Privacy Policy

Last updated: 2026-05-03

brink is a Travel-Aware Calendar service that automatically creates travel-time blocks on your Google Calendar based on live traffic data. This Privacy Policy explains what data brink collects, how it is used, where it is stored, and the rights you have over it. We have written this in plain language because clarity matters more than legalese.

1. The information brink collects

From your Google Account (via OAuth)

When you sign in with Google, you grant brink access to specific scopes:

• Your Google account email and basic profile (name, locale, timezone) — used to identify your account, display "Signed in as <you>" in the dashboard, and choose the right timezone for showing meeting times.
• Your Google Calendar — read access (https://www.googleapis.com/auth/calendar.readonly) — used to list your upcoming meetings so brink knows where you need to be and when.
• Your Google Calendar — write access (https://www.googleapis.com/auth/calendar.events) — used to create, update, and (when needed) delete the travel-time blocks brink adds to your calendar. brink only modifies events it created itself; it never edits or deletes events you created.

Operational data brink stores about your use

• OAuth refresh token — encrypted at rest in Google Cloud Secret Manager. Used to fetch fresh access tokens when needed; never logged or transmitted in full.
• Tracked-meeting metadata — for each meeting brink processes: meeting id, classification (physical / virtual / at-base / trip), origin coordinates, computed ETA, your transport preference, and your “suppression” state when you delete a travel block. Stored in Google Cloud Firestore.
• Bases (named locations) — names + coordinates + canonical addresses you save for brink to use as candidate origins (Home, Office, etc.). Stored in Firestore.
• Settings — your transport defaults, color preferences, calendar selections. Stored in Firestore.
• Address lookups — when you search for an address in the Bases page, the query is sent to Google's Geocoding API and the result is cached for up to 24 hours to avoid repeated calls.
• Server logs — IP address, user agent, request paths, and response status for incoming HTTP requests. Used for debugging, abuse prevention, and rate limiting. Retained for up to 30 days.
• Session cookie — a signed JSON Web Token (HS256) stored in a same-site, secure cookie named brink_session. Used to keep you logged in between visits.

What brink does NOT collect

• brink does not read meeting descriptions, attachments, or notes. It reads only the fields needed to compute travel time: meeting title, location, start time, end time.
• brink does not access calendars other than the ones you explicitly grant access to during sign-in.
• brink does not use any tracking pixels, third-party analytics, or advertising SDKs.
• brink does not collect payment information. The service is currently free during friend-beta.

2. How your data is used

brink uses your data exclusively to provide the travel-aware calendar service:

• Read your calendar to identify upcoming meetings.
• Compute the optimal departure time using Google's Routes API, taking live traffic into account.
• Write a [Travel] → block before each physical meeting and a [Return] → Home block after, so the time blocked on your calendar reflects reality.
• Update those blocks when traffic conditions change or when you edit a meeting.
• Respect your overrides — when you change a block's title, color, or transport mode, brink preserves your edit on subsequent runs.

brink does not sell, rent, or share your personal data with third parties for marketing, advertising, or any commercial purpose. brink does not feed your data into machine-learning models for training. brink does not aggregate your data with other users' data for sale.

3. Where your data is stored

brink runs entirely on Google Cloud Platform infrastructure:

• Compute: Google Cloud Run (asia-southeast1, Singapore region)
• Application database: Google Firestore in Native mode (asia-south1, Mumbai region)
• Refresh token storage: Google Cloud Secret Manager (encrypted at rest)
• Logs: Google Cloud Logging

Data in transit between your browser and brink is encrypted via HTTPS (TLS 1.2+). Data at rest in Firestore and Secret Manager is encrypted at rest by Google Cloud's standard encryption.

4. Third parties

brink uses the following Google APIs to provide the service. No data is sent to any third party other than these:

• Google OAuth 2.0 — sign-in flow, token issuance/refresh.
• Google Calendar API — reading your meetings, writing travel blocks.
• Google Routes API — computing ETAs.
• Google Geocoding API — converting addresses to coordinates (and back) when you save a base or when a meeting has a textual location.

