Miracle 10 ("the Service") respects your privacy. This policy explains local storage, Google sign-in, Google Calendar sync, Obsidian local integration, and optional analytics.
The Service can be used locally without Google sign-in. If you choose to connect Google Calendar, we process the Google account identifier, email address, display name, profile image URL, session cookie, Daily Loop project/section/task data, calendar event identifiers, and an encrypted Google refresh token needed to keep Calendar sync working. We do not read your full calendar contents for general profiling; Calendar access is used to create, update, or delete events requested from Daily Loop and to read calendar list metadata so tasks can be placed on a matching calendar when available.
तैनाती सेटिंग के आधार पर, निम्नलिखित सक्षम हो सकते हैं। यदि निष्क्रिय हैं, तो लागू नहीं होते।
Google user data is used only for the user-facing features described in this policy and is not sold, used for advertising, or used to train AI models. Google API data handling is also subject to the Google API Services User Data Policy: https://developers.google.com/terms/api-services-user-data-policy.
Local data remains on your device until you clear browser or app data. Server-side Daily Loop records and encrypted integration credentials are retained while you use sync features, unless you delete or revoke them where the Service provides that control or request deletion. You can also revoke Google access from your Google Account permissions page.
We do not sell personal information or Google user data. We share data only with infrastructure providers needed to operate the Service, with Google APIs as necessary to perform Calendar actions you request, or where required by law. Google user data is not transferred to advertising platforms, data brokers, or AI model training systems.
हम होस्टिंग और संबंधित सेवाओं के लिए निम्नलिखित का उपयोग कर सकते हैं:
| प्रदाता | भूमिका |
|---|---|
| Vercel | Web application hosting and delivery |
| Cloudflare | Workers API, D1/KV storage, encrypted credential storage, and sync infrastructure |
| OAuth sign-in, Calendar API, and Analytics when enabled |
You can delete local data through your browser or device settings. You can revoke Google access in your Google Account security settings. If server-side sync data exists, you may request deletion or remove integration credentials where the Service provides that control.
The Service uses essential cookies for Google OAuth state and signed-in sessions. Analytics cookies or similar technologies may be used when analytics is enabled. You can refuse non-essential cookies in your browser, but sign-in or analytics may be affected.
If we update this policy, we will post the revised text and effective date in the Service. If the way we use Google user data materially changes, we will ask for consent where required before using the data in the new way.
We use HTTPS for network communication where applicable, signed HTTP-only cookies for authentication sessions, and AES-GCM encryption for stored integration credentials such as Google refresh tokens and Obsidian tokens. Access to server-side sync data is scoped to the signed-in user. No internet service can be guaranteed completely secure, but these safeguards are intended to protect the confidentiality and integrity of Google user data and other sensitive integration data.
Effective date: May 27, 2026