Google User Data Disclosure
Last updated: May 17, 2026
This page discloses how DriveDate accesses, uses, stores, and shares data obtained through Google APIs, in compliance with the Google API Services User Data Policy.
Overview
DriveDate uses Google APIs for two distinct purposes:
- Google Sign-In (all users) – students, instructors, and school owners may sign in or create an account using their Google account. We request only the
openid email profilescopes to authenticate the user and populate their account with their name and profile picture. - Google Calendar integration (instructors only, optional) – instructors who separately connect Google Calendar grant an additional calendar scope so DriveDate can sync lesson events and read busy times.
This page describes exactly what Google data we access for each purpose, why, and how it is used, in compliance with the Google API Services User Data Policy.
1. What Google Data We Access
Google Sign-In (all users)
Any user (student, instructor, or school owner) may create an account or sign in using their Google account via the standard OAuth 2.0 / OpenID Connect flow. When they do, DriveDate receives:
- Google account ID (used as a stable identifier to link the account)
- Display name (split into first name and last name and stored in the user profile)
- Email address (used as the primary account identifier)
- Profile picture URL (stored as the user's avatar)
OAuth scopes requested during Sign-In:
openid
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
No calendar, drive, or any other Google service scope is requested during Sign-In. New students who sign in with Google have an account created automatically; instructors and school owners who use Google Sign-In must still complete the invitation/onboarding flow.
Google Calendar integration (instructors only, optional)
This is a separate, optional step from Sign-In. An instructor who already has a DriveDate account may choose to connect Google Calendar from their dashboard settings. This triggers a second, distinct OAuth consent that requests the additional calendar scope. DriveDate then accesses:
- List of calendars in the instructor's Google account (to locate or create the DriveDate calendar)
- Events in the instructor's calendars – titles and start/end times only – to detect scheduling conflicts
- Events we create, update, or delete in the dedicated “DriveDate Schedule” calendar
Additional OAuth scope requested during calendar connection:
https://www.googleapis.com/auth/calendar
Why we need the full calendar scope: We use the Google Calendar push notification API (calendar.events.watch()) to receive real-time updates when the instructor's availability changes. This API requires the calendar scope. We also call calendar.calendars.insert() to create the dedicated DriveDate calendar, which also requires this scope. Narrower scopes (calendar.events) do not support these operations.
2. Why We Access Google Data
| Data | Source | Purpose |
|---|---|---|
| Name, email, profile picture | Google Sign-In | Create or authenticate a DriveDate user account; populate the user's profile name and avatar. |
| Google account ID | Google Sign-In | Stably link the Google identity to the DriveDate user record so subsequent sign-ins are recognised. |
| Calendar list | Google Calendar (instructors) | Find or create the “DriveDate Schedule” calendar |
| Existing calendar events (free/busy) | Google Calendar (instructors) | Detect conflicts so students are not offered times the instructor is unavailable |
| Calendar push notifications | Google Calendar (instructors) | Receive real-time updates when the instructor's calendar changes, keeping availability accurate |
| DriveDate lesson events (written) | Google Calendar (instructors) | Create, update, and delete events in the instructor's DriveDate calendar when lessons are booked, rescheduled, or cancelled |
3. How We Use Google Data
- Sign-In data (name, email, profile picture): Used to create or authenticate a DriveDate account, pre-fill the user's profile, and display their avatar. New student accounts created via Google Sign-In are set up immediately without a separate onboarding step.
- Google account ID: Stored as a stable identifier to match returning Google users to their existing DriveDate account.
- Calendar data (instructors only): Used exclusively to manage the instructor's DriveDate lesson schedule and availability. It is not used for advertising, profiling, or any purpose unrelated to the booking service.
- OAuth refresh tokens: Stored encrypted in our database and used solely to make authorised API calls on behalf of the instructor when calendar events need to be created, updated, or deleted. Sign-In sessions use short-lived JWT tokens managed by NextAuth; no long-lived token is stored for Sign-In-only users unless they also connect Google Calendar.
4. What We Do NOT Do with Google Data
We do not sell Google user data to any third party.
We do not use Google user data for advertising or ad targeting.
We do not share Google user data with any third party except as required to operate the Platform (e.g., Postmark to send booking emails).
We do not use Google Calendar data to build user profiles beyond the driving lesson booking context.
We do not read, store, or transmit the content of calendar events that were not created by DriveDate, except for event titles and times used solely for conflict detection.
We do not transfer Google user data to AI/ML model training.
5. Data Storage and Security
Google OAuth tokens are stored in our PostgreSQL database hosted on Railway. Access tokens are short-lived and refreshed automatically. Refresh tokens are used only when the server needs to make an authorised API call on behalf of the instructor. All database connections use TLS encryption. We do not log or cache raw token values in application logs.
6. How to Revoke Access
You can disconnect DriveDate from your Google account at any time by either:
- Going to your DriveDate dashboard settings and clicking “Disconnect Google Calendar”. This stops push notifications and removes stored tokens from our database.
- Visiting myaccount.google.com/permissions and revoking DriveDate's access. This immediately invalidates the tokens; DriveDate will detect the revocation on the next API call and de-link the calendar automatically.
After revocation, we delete the stored OAuth tokens from our database within 24 hours. Booking history and lesson events already created in Google Calendar are not automatically deleted; you can remove them manually from Google Calendar.
7. Scope Justification (Google OAuth Verification)
The following table justifies each OAuth scope DriveDate requests, in accordance with Google's minimum-scope requirement. DriveDate uses two separate OAuth consent flows – one for Sign-In and one for Calendar integration – so users only see the scopes relevant to what they are doing.
| Scope | Flow | Justification | Sensitive? |
|---|---|---|---|
| openid | Sign-In | Standard OIDC scope required to establish an authenticated identity token. Used to verify the user's Google identity during login. | No |
| userinfo.email | Sign-In & Calendar | Required to obtain the user's email address, which is the primary account identifier in DriveDate. Used to create new accounts and to match returning Google users to their existing DriveDate account. | No |
| userinfo.profile | Sign-In & Calendar | Required to obtain the user's display name and profile picture, which are stored as the user's first name, last name, and avatar in DriveDate. | No |
| calendar | Calendar only (instructors) | Required to: (a) create a DriveDate calendar via calendars.insert; (b) subscribe to push notifications via events.watch; (c) create, update, delete lesson events; (d) query free/busy times. Narrower scopes (calendar.events) do not support events.watch or calendars.insert. | Yes |
Note: Because the calendar scope is a sensitive scope, DriveDate is subject to Google's OAuth app verification requirements for the Calendar integration flow. We are undergoing (or have completed) Google's verification process. The basic Sign-In flow (openid, email, profile) does not require sensitive-scope verification.
8. Contact
For questions about how we handle Google user data, please contact our Privacy Team:
DriveDate Privacy Teamprivacy@drivedate.com