SOC 2 Type II AttestedSundial is SOC 2 Type II attested.

Privacy Policy

Effective as of May 11, 2026

This Privacy Policy explains how Sundial Scheduling, LLC (“Sundial”, “we”, “us”) collects, uses, and protects your data when you use the Sundial Chrome extension. It outlines our minimal data collection practices, calendar data access limitations, data retention, and your rights.

Account Data and Usage Tracking

When you sign in, Sundial collects your email address, first name, and basic feature usage metrics (e.g., which features are used and how often). This information helps us improve the extension and ensure reliable performance.

Sundial does not store Google Calendar event content. Poll data (see Polls below) is stored in Firestore under strict access controls. Otherwise, the only information retained is your email address, first name, and aggregated usage data, which are never sold or shared with third parties except as necessary to operate our services (e.g., hosting or processing).

The use of raw or derived user data received from Google Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.

Aggregated Usage

We may use anonymized, aggregated usage data across our user base to improve features and design.

Polls

When you create or respond to a poll, Sundial stores the poll title, proposed times, guest emails, names, votes, and any optional note in Google Firestore (U.S.). Access is restricted to the poll's owner and invited participants, enforced by server-side authorization. Poll data is encrypted in transit (TLS 1.2+) and at rest (AES-256), is never used to train AI models, and is permanently deleted 90 days after the poll closes. Owners can delete a poll and its responses at any time from the dashboard.

Data Deletion

If your account or your organization terminates your subscription, you may delete your user or team data in your dashboard here or request deletion by contacting us at support@trysundial.ai. We will honor deletion requests within 30 days and confirm completion upon request, unless required to retain data by law or for legitimate business purposes (e.g., fraud prevention).

Deleting a poll also deletes its responses. All polls and responses are permanently deleted 90 days after the poll closes.

Google Calendar Access

Sundial requests two types of access to your Google Calendar data:

API Access

Sundial requests permission to access your Google Calendar data using the following scopes:

  • https://www.googleapis.com/auth/calendar.events: Used solely to allow our extension to create and delete multiple calendar events at once and only upon your explicit command.
  • https://www.googleapis.com/auth/calendar.calendars.readonly: Used solely to read the timezone metadata of people's calendars when you explicitly use the Add People Timezones feature to bulk add people's timezones to your Google Calendar. No calendar event content is accessed.

Host Permissions

We have host permissions to interact with content on https://calendar.google.com/*.

How We Use This Access

Always User-Initiated

Whether through API access or direct interaction via host permissions, we only access your calendar to perform the features you request. All actions are performed based only on your explicit commands.

No Storage

We do not store any calendar event details (e.g., titles, attendees, etc). Any calendar event data accessed through API calls or host permissions is processed locally within your browser and only for the duration necessary to perform the requested action.

Text and Image Processing

User provided text or images (e.g. availability text such as “next week on Mon 9 to 11am PT”, or screenshots containing meeting times) that we overlay atop Google Calendar is processed by OpenAI’s gpt-5.4-mini model only for the duration necessary to perform the requested action. The LLM is called via an API endpoint on Render.com.

The data sent for processing consists only of the text or images explicitly provided or generated by the user. No calendar event metadata is transmitted unless it is explicitly included by the user in the content being processed.

No storage or training. Customer data is not used to train AI models, and subprocessors are bound by obligations that prohibit such use.

Google Drive Access

Sundial only requests limited Google Drive access when you choose to generate a calendar audit. Sundial does not receive access to all files in your Google Drive. Upon the first use of calendar audit, you’ll be asked to grant the https://www.googleapis.com/auth/drive.file permission.

This permission allows Sundial to create and fill a new Google Sheet in your account with calendar details—such as event titles, times, and attendees—based on the date range you select.

Sundial cannot view or edit any other files in your Google Drive, only the Sheets it creates for you.

No Storage

Sundial does not store or retain any Google Sheets content or calendar data. All processing occurs locally in your browser, and the resulting Sheet is saved directly to your Google Account.

Data Protection and Sharing

Sundial protects sensitive user data using industry-standard security measures, including encryption in transit via TLS 1.2+ and encryption at rest using AES-256 where data is stored. Access to systems containing user data is restricted using least-privilege access controls and authentication safeguards. We regularly review and monitor our infrastructure to help prevent unauthorized access, disclosure, or misuse of user data.

All infrastructure used to process your data is U.S.-based. We do not sell, rent, or otherwise share your personal information with third parties. Your data is kept strictly confidential, and we only use it for the purposes outlined in this privacy policy.

In the event of a data breach affecting your personal information, we will notify affected users as required by law and within 72 hours where applicable.

User Rights

You have the right to access and delete your data. If you wish to do so, please contact us at support@trysundial.ai.

Changes to Our Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or to comply with new legal requirements. We will notify you of any changes to our privacy policy by posting the new policy on our website.

Contact Us

If you have any questions or concerns about our privacy policy or the data we collect, please contact us at support@trysundial.ai. We are happy to address any concerns you may have.