Privacy Policy
Neher Data Services LLC ("we", "us", or "our") operates Familiar (the personal data companion platform) and Calendar Wizard (the Telegram bot available at @nds_klaus_bot). This Privacy Policy explains what data we collect, why we collect it, how we protect it, and the choices you have.
By using Calendar Wizard or any Familiar service, you agree to the practices described in this policy. If you do not agree, do not use the service.
What We Collect
We collect the minimum data necessary to provide the service.
| Data | Why We Collect It | Where It Is Stored |
|---|---|---|
| Telegram user ID | Identifies your account. We cannot know who is sending commands without it. | PostgreSQL database on our self-hosted server |
| Google OAuth token (encrypted) | Allows us to read and write your Google Calendar on your behalf. | PostgreSQL, encrypted at rest with pgcrypto symmetric encryption |
| Timezone preference | Ensures events you create land at the correct local time. | PostgreSQL database |
| Calendar events you create or modify | We cache events to provide faster responses and to show you upcoming events without making repeated Google API calls. | PostgreSQL database, retained for 90 days after last sync |
| Command logs (last 30 days) | Used to debug failures and improve the service. Logs contain command type (e.g., "create event") and timestamp but not the full message text. | Server application logs, rotated every 30 days |
What We Do NOT Collect
We do not store the full text of your Telegram messages. Messages are processed in memory, acted on, and discarded. They are never written to a database or log file.
- We do not store raw Telegram message content.
- We do not collect your name, email address, or phone number.
- We do not run behavioral analytics or tracking pixels.
- We do not use advertising networks.
- We do not sell, rent, or trade your data with any third party.
- We do not use cookies or browser fingerprinting (Calendar Wizard has no web interface that tracks you).
- We do not collect location data.
How We Use Data
We use the data we collect exclusively to:
- Authenticate you when you send commands to the bot.
- Read and write events in your Google Calendar using your OAuth token.
- Display upcoming events and reminders to you via Telegram.
- Troubleshoot errors in the service.
- Improve performance by reducing redundant API calls to Google.
We do not use your data to train machine learning models. We do not analyze your calendar content for any purpose other than displaying it back to you.
Encryption & Security
Your Google OAuth token is the most sensitive piece of data we hold. If exposed, it could allow someone to read or modify your calendar. We take the following measures to protect it:
-
Encrypted at rest: Tokens are stored in PostgreSQL using
pgcryptosymmetric encryption. The plaintext token is never written to disk; only the encrypted ciphertext is stored. - Encrypted in transit: All communication between the bot server and Telegram, and between the bot server and Google, uses TLS 1.2 or higher.
- Server access controls: The server hosting the database is accessible only via Tailscale VPN. No database port is exposed to the public internet.
- Limited access: Only the Calendar Wizard service account has database credentials. No human logs in to the database in normal operations.
For a technical breakdown of exactly how encryption is implemented, see the Data Transparency page.
Data Retention
| Data Type | Retention Period | Deletion Trigger |
|---|---|---|
| Telegram user ID + account record | Until you request deletion | Email request or /delete command |
| Google OAuth token (encrypted) | Until you revoke access or request deletion | Revoking access in Google Account settings; or email request |
| Timezone preference | Until account deletion | Account deletion |
| Cached calendar events | 90 days from last sync | Automatic expiry; also cleared on account deletion |
| Command logs | 30 days | Automatic log rotation |
Third-Party Services
We interact with the following third-party services. We do not share your data with any other parties.
Google Calendar API
When you connect your Google account, we use the Google Calendar API to read and write events. Google's own Privacy Policy governs how Google handles your data. We request the minimum required OAuth scopes: read and write access to your calendars. We do not request access to your email, contacts, or any other Google service.
You can revoke our access at any time by visiting myaccount.google.com/permissions and removing "Calendar Wizard" from the list of connected apps.
Telegram Bot API
Calendar Wizard operates through the Telegram Bot API. Telegram's Privacy Policy governs the messages you send through Telegram. We receive your Telegram user ID and your message text via Telegram's webhook system. Message text is processed in memory only and is never stored.
Cloudflare
The help documentation you are reading now is hosted on Cloudflare Pages. Cloudflare may log standard HTTP access data (IP address, user agent, timestamps) as described in Cloudflare's Privacy Policy. The bot API server itself is not behind Cloudflare; it communicates directly with Telegram and Google APIs over a private VPN.
Your Rights
You have the following rights regarding your data at any time:
- Access: Request a copy of all data we hold about you. Email james@westover.dev with the subject "Data Access Request". We will respond within 14 days.
-
Deletion: Request deletion of your account and all associated data.
Email james@westover.dev with the subject
"Delete my data", or send the command
/deleteto the bot. We will confirm deletion within 48 hours. - Revoke calendar access: You can revoke Google Calendar access at any time without contacting us by visiting myaccount.google.com/permissions. Revoking access in Google will cause the bot to stop functioning until you reconnect.
- Correction: If any data we hold is inaccurate, contact us and we will correct it.
- Portability: You can request a machine-readable export of your data.
We do not use your data for automated decision-making or profiling that has legal or significant effects on you.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be announced via the Telegram bot with at least 7 days notice before taking effect. The "Effective date" at the top of this page reflects when the current version was published.
Continuing to use Calendar Wizard after a policy change takes effect constitutes acceptance of the updated policy.
Contact
Questions, data requests, or concerns about this Privacy Policy:
Email: james@westover.dev
Organization: Neher Data Services LLC
We aim to respond to all privacy-related inquiries within 3 business days.