• Google user data is not used to develop, improve, or train generalised AI or machine learning models.
• Google user data is not transferred to third parties except as necessary to provide the Application's functionality, and only with your explicit authorisation.
• Humans do not read your Google user data unless you explicitly share it or we are required to do so by law.

7. Security

OAuth tokens are stored locally on the self-hosted machine and are never transmitted to any server operated by the Application's developer. Access to the host machine is the responsibility of the operator. We recommend restricting file system permissions on token.json to the user account running the server process.

8. Your Rights and Choices

You may at any time:

• Revoke access — remove the Application's access to your Google account at myaccount.google.com/permissions . Revoking access immediately invalidates all stored tokens.
• Delete stored tokens — delete the token.json file from the host machine to remove all locally stored credentials.
• Request information — contact us at the address below to request details about what data the Application has accessed on your behalf.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by an updated "Last updated" date at the top of this page. Continued use of the Application after changes are posted constitutes your acceptance of the revised policy.

10. Contact

If you have any questions or concerns about this Privacy Policy or the Application's data practices, please contact the operator via the domain rsubr.in.