Privacy Policy

Ageru website and applications are owned and operated by Ageru, which is the data controller for personal data collected through our services. This policy explains what information is collected, why it is collected, how it is used, how it is shared or disclosed (including Google user data), how long it is retained, how it is protected, and which Google OAuth scopes Ageru requests for Google Calendar features. This policy is hosted on a verified domain owned by Ageru and is linked from the homepage and in‑product interfaces.

Personal information we collect

  1. Device and usage data: Device/browser details, IP address, time zone, cookies, pages viewed, referrers, and site interactions for security, diagnostics, and analytics.
  2. Account and profile data: Name, email, organization, phone, and optional profile fields required to provide requested features.
  3. Payment data: If applicable, limited billing and transaction data to fulfill purchases or subscriptions.
  4. Google user data (Google Calendar): With explicit consent (or Workspace admin authorization where applicable), Ageru accesses Google Calendar data limited to the scopes granted to enable calendar management features.

Why we process your data

  1. Provide and operate Ageru services: calendar linking, device pairing, event sync, scheduling, notifications, and related user‑requested features.
  2. Maintain security, prevent abuse, debug, and troubleshoot issues.
  3. Improve features and performance using aggregated metrics.
  4. Fulfill legal, contractual, and regulatory obligations.

Use of Google user data (Google Calendar)

  1. Data types: Calendar metadata and event fields (e.g., titles, start/end times, attendees, reminders, descriptions) that are necessary to deliver the requested features, strictly within granted scopes.
  2. Purpose limitation: Google Calendar data is used only to power user‑facing features such as viewing calendars and events, creating/updating/deleting events, managing calendar properties and sharing (if requested), and synchronizing schedules to devices, including correct time zone handling.
  3. No advertising use: Ageru does not use Google user data for targeted, personalized, interest‑based, or retargeted advertising, for selling to data brokers, for unrelated profiling, or for training AI models.
  4. Human access: Restricted and role‑based; allowed only when necessary for security, fraud prevention, compliance, or to resolve a user‑initiated support request, and subject to logging and confidentiality controls.
  5. Policy compliance: Ageru’s use and transfer of information received from Google APIs adheres to Google’s API Services User Data Policy, including the Limited Use requirements.

Sharing, transfer, or disclosure of Google user data

  1. No sale: Ageru does not sell Google user data.
  2. No unrelated disclosure: “We do not transfer or disclose your Google Calendar information to third parties for purposes other than providing and improving Ageru’s services, meeting legal obligations, or as otherwise described in this policy.”
  3. Service providers: Limited Google user data may be shared with subprocessors (hosting, storage, logging, monitoring, support) strictly as necessary to operate the service, under written agreements requiring confidentiality and appropriate security.
  4. Legal and safety: Information may be disclosed if required by law or in good‑faith belief that such action is necessary to protect rights, safety, investigate fraud, or respond to lawful requests.
  5. Business transfers: In a merger, acquisition, or asset transfer, Google user data may be transferred subject to protections consistent with this policy and applicable law.

International transfers

  1. Data may be processed and stored in countries outside the user’s country, including the United States and other jurisdictions, with appropriate safeguards as required by applicable law.

Data retention and deletion

  1. Retention: Google Calendar data is retained only as long as necessary to provide requested features or as required by law.
  2. Disconnection: Users can revoke Ageru’s access to Google Calendar at any time; after disconnection, cached or stored Google Calendar data not required for legal, security, or audit purposes is deleted within a reasonable period.
  3. Account deletion: Users may request deletion of their Ageru account and associated data; deletion is completed within applicable timelines unless retention is legally required or necessary for legitimate interests (e.g., fraud prevention, dispute resolution).

Security

  1. Ageru implements administrative, technical, and physical safeguards to protect data, including encryption in transit, access controls, least‑privilege permissions, logging, segregation of environments, and periodic security reviews. While no method is 100% secure, Ageru continually improves controls aligned with industry standards.

User rights and choices

  1. Access, correction, deletion, portability: Users may request access to, correction of, or deletion of personal data, and may request a portable copy where applicable.
  2. Consent management: Users can review and revoke Ageru’s OAuth permissions in their Google Account at any time.
  3. EU/UK residents: Rights include access, rectification, erasure, restriction, objection, and portability; processing bases include contract performance and legitimate interests. International transfers are supported by appropriate safeguards.
  4. Workspace domain users: If a Google Workspace administrator authorizes domain‑wide delegation, Ageru may act on behalf of users as permitted by the administrator‑approved scopes and organizational policies.

Scopes transparency and consistency

Minimum necessary: Ageru requests only the scopes needed for the stated functionality. The scopes displayed on the OAuth consent screen exactly match those used in production and listed in the app verification submission.

  1. Current Google Calendar scopes used by Ageru (include only those actually requested in the app and verification):
  2. https://www.googleapis.com/auth/calendar — See, edit, share, and permanently delete all calendars the user can access. Use when non‑event features or broad calendar management are required; otherwise prefer narrower scopes below.

If broader scopes are needed (e.g., “calendar”) a feature‑based justification is provided, and narrower scopes are used wherever feasible. If Ageru adds scopes or changes data uses, this policy will be updated and users may be asked to re‑consent before new access or uses occur.

Prohibited uses of Google user data

  1. Ageru does not use Google user data for purposes other than providing or improving user‑facing features. Prohibited uses include targeted advertising, selling to data brokers, providing to information resellers, determining credit‑worthiness, lending, creating unrelated databases, training AI models, or any use beyond Limited Use.

Children’s privacy

  1. Ageru is not directed to children under the age defined by applicable law and does not knowingly collect personal data from children without appropriate consent.

Links to other websites

  1. Third‑party sites linked from Ageru are governed by their own privacy policies; Ageru is not responsible for their practices.

Changes to this policy

  1. This policy may be updated to reflect changes in practices, features, or regulations. Material changes will be communicated through the service or other appropriate means.

Contact

  1. For questions or requests regarding this policy, personal data rights, or handling of Google user data, contact: info@myageru.jp.

Prominent short disclosures (recommended near the Calendar section)

  1. “We do not transfer or disclose your Google Calendar information to third parties for purposes other than providing and improving Ageru’s services, meeting legal obligations, or as otherwise described in this policy.”
  2. “The OAuth consent screen lists the exact Google Calendar scopes Ageru requests; these scopes match those used in production and the app verification submission and are limited to the minimum necessary for stated features.”

Implementation checklist

  1. Publish this policy as an HTML page on the verified domain and link it from the homepage header/footer and in‑app menus (including dashboard).
  2. Ensure the identical URL is configured on the OAuth consent screen, and that the scopes listed above exactly match the scopes configured in the OAuth client and submitted for verification.
  3. If any scope set changes, update this page and the OAuth consent screen and re‑submit for verification; prompt users for re‑consent if required.