Use of these APIs is governed by Google's terms; in the OAuth grant screen you see exactly which scopes brink is requesting and can deny consent.

brink runs on Google Cloud Platform, but Google Cloud is the hosting provider — they do not have access to your data beyond the storage layer encryption they provide. brink does not share your data with Google for any purpose other than the explicit API calls above.

5. Retention

• Account data (Firestore documents): retained as long as your brink account exists. When you request deletion, all account data is removed within 30 days.
• OAuth refresh token: retained as long as your account exists. Revocation is immediate when you sign out and revoke via Google's account permissions page.
• Tracked-meeting metadata: retained while a meeting is in the future + 30 days after the meeting end time, then automatically deleted.
• Server logs: 30 days, then automatically deleted by Google Cloud Logging's standard retention.
• Geocoded address cache: 24 hours.
• Usage history (opt-in): if you have enabled "Brink learning" in Settings, brink stores a per-user log of decisions and outcomes (override choices, advisor responses, base pairings, status flips, predicted-vs-actual ETA snapshots). Default retention is 18 months; you can change to 6 / 12 / 18 / 36 months in Settings, or wipe all history any time (with a 7-day soft-delete grace).

5a. Usage history & "Brink learning" (opt-in)

brink can remember your usage patterns to give you better advice over time — for example, learning that your real Office→Home commute averages 8 min more than Routes API estimates, or noticing which transport mode you prefer on rainy days. This is opt-in: you choose whether to enable it during onboarding, and you can switch it off, change retention, export, or wipe everything in Settings › "Brink learning."

What's collected: structured event records of decisions you make (override applied, advisor accepted/dismissed, status changed) and outcomes (predicted ETA at meeting creation vs. ETA at T-30 min, which base you paired which network with). Each record is a small JSON object; nothing is uploaded outside our infrastructure.

What's not done with this data: it is never shared, sold, or compared with any other user's data. Aggregation across users is explicitly out of scope for this feature; if brink ever introduces cross-user analytics, it will require a separate opt-in.

Where it's stored: in the same Firestore project as the rest of your account data (brink-44, region asia-southeast1, Google Cloud). Access is gated to your authenticated session; brink's server-side code accesses the records only on your behalf (cron purges, your own exports, your own deletions).

Compliance: this collection mode honours India's Digital Personal Data Protection Act, 2023 (lawful purpose specification, data minimisation, storage limitation, right to access, right to erasure) and equivalent EU GDPR principles (Articles 6/7/13/14/17/20). The export endpoint at /api/intelligence/export is your portability mechanism; the wipe affordance in Settings is your erasure mechanism.

6. Your rights

You have the right to:

• Sign out — clears your brink session cookie. Your account remains.
• Revoke brink's access to your Google Calendar — visit https://myaccount.google.com/permissions and remove brink. Your refresh token is invalidated immediately and the cron stops touching your calendar within minutes.
• Delete your account — email rizthakur@gmail.com with the subject "Delete my brink account" and the email address you sign in with. All Firestore documents are deleted within 30 days.
• Export your data — same email address. We will send a JSON file with all your brink-stored data within 30 days.
• Ask questions — same email.

7. Children's privacy

brink is not designed for, marketed to, or knowingly used by children under the age of 13. We do not knowingly collect personal information from children. If we discover that a child under 13 has created an account, we will delete the account and all associated data.

8. Changes to this policy

When this Privacy Policy is updated, the "Last updated" date at the top of this page will change. Material changes (a new data type collected, a new third party, a change in retention) will be notified via email to all active users at least 14 days before taking effect. Continuing to use brink after the effective date constitutes acceptance of the updated policy.

9. Contact

For any privacy-related question, data deletion request, or data export request, email rizthakur@gmail.com.

brink is currently in private beta operated by Rizwan Thakur, Mumbai, India. The service is provided as-is during this period. See the Terms of Service for service-availability and warranty disclaimers.