Data Breez collects
When you sign in, Breez may receive and store account information from the authentication provider, such as your account ID, email address, display name, profile metadata supplied by the provider, and session information needed to keep you signed in.
When you connect a calendar provider, Breez stores the provider account details needed to identify and maintain the connection, such as provider user IDs, email addresses if supplied by the provider, linked account identifiers, OAuth access tokens, refresh tokens, token expiration times, and token refresh status.
Breez currently supports Google Calendar, Outlook, and ICS calendar subscriptions. For Google, Breez requests read-only calendar access plus OpenID and email scopes used to complete OAuth and identify the connected Google account. For Outlook, Breez requests OpenID, profile, email, offline access, User.Read, Calendars.Read, and Calendars.Read.Shared permissions to identify the account and read calendars available to that account.
For each linked calendar, Breez stores metadata such as the provider name, external account ID, external calendar ID, external calendar name, whether the calendar is included in your availability, sync status, and last sync time. For ICS subscriptions, Breez stores the normalized subscription URL as the linked account and calendar identifier.
To build your Breez availability view, Breez reads and stores event data from calendars you link. Depending on what the provider returns, this may include event IDs, event status, recurrence data, original start times, start and end times, summary or title, description, location, attendee information, and free/busy status.
Breez also stores your Breez availability settings, such as public sharing status, the public URL token hash, timezone, available weekdays, and unavailable-before or unavailable-after times.
How Breez uses data
Breez uses account and calendar data to authenticate users, connect provider accounts, discover calendars available to you, refresh OAuth access when needed, sync linked calendars, maintain your Breez availability view, render owner and public availability views, enforce public-view sharing settings, troubleshoot reliability issues, secure the service, and prevent abuse.
Breez stores synced event data in its own service so it can render availability without fetching the same provider event data on every request.
Breez does not use connected calendar content for advertising, does not sell connected calendar data, and does not use connected calendar data to train generalized AI or machine learning models.
Breez does not create, update, or delete events in your source calendars as part of the current service.
Public availability views
If you turn on public sharing, anyone with your public Breez URL can view the availability surface for that URL until you turn sharing off or reset the URL.
The public view may show your Breez availability view name, availability date range, freshness or last-updated status, and busy or unavailable blocks derived from linked calendars and Breez availability settings.
Public views are designed not to show source calendar titles, event titles, descriptions, locations, attendee lists, event counts, or source calendar names by default.
Turning public sharing off stops Breez from serving that public view. Breez stores public availability URL tokens as hashes rather than storing raw public tokens in the database.
Sharing with service providers and legal recipients
Breez shares data only as needed to operate the service, as you direct it, or as required by law. Breez does not publish your source calendars directly as standalone calendars.
Breez may disclose data to service providers that host, store, secure, authenticate, deliver, and monitor Breez on our behalf, such as hosting, managed database, authentication, logging, monitoring, and cloud infrastructure providers. These providers may process data only to provide services for Breez.
Breez may disclose data when required to comply with law, enforce terms, or protect the rights, safety, and security of Breez, its users, or others.
Breez's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
How Breez stores and protects data
OAuth credentials, linked-account metadata, linked-calendar metadata, public-view configuration, availability settings, and synced event data are stored server-side. Breez uses access controls to limit access to account-owned records and keeps service credentials on the server side only.
Breez is designed to redact sensitive values such as access tokens, refresh tokens, public tokens, and event content from application logs where feasible.
Breez limits human access to personal data to cases where access is needed to operate, secure, support, debug, or legally protect the service.
Breez uses technical and organizational safeguards designed to protect data in transit and at rest, but no method of transmission or storage can be guaranteed to be completely secure.
Retention and deletion
Breez retains account data, linked-account metadata, linked-calendar metadata, OAuth credentials, public-view configuration, availability settings, and synced event data for as long as they are needed to provide the service, maintain active linked calendars, and support the public view you keep active.
If you turn off the public view, Breez stops making that view available. If you disconnect a linked account, delete a linked calendar, or ask Breez to delete your data, Breez will stop using the affected data for future syncs and will delete or clean up associated Breez records, subject to limited retention needed for security, fraud prevention, legal compliance, dispute resolution, or backup recovery.
Breez sync processes also update or remove copied event data when linked source events or linked calendars are removed from the provider or from Breez.
Cookies and analytics
Breez uses cookies and similar session storage to keep you signed in and to protect authentication flows.
Breez records privacy-safe product analytics and latency metrics for launch and reliability work, such as page views, auth outcomes, linked-calendar setup, public-view interactions, performance, and friction signals. These analytics are designed to avoid raw public tokens, calendar event contents, and direct personal details in event properties.
Privacy questions and deletion requests
For support, privacy questions, or deletion requests, contact Breez at support@breezcal.com.
When contacting Breez about deletion, please include enough information for Breez to identify the relevant account, linked provider, and linked calendars so the request can be verified and processed.
Breez may update this page as the product changes. Material updates will be reflected by the last updated date above.