本隐私政策适用于浏览器扩展 “AI Auto Calendar”(以下简称“本扩展”)。This privacy policy applies to the browser extension “AI Auto Calendar” (the “Extension”).
简介Overview
本扩展将用户提供或来源配置的日程信息(网页文本、会议邀请、结构化接口返回等)解析为标准日历事件,并根据用户选择同步到日历服务(如 Radicale 或 Google 日历)。The Extension converts user-provided or source-configured schedule information (webpage text, meeting invites, structured API responses) into standard calendar events and syncs them to calendar services selected by the user (e.g., Radicale or Google Calendar).
我们秉持“最小权限、按需访问、就地处理”的原则:不跟踪浏览历史,仅在需要时访问用户配置的服务;绝大部分数据停留在用户浏览器本地。We follow least privilege, on-demand access, and local-first processing: no browsing history tracking; we access only services you configure when needed; most data remains local in your browser.
Scopes 与用途(Google)Scopes & Purpose (Google)
当前请求的范围(Scopes):Scopes currently requested:
https://www.googleapis.com/auth/calendar
用途说明:用于在用户选择使用 Google 日历时,读取日历列表元数据(名称、ID、时区、可写权限)、在所选日历中创建/更新/删除事件;在用户明确操作下,可能创建或清理用于同步的日历。Purpose: When the user opts to use Google Calendar, we read calendar list metadata (name, ID, time zone, writable access), and create/update/delete events in selected calendars; upon explicit user action, we may create or clean up a dedicated calendar for synchronization.
最小化声明:我们仅在用户启用 Google 同步场景时请求上述范围;不请求与功能无关的范围。Minimization: We request this scope only when Google sync is enabled by the user; we do not request unrelated scopes.
我们处理与访问的数据(数据访问披露)Data We Access & Process (Disclosure)
用户输入或选中的文本(仅在用户主动解析时处理)。User input or selected text (processed only when explicitly triggered by the user).
Google OAuth 凭据(访问/刷新令牌,仅在用户授权 Google 同步时生成并保存在本地)。Google OAuth credentials (access/refresh tokens, generated only when the user authorizes Google sync and stored locally).
Google 日历相关数据:Google Calendar data:
日历列表元数据(名称、ID、时区、颜色/可见性/访问权限等只读信息)。Calendar list metadata (name, ID, time zone, color/visibility/access rights read-only info).
事件内容(标题、开始/结束时间、全天/重复规则、地点、备注、提醒、与会者邮箱及响应状态、事件 ID 等)。Event content (title, start/end time, all-day/recurrence, location, notes, reminders, attendee emails and responses, event ID, etc.).
我们不收集或保存浏览历史,也不向我们自有服务器传输上述数据。We do not collect/store browsing history and do not transmit the above data to our own servers.
数据如何使用How We Use Data
将用户文本/接口返回提交给所选解析方式(LLM/规则映射)以生成结构化事件。Send user text/API responses to the chosen parser (LLM/rule mapping) to generate structured events.
在用户选择的日历(Radicale/Google)中创建、更新或删除事件;必要时根据用户指令创建或清理专用日历。Create, update, or delete events in the user-selected calendars (Radicale/Google); if instructed, create or clean up a dedicated calendar.
不向我们自有服务器传输数据;数据在浏览器与第三方服务之间直连。No data is sent to our own servers; data flows directly between the browser and third-party services.
第三方服务与共享Third-Party Services & Sharing
Google Calendar API:用于列出日历、读写事件以及 OAuth;遵循 Google API Services User Data Policy。Google Calendar API: used to list calendars, read/write events, and OAuth; complies with the Google API Services User Data Policy.
(可选)LLM/智能体提供方:仅当用户选择该解析方式时,才会向所选提供方提交用于生成事件所需的文本。(Optional) LLM/Agent providers: only used when selected; the necessary text is sent to the chosen provider to generate events.
除为提供上述功能外,我们不出售或与第三方分享用户个人数据。We do not sell or share personal data with third parties beyond what is required to provide the above functionality.
存储与保留Storage & Retention
配置、令牌与日志仅存储在本地(chrome.storage.local)。Settings, tokens, and logs are stored locally (chrome.storage.local).
我们不在自有服务器持久化存储用户数据。We do not persist user data on our own servers.
用户可在扩展设置中清除数据,或卸载扩展以删除本地数据。You may clear data in the extension settings, or uninstall the Extension to delete local data.
安全与数据保护机制(数据保护披露)Security & Data Protection (Disclosure)
传输安全:与 Google 及其他服务之间的通信通过 HTTPS/TLS 进行。In-Transit Security: Communications with Google and other services use HTTPS/TLS.
存储安全:OAuth 令牌保存在浏览器/扩展安全存储中,仅用于与 Google Calendar API 通信。Storage Security: OAuth tokens are stored in browser/extension secure storage and used only to call the Google Calendar API.
访问控制与最小化:仅在用户启用 Google 同步时请求 …/auth/calendar;内部仅对需要的功能路径开放令牌访问。Access Control & Minimization: We request …/auth/calendar only when Google sync is enabled; internally, token access is limited to necessary code paths.
保留与删除:用户登出或在 Google 账户权限 中撤销授权后,令牌即失效不可再用;调试类日志(如有)按最小化原则保留并可由用户清除。Retention & Deletion: Tokens become unusable after you sign out or revoke access at Google Account permissions; any debug logs (if present) are minimized and user-clearable.
事故响应:如发生安全事件,我们将尽快调查与修复,并在合理时间内通过页面公告/电子邮件通知受影响用户。Incident Response: If a security incident occurs, we will investigate and remediate promptly, and notify affected users within a reasonable time via site notice/email.
清除本地数据:在扩展设置中清除,或卸载扩展。Clear local data via extension settings, or uninstall the Extension.
站点权限:可选主机权限按需申请;可在请求弹窗中拒绝或在浏览器设置中撤回。Site access: optional host permissions are requested just-in-time; you may decline in the prompt or revoke in browser settings.
变更Changes
我们可能会不时更新本政策;变更后将更新“最后更新”日期并在必要时提供显著提示。We may update this policy from time to time; the “Last updated” date will be adjusted and prominent notice provided where appropriate.
本扩展遵循适用的 Google API Services User Data Policy 及相关平台政策。The Extension complies with the applicable Google API Services User Data Policy and relevant platform policies.