Legal

Privacy Policy

Last updated: 4 March 2026

01

Data controller

Synqboard is a personal project operated by the individual behind qevalon.com. For full contact details see the Imprint.
02

What data we collect

  • Google account data — your name, email address, and profile picture, obtained via Google OAuth when you sign in.
  • Google Calendar events — event titles, descriptions, start and end times, fetched via the Google Calendar API to populate your board.
  • Photos you upload — images you attach to events, stored on Hetzner Object Storage in Germany.
  • Server logs — IP addresses, request timestamps, and HTTP status codes, retained for a maximum of 30 days for security and debugging purposes.
03

Why we collect it

All data is collected solely to provide the Synqboard service. Calendar events are stored locally to avoid repeated API calls and allow faster access. Legal basis: performance of a contract (Art. 6(1)(b) GDPR) and legitimate interests (Art. 6(1)(f) GDPR).
04

Analytics

We use Cloudflare Web Analytics to measure aggregated usage (page views, referrers, and general device/browser information). It does not use cookies or local storage and does not track users across sites. Data is processed by Cloudflare and used solely for traffic measurement.
05

What we do not do

We do not:
  • — sell, rent, or share your data with third parties
  • — use your data for advertising or profiling
  • — store the content of your calendar events beyond what is needed to display them
06

Where data is stored

All data is stored on servers located in Germany (Hetzner Cloud). Data never leaves the EU. No international transfers occur.
07

Google OAuth tokens

Your Google access and refresh tokens are encrypted at rest using AES-256-GCM before being stored in the database. They are used exclusively to sync your calendar on your behalf and are never shared.
08

Cookies

Synqboard uses a single session cookie for authentication purposes. This cookie is strictly necessary for the service to function and is exempt from cookie consent requirements under the EU ePrivacy Directive. No tracking or analytics cookies are used.
09

Your rights (GDPR)

Under the GDPR you have the right to access, rectify, erase, restrict, and port your data, and to object to processing. You can permanently delete your account and all associated data directly from the Settings → Danger Zone section inside the app. For other requests, contact us via the details in the Imprint. We respond within 30 days.
10

Third-party services

  • Google LLC — OAuth authentication and Calendar API. Governed by Google's Privacy Policy and the Google API Services User Data Policy.
  • Cloudflare, Inc. — analytics service (Cloudflare Web Analytics).
  • Hetzner Online GmbH — server and object storage infrastructure, Germany. A Data Processing Agreement is in place.
11

Children

Synqboard is not directed at persons under the age of 16. We do not knowingly collect personal data from children.
12

Supervisory authority

You have the right to lodge a complaint with a supervisory authority. The competent authority is the Austrian Data Protection Authority (Datenschutzbehörde, dsb.gv.at).
13

Changes to this policy

We may update this policy from time to time. The date at the top of this page reflects the latest revision. Continued use of the service after changes constitutes acceptance of the updated policy.