Google User Data Disclosure

1. What Google Data We Access

Google Calendar OAuth (instructors only, optional)

When an instructor connects Google Calendar, they go through Google's standard OAuth 2.0 flow. Google's OAuth protocol always includes basic identity claims alongside any additional scope. As a result, DriveDate incidentally receives:

• Google account ID
• Display name
• Email address

These are used solely to link the Google account to the instructor's existing DriveDate account. They are not used for sign-in and DriveDate does not offer “Sign in with Google” as an authentication option.

All OAuth scopes requested during calendar connection:

The userinfo.profile and userinfo.email scopes are standard OpenID Connect scopes included automatically by Google's OAuth library. The primary scope DriveDate requires is calendar — see below.

Google Calendar — data accessed

When an instructor voluntarily connects Google Calendar we access:

• List of calendars in the instructor's Google account (to locate or create the DriveDate calendar)
• Events in the instructor's primary calendar — titles and start/end times only — to detect scheduling conflicts
• Events we create in the dedicated “DriveDate Schedule” calendar

OAuth scope used:

Why we need the full calendar scope: We use the Google Calendar push notification API (calendar.events.watch()) to receive real-time updates when the instructor's availability changes. This API requires the calendar scope. We also call calendar.calendars.insert() to create the dedicated DriveDate calendar, which also requires this scope.

2. Why We Access Google Data

3. How We Use Google Data

• Name and email received during the Google OAuth flow are used solely to link the Google account to the instructor's existing DriveDate account. Instructors already have a DriveDate account before connecting Google Calendar; this data is not used to create new accounts or for sign-in.
• Calendar data is used exclusively to manage the instructor's DriveDate lesson schedule and availability. It is not used for advertising, profiling, or any purpose unrelated to the booking service.
• OAuth refresh tokens are stored encrypted in our database and used solely to make authorised API calls on behalf of the instructor when calendar events need to be created, updated, or deleted.

4. What We Do NOT Do with Google Data

5. Data Storage and Security

Google OAuth tokens are stored in our PostgreSQL database hosted on Railway. Access tokens are short-lived and refreshed automatically. Refresh tokens are used only when the server needs to make an authorised API call on behalf of the instructor. All database connections use TLS encryption. We do not log or cache raw token values in application logs.

6. How to Revoke Access

You can disconnect DriveDate from your Google account at any time by either:

1. Going to your DriveDate dashboard settings and clicking “Disconnect Google Calendar”. This stops push notifications and removes stored tokens from our database.
2. Visiting myaccount.google.com/permissions and revoking DriveDate's access. This immediately invalidates the tokens; DriveDate will detect the revocation on the next API call and de-link the calendar automatically.

After revocation, we delete the stored OAuth tokens from our database within 24 hours. Booking history and lesson events already created in Google Calendar are not automatically deleted; you can remove them manually from Google Calendar.

7. Scope Justification (Google OAuth Verification)

The following table justifies each OAuth scope DriveDate requests, in accordance with Google's minimum-scope requirement.

Note: Because the calendar scope is a sensitive scope, DriveDate is subject to Google's OAuth app verification requirements. We are undergoing (or have completed) Google's verification process. Until verification is complete, sign-in may display an “unverified app” warning.

8. Contact

For questions about how we handle Google user data, please contact our Privacy Team: