Last Updated: 2026-04-11
This Privacy Policy describes how claude-calendar (Google Cloud project ID: rich-ceiling-489811-d5) collects, uses, stores, and handles data obtained through Google OAuth 2.0 authorization.
claude-calendar is a personal-use MCP (Model Context Protocol) integration tool that enables Anthropic's Claude Code CLI to interact with a single user's Google Calendar. The application is operated exclusively by Shinpei Takada (hereinafter "the Operator") for the Operator's own personal use. The application is not distributed to, and is not intended for use by, any third party. There is no user base other than the Operator.
The application is built on top of the third-party npm package @cocal/google-calendar-mcp. The Operator does not redistribute this package and uses it solely as a runtime dependency on the Operator's own device.
With the Operator's explicit consent through Google's OAuth 2.0 authorization flow, this application requests access to Google Calendar under the following OAuth scope:
https://www.googleapis.com/auth/calendar — Full read and write access to the Operator's Google Calendar, including the ability to view, create, update, and delete calendar events.
Why write access is required: The Operator uses Claude Code to manage scheduling tasks via natural language. These tasks include creating new events, modifying existing events (such as rescheduling or updating descriptions), and deleting events on demand. Read-only access (calendar.readonly) is insufficient because the Operator's workflow requires bidirectional calendar management within a single conversational session. Restricting the application to read-only would eliminate a substantial and intended portion of its functionality.
The application accesses only the calendar data necessary to fulfill each individual request issued by the Operator. No bulk export or background synchronization of calendar data is performed.
This application complies with the Google API Services User Data Policy, including the Limited Use requirements, as follows:
All data processing performed by this application occurs locally on the Operator's own device (a macOS computer). No calendar data, event content, or metadata is transmitted to any server operated by the Operator or to any remote infrastructure controlled by the Operator.
OAuth credentials: The OAuth 2.0 refresh token and access token issued by Google are stored exclusively in the local filesystem of the authorized macOS device, within the directory used by the @cocal/google-calendar-mcp runtime. These credentials are not uploaded to any remote location.
Calendar event data: Calendar event content retrieved from the Google Calendar API is held in process memory only for the duration of the request being processed. The application does not write calendar event content to any persistent local database, log file, or cloud storage service operated by the Operator.
The Operator does not sell, license, or otherwise transfer Google user data to any third party.
Anthropic Claude API — disclosure of potential data flow: When the Operator issues a calendar-related instruction through Claude Code, the Claude Code CLI may transmit the content of retrieved calendar events (such as event titles, dates, times, and descriptions) to Anthropic's Claude API as part of the conversational context required to generate a response. This transmission occurs only between the Operator's local device and Anthropic's API servers. The Operator is both the sole user and the sole controller of this data flow; no other individuals' personal information is involved.
Anthropic's handling of data submitted to its API is governed by Anthropic's own privacy policy, available at https://www.anthropic.com/legal/privacy. The Operator has reviewed and accepts Anthropic's terms as a condition of using Claude Code.
No other third-party sharing of Google user data occurs.
This application does not maintain any persistent store of Google Calendar event content. Calendar data is retrieved from the Google Calendar API on demand, used to fulfill the specific request, and discarded from process memory at the conclusion of that request.
OAuth tokens (refresh token and access token) are retained locally on the Operator's device for the purpose of maintaining authorized access without requiring repeated manual authorization. These tokens can be revoked by the Operator at any time as described in Section 7 below.
Because this application serves a single user who is also the Operator, the concepts of "data subject rights" under consumer-facing privacy frameworks apply solely to the Operator themselves.
The Operator may revoke the application's access to Google Calendar at any time by visiting https://myaccount.google.com/permissions and removing the authorization granted to claude-calendar. Upon revocation, all OAuth tokens stored on the local device will become invalid and no further access to Google Calendar data will be possible until a new authorization is granted.
The Operator may also delete local credential files directly to remove stored tokens from the device.
With respect to Japan's Act on the Protection of Personal Information (個人情報保護法, PIPA): because this application processes only the Operator's own calendar data and does not handle personal information of any third party, the scope of PIPA obligations applicable to this application is materially limited.
The following security measures are in place to protect OAuth credentials and any transiently processed calendar data:
@cocal/google-calendar-mcp package does not implement application-level token encryption beyond standard file system protection. The primary security layer is OS-level disk encryption and file permission controls described above.This policy may be updated to reflect changes in the application's functionality, applicable law, or Google's requirements. The "Last Updated" date at the top of this page will be revised upon any material change.
Because this application is used solely by the Operator, no formal notification to other users is required upon policy revision. The Operator accepts that continued use of the application following a policy update constitutes acceptance of the revised policy.
For any questions regarding this Privacy Policy or the data practices of this application, please open an issue at: