On Time iOS App - Privacy Policy

Last updated: 2026-05-30

Overview

On Time is an iOS app that schedules local alarm notifications a configurable number of minutes before each of your upcoming Google Calendar events. This Privacy Policy describes, in the categories required by the Google API Services User Data Policy, exactly how On Time accesses, uses, stores, shares, retains, and deletes Google user data.

Google API Services User Data Policy — Limited Use

On Time's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

On Time accesses Google user data through the following OAuth scopes:

  • https://www.googleapis.com/auth/calendar.readonly — read-only access to your Google Calendar events, used solely to schedule local notification alarms on your device for upcoming meetings.
  • email and profile — your Google account email address, used solely to display the signed-in account in the app and to associate cached events with the correct account.

In accordance with the Limited Use requirements, On Time affirms that:

  • Google user data is used only to provide and improve user-facing features that are prominent in the app — specifically, scheduling local notification alarms for your upcoming calendar events.
  • Google user data is never transferred to any third party, except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with your explicit consent.
  • Google user data is never used for serving advertisements, including personalized, retargeted, or interest-based advertising.
  • Google user data is never read by humans, except (a) with your explicit consent for specific events, (b) as necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized for internal operations and cannot be linked back to any individual user.

All Google Calendar data accessed by On Time is processed exclusively on your device. No calendar event data is transmitted to, stored on, or shared with any server operated by us or any third party.

Data Accessed

On Time accesses the following Google user data when you sign in with your Google account:

  • Google Calendar events via the OAuth scope https://www.googleapis.com/auth/calendar.readonly. Specifically, On Time reads, for each event in calendars you have selected: event title, start time, end time, end-of-event time, calendar ID, recurring-event identifier, organizer, your attendee response status (accepted / declined / tentative / needs-action), and the event's overall status (confirmed / tentative / cancelled).
  • Your Google account email address via the email scope, used to identify which account is signed in and to display "Signed in as <email>" in the app.

On Time does not access event descriptions, attachments, attendee email addresses (beyond your own response status), other people's calendars, contacts, location, photos, drive files, or any other Google service.

Data Usage

All Google user data is processed exclusively on your iOS device. We do not operate a server; nothing is uploaded.

  • Calendar events are used solely to determine when to schedule local iOS notifications. The app reads your upcoming events, filters out declined and all-day events, and registers a local notification with the iOS system at a configurable lead time before each event's start time.
  • Email address is used solely to display the signed-in account inside the app. It is not used for marketing, analytics, contact, or any other purpose.

On Time does not use Google user data to develop, train, or improve any general-purpose AI or machine learning models. Google user data is never used for advertising or remarketing.

Data Sharing

On Time does not share Google user data with any third party, in any category, for any purpose. There is no analytics SDK, no advertising SDK, no CRM, no error reporting service that receives Google data, and no human review process. The only network communication On Time performs with Google user data is the original HTTPS request to Google's own APIs to fetch your calendar events; no data is transmitted to any other destination.

Data Storage and Protection

  • OAuth tokens (access token and refresh token issued by Google) are stored in the iOS Keychain using the protection class kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly. Keychain entries are encrypted by iOS using hardware-backed keys, are not included in iCloud Keychain or device backups, and never leave the device.
  • Calendar events are cached locally on your device using SwiftData (Apple's on-device database framework). The cache is stored in your app's iOS sandboxed container and is not accessible to other apps.
  • App settings (lead time, sync interval, selected calendars) are stored in iOS UserDefaults on your device. App settings do not contain Google user data beyond calendar IDs (used to identify which calendars you have selected).
  • All communication with Google APIs uses HTTPS with TLS, as enforced by Apple's App Transport Security.

Data Retention and Deletion

Google user data is retained on your device only for as long as you remain signed in. There is no server-side retention because On Time operates without a backend.

You can delete all Google user data On Time has on your device through any of the following processes:

  • In-app sign out (recommended): Open On Time → Settings → Account → Sign Out. This action (a) revokes the OAuth token with Google, (b) deletes all cached calendar events from the device, (c) removes all pending notifications, and (d) clears the Keychain entries holding the OAuth tokens. Sign-out completes immediately.
  • Uninstall the app: deleting the On Time app from your device removes all locally-stored Google user data along with the app sandbox. Note: uninstall alone does not revoke the OAuth grant on Google's side; for that, also use the next option.
  • Revoke at Google: visit https://myaccount.google.com/permissions, find "On Time", and click Remove access. This invalidates any token On Time still holds.
  • Email request: contact support@jonzhao.com if you need help deleting your data; we will respond within 7 days.

Children's Privacy

On Time is not directed at children under 13 and we do not knowingly collect personal information from children under 13.

Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent change. Material changes will be communicated via the app's release notes.

Related

See also the On Time Terms of Service.

Contact

For privacy questions, data deletion requests, or anything else covered by this policy, email support@jonzhao.com.

Reach Me Here