Privacy Policy — Grab Event Bot
Last updated: 20 June 2026
This policy explains how Grab Event Bot (the “bot”, available on Telegram as
@skedlyBot) handles your data, including information obtained through
Google APIs.
What data we process
- Message content you send (text, forwarded posts, and screenshots/images). We process it
only to extract the event details (title, date/time, location, description).
- Extracted event details. Parsed results may be cached to speed up repeat requests. The
cache is not linked to your identity.
- Usage metadata. Your Telegram user ID and request timestamps, used to operate the service
and enforce usage limits.
- Approximate location & timezone. If you share a location, we store only a coarse
country/city and an IANA timezone. Precise coordinates are never stored.
- Google account data (only if you connect): your account identifier
(
openid, email) for sign-in, the calendar.events scope, and
the calendar.settings.readonly scope (to read your calendar time zone).
What Google data we access
If — and only if — you choose to connect your Google account, the bot requests:
https://www.googleapis.com/auth/calendar.events — to create and delete calendar
events (see “How we use it” below);
https://www.googleapis.com/auth/calendar.settings.readonly — to read your calendar's
default time zone, so timed events are created at the correct local time;
openid, email — your basic account identifier, for sign-in.
The bot does not request access to read or list your existing calendar events.
How we use it
Calendar access is used solely to create the events you submit to the bot in your
Google Calendar, and to delete an event you previously added when you cancel it. We do not
use this access for any other purpose.
Sharing & third-party processors
We do not sell your data, do not share it with third parties for their own purposes,
and do not use it for advertising or to train AI/ML models. Message content you send is
processed by automated AI systems solely to extract the event details; it is not used to train those
models. We rely on the following providers strictly to operate the bot:
- Telegram — the messaging platform the bot runs on.
- Google — to create/delete events in your calendar when you connect your account.
How we protect your data (security)
Security procedures are in place to protect the confidentiality of your data, including data
obtained through Google APIs. We use encryption to protect your information, with the following
measures:
- Encryption in transit: all connections to the bot's web endpoints and all calls to Google
APIs use HTTPS/TLS.
- Encryption at rest: your Google OAuth access and refresh tokens, and your account email,
are stored using symmetric authenticated encryption (Fernet, AES-128 + HMAC-SHA256). They are never
stored or transmitted in plaintext.
- Restricted access & no logging of secrets: credentials are used only by the bot to
perform the actions above; they are never written to logs, shared, or exposed to third parties.
- The service runs on an access-controlled server.
Limited Use disclosure
Grab Event Bot’s use and transfer of information received from Google APIs to any other app will
adhere to the
Google API Services
User Data Policy, including the Limited Use requirements.
Data retention & deletion
Retention. We retain your personal information, including Google user data, only for the
length of time needed to provide the service, and no longer. In practice we keep Google user data
only while your account stays connected:
- Your Google OAuth tokens and account email are retained only while your account is connected:
they are deleted immediately when you disconnect, and they are also deleted automatically whenever a
token is revoked or expires — at which point the bot asks you to reconnect. (During the app's current
testing phase, Google refresh tokens expire after 7 days.)
- Message content you send is processed only to extract the event and is not retained as Google
user data; any cached extraction result is not linked to your identity or your Google
account.
Deletion. You can delete your data at any time:
- Send
/disconnect (or use Disconnect in the bot's Settings). This immediately revokes
the token at Google and deletes the stored credentials and email from our database.
- You can also revoke access from your
Google Account permissions.
- You may also request for your data to be deleted by contacting us at
invilink@gmail.com (or
@invilink on Telegram); we will delete it promptly.
Contact
Questions: message @invilink on Telegram.