← Back

Privacy Policy

Last updated: May 11, 2026

MorningDocket (“we”, “us”) operates the daily calendar digest service at morningdocket.com. This policy describes what data we collect, how we use and protect it, and the choices you have. By using MorningDocket, you agree to this policy.

What we collect

Account data. When you sign in with Google, we receive your name, email address, profile picture, and a Google OAuth refresh token scoped to read your Google Calendar events (the https://www.googleapis.com/auth/calendar.readonly scope). We store these in our database so that we can read your calendar on your behalf each day.

Preferences. Your delivery settings: timezone, send hour, days ahead, paused status, weekdays-only flag, selected calendar IDs, email theme/font/size, and an optional verified alternate delivery email.

Optional secondary calendars. If you connect an iCal/ICS feed (Outlook, Apple, or a secondary Google calendar), we store the feed URL.

Email delivery records. A row per email we attempt to send, containing timestamp, status, and event count — never the contents of your events.

Billing data. If you subscribe, Stripe collects and stores your payment details on their systems. We receive a Stripe customer ID and subscription status. We never see or store your full card number.

Referrals. If you arrive via a referral link or refer someone else, we store the relationship and a status flag (pending, credited, or invalidated).

How we use your Google data

We use your Google Calendar data for the sole purpose of generating your daily MorningDocket email. Each scheduled run we fetch your upcoming events from Google Calendar, render them into an email, and send it to you. We do not store the contents of your calendar events on our servers. Event titles, times, locations, and attendees are held in memory only for as long as it takes to send the email, then discarded. Google retains the underlying records on their side, as always.

Compliance with Google API Services User Data Policy

MorningDocket's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Google user data only to provide and improve the user-facing MorningDocket digest feature.
  • We do not transfer Google user data to third parties except as necessary to provide or improve the feature, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
  • We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • We do not allow humans to read Google user data unless we have your affirmative consent for specific data, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or the data has been aggregated and anonymized.
  • We do not use Google user data to develop, improve, or train generalized or non-personalized AI/ML models.

How we protect your data

We apply industry-standard safeguards to protect your information, including the sensitive Google data described above:

  • Encryption in transit. All traffic to and from morningdocket.com — including OAuth callbacks, dashboard sessions, outbound email submission, and Stripe checkout — is served over HTTPS/TLS 1.2+. We do not accept plaintext connections.
  • Encryption at rest. Our database (managed Postgres hosted by Supabase) encrypts all data at rest with AES-256. Backups are encrypted with the same standard.
  • Application-level encryption for sensitive fields. iCal/ICS feed URLs you provide are additionally encrypted at the application layer using AES-256-GCM with a key held only in our server environment before being written to the database. One-time email verification codes are never stored in plaintext — we store a SHA-256 hash, with a 10-minute expiry and a 5-attempt cap.
  • OAuth token handling. Google OAuth refresh and access tokens are stored in the database under your account row and are accessed only by our server-side scheduled job to fetch your calendar. Tokens are never exposed to the browser, never logged, and are deleted when you delete your account or disconnect.
  • Access controls.The database is reachable only from our server environment via authenticated, IP-restricted connections — there is no public API into it. Production secrets (database credentials, OAuth client secret, encryption key, Stripe and Resend API keys) are stored in our hosting provider's encrypted environment variable store and are accessible only to a small number of administrators.
  • Authentication. User sessions are managed by Auth.js with database-backed sessions; we do not see or store your Google password.
  • Principle of least retention. Calendar event contents are processed in memory and discarded after each send. Email delivery records contain metadata only (status, timestamp, event count), not event contents.
  • Subprocessor security. The third-party services we rely on (Google, Stripe, Resend, Supabase, Vercel) each maintain their own SOC 2 / ISO 27001 / PCI-DSS programs as applicable to their offering.

No system is perfectly secure, but if we ever become aware of a security incident affecting your data, we will notify affected users without undue delay and consistent with applicable law.

Who we share with

We use the following third-party subprocessors strictly to operate MorningDocket:

  • Google — source of your calendar events at email-send time.
  • Resend — delivers the emails to your inbox.
  • Stripe — processes subscription payments and stores billing details.
  • Supabase — hosts the Postgres database that stores your account, preferences, and delivery records.
  • Vercel — hosts the web application and runs the scheduled email job.

We do not sell your personal data. We do not use your personal data for advertising. We do not use your Google data to train AI or ML models, generalized or otherwise.

Data retention

We retain your account data, preferences, and delivery metadata for as long as your account is active. Calendar event contents are not retained beyond the moment of sending. When you delete your account, we remove your user record, OAuth tokens, preferences, ICS feed URLs, and email-delivery history from our database immediately (see “Your choices” below). A minimal record may be kept where required for legal, tax, or fraud-prevention purposes (for example, Stripe's record of past transactions). One internal record — the email address that started a free trial — is retained even after account deletion to prevent trial abuse via repeated sign-up.

Your choices

  • Disconnect Google access.Revoke MorningDocket's access to your Google Calendar at any time from myaccount.google.com/permissions.
  • Pause emails.Toggle the “paused” switch in Settings to stop digests without losing your preferences.
  • Delete your account.The Settings page has a “Delete account” action that immediately removes your user record, OAuth tokens, preferences, ICS feeds, referral relationships, and email-delivery history. If you have an active Stripe subscription, it is cancelled as part of the same flow.
  • Request a copy or correction. Contact us via the form below and we will respond within 30 days.

Children

MorningDocket is not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, contact us and we will delete it.

International users

Our infrastructure and subprocessors are based in the United States. If you use MorningDocket from outside the United States, your data is transferred to and processed in the United States.

Changes to this policy

If we make material changes to this policy, we will update the “Last updated” date above and, where appropriate, notify active users by email before the changes take effect.

Contact

Questions about this policy, or requests about your data, can be sent through our contact form. We respond from a monitored address; please do not reply directly to MorningDocket digest emails, as that mailbox is unattended.