Skip to main content
← Back to RabbitHole

Privacy Policy

Last updated: June 9, 2026

Overview

RabbitHole is a personal-scheduling application that helps you plan goals, manage tasks, and turn intentions into a workable calendar. This Privacy Policy explains what data we collect, how we use it, who we share it with, and the controls you have over it. We try to keep the answers short and concrete; if anything below is unclear, contact us at the email at the bottom of the page.

Information we collect

Account information. When you sign in with Google, we receive your name, email address, and profile picture from Google. We do not see or store your Google password.

Content you create. Goals, tasks, schedules, preferences, recurring meetings, push-notification subscriptions, and any text you enter into the planner or refine chat. This content is stored under your account.

Calendar data (optional). If you grant the Google Calendar read scope, RabbitHole reads upcoming events from the calendars you select. We use this only to render events on your schedule and to avoid scheduling work over existing commitments. We do not modify, create, or delete events in your Google Calendar.

Canvas data (optional). If you connect a Canvas class via the iCal feed URL or API token, we read upcoming assignments and import them as flexible tasks. We do not submit, edit, or delete anything in Canvas.

Usage logs. Standard server logs (IP address, request paths, timestamps, user-agent) used for debugging, abuse prevention, and performance monitoring. Logs are kept for 30 days unless needed for an active investigation.

AI-feature usage. When you use the AI planner or refine chat, we send the relevant goal/task context plus your message to a third-party LLM provider (OpenAI) and store the request/response for product improvement, debugging, and billing reconciliation.

How we use your information

  • To provide the scheduling, planning, and notification features you sign up for.
  • To personalize the experience (your preferred work hours, focus time, classes, etc.).
  • To debug, prevent abuse, monitor performance, and improve the service.
  • To send you transactional product emails (login, account changes) and the push notifications you opt into.
  • To enforce our terms and comply with legal obligations.

We do not sell your data. We do not use your data to train AI models on your behalf or anyone else's.

Google API Services User Data Policy

RabbitHole's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

What this means in practice for RabbitHole's use of Google Calendar data:

  • We use Google Calendar data only to render your events on the schedule and to avoid scheduling work over them.
  • We do not transfer your Google data to third parties except as needed to provide the service (hosting + database providers), comply with applicable law, or as part of a merger/acquisition with appropriate notice to you.
  • We do not use Google Calendar data for advertising.
  • We do not allow humans to read your Google Calendar data, except (a) with your explicit consent, (b) where required for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data is aggregated and used for internal operations in accordance with the Limited Use requirements.

Sharing and disclosure

We share data with a small set of vendors who help us run the service:

  • Vercel (hosting + edge functions)
  • Turso / libSQL (managed database)
  • OpenAI (LLM features — only when you use the AI planner/refine chat)
  • Google (OAuth sign-in and Calendar API)

We may also disclose information if compelled by valid legal process, to protect rights and safety, or as part of a corporate transaction where we will give reasonable notice.

Data retention and deletion

We retain your account content until you delete it or your account. You can delete individual goals, tasks, or push subscriptions from within the app at any time. To delete your entire account and associated data, email the address below — we will action the request within 30 days.

Server logs are retained for 30 days. LLM request/response logs are retained for 90 days. Backups are rotated on a 30-day cycle; if you delete data, it remains in backups for up to 30 days before being overwritten.

Security

We use HTTPS for all traffic, store credentials hashed, and limit production-data access to a small number of personnel under contractual confidentiality. We rely on industry-standard practices but cannot guarantee absolute security; please use strong unique credentials for your Google account and notify us of any suspicious activity.

Your rights

Depending on your jurisdiction, you may have rights to access, correct, port, or delete your personal data, and to object to or restrict certain processing. To exercise any of these, email us at the address below. We will respond within 30 days.

You can revoke RabbitHole's access to your Google account at any time via Google's permissions page. Doing so will disconnect calendar sync; existing imported data remains until you delete your account.

Children

RabbitHole is not directed to children under 13 and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.

International users

RabbitHole is operated from the United States. By using the service you consent to the transfer and processing of your data in the U.S. and in any country where our service providers operate.

Changes to this policy

We will update this page when our practices change. The "Last updated" date at the top reflects the most recent revision. Substantive changes will be announced via email or in-app notice.

Contact

Questions, deletion requests, or rights requests: privacy@rabbithole-ai.app.

See also our Terms of Service.