Help Center

Privacy Policy

Details on how FlowTime handles personal information and safeguards user privacy.

Last updatedNovember 28, 2025

This Privacy Policy (the "Policy") describes how Yattask (the "Service") handles users' personal information on its website and related applications (collectively, the "Service").

Article 1 (Basic Policy)

The Service complies with applicable laws and guidelines, including the Act on the Protection of Personal Information, the EU GDPR, and the Google API Services User Data Policy, and strives to protect user privacy.

We do not target children under the age of 13. We do not knowingly collect personal information from users under 13, and if we inadvertently obtain such information, we will promptly delete it.

Article 2 (Definition of Personal Information)

"Personal information" means information that can identify a living individual (name, address, email address, etc.) as well as information containing personal identification codes.

Article 3 (Collection Methods)

  • Information users enter into input forms and similar interfaces
  • Information lawfully received from external services (payment, authentication, etc.)
  • Technical information automatically obtained via cookies or web beacons

Article 4 (Purposes of Use)

  • Provide, operate, and improve the Service
  • Respond to inquiries and verify identity
  • Maintenance and important notices
  • Feature development and market analysis (anonymized statistics only)
  • Billing and payment processing
  • Investigate and respond to violations of the Terms

Article 5 (Handling of Google User Data)

1. Scopes Obtained

The Service requests the minimum necessary OAuth scopes listed below.

  • openid / email / profile — Authentication and avatar display
  • https://www.googleapis.com/auth/calendar.events — View and edit events on all calendars

2. Purposes of Use

  • Login authentication
  • Provide two-way sync that overlays schedules on day/week views and allows creating, editing, and deleting events
  • Prevent unauthorized access and protect accounts

3. Storage and Caching

We do not store calendar event content (title, time, description, etc.) on our servers. It is held temporarily in browser or mobile app memory and used only for display. We do not write it to logs or databases. Access tokens are stored on the server in encrypted form and deleted 24 months after the last login or upon account deletion.

4. Limited Use Compliance

We comply with the Limited Use requirements of the Google API Services User Data Policy and do not use user data for advertising or training generalized AI/ML models.

Article 6 (Provision to Third Parties)

The Service will not provide personal information to third parties without user consent, except as required by law.

Article 7 (Disclosure, Correction, Deletion)

Users can request deletion or revoke access at any time through account settings or Google permission settings. Related tokens are deleted within 30 days after the request is received.

We use GA4 and Cookie Consent Mode v2 to conduct analytics after obtaining user consent.

Article 9 (Retention and Deletion)

We retain personal information only as long as necessary to fulfill the intended purpose, and securely delete it after the purpose is fulfilled or the legal retention period ends.

Article 10 (Breach Notification)

If a data breach occurs, we will notify the supervisory authority and affected users within 72 hours whenever possible.

Article 11 (Security)

  • TLS 1.2+ encryption for data in transit
  • AES-256 encryption for stored tokens and KV cache
  • Least-privilege access control and audit logs

Article 12 (Exemption)

  • When users disclose their own personal information to third parties
  • When an individual is identified from information entered by users on the Service or other services
  • Troubles related to information obtained through external services (excluding our willful misconduct or gross negligence)
  • Any other circumstances not attributable to the Service

Article 13 (Changes to this Policy)

We may update this policy to reflect legal or operational changes and will notify users on the website.

Article 14 (Contact)

If you have questions about this Policy, please contact us at:

E-mail: servicedake@gmail.com

Last updated: November 28, 2025