Legal

Privacy Policy

Last updated: Mar 19, 2026

Overview

PlanEra helps students organize coursework by turning documents into tasks and syncing schedules to calendars. This policy explains what data we collect and how we use it.

Information We Collect

  • Account details such as your name and email address.
  • Uploaded documents and the task data extracted from them by AI.
  • Google Calendar data when you choose to connect it: we request permission to create and edit events on your calendar so we can sync your assignment deadlines. We store OAuth tokens (access and refresh tokens) to maintain this connection. We do not read, store, or access any existing events on your calendar.
  • Notification preferences you configure in Settings.

How We Use Information

We use your data to create study plans, display and manage tasks, sync events to your calendar, and send reminders. We do not sell your data to third parties, ever.

Data Sharing and Subprocessors

We share data only with service providers that are necessary to run PlanEra. All such providers are under contracts that require them to protect your data. We do not sell your data. Our subprocessors include:

  • OpenAI - AI for task extraction from documents and for the schedule chat.
  • Supabase - Database hosting (your account and content are stored there).
  • Resend - Transactional email (verification, password reset, reminders, digest).
  • Google - Sign-in and optional Calendar sync (only when you connect it).
  • Vercel - Application hosting.

We may update this list; the current list will always be reflected in this policy.

Data Retention

We keep your data until you delete your account or request deletion. When you request account deletion, we remove your data from our systems and remove synced events from your Google Calendar. We aim to process deletion requests within 30 days. Note: OpenAI may retain API inputs and outputs per their own policy; we do not control their retention.

Data Protection

We implement multiple layers of protection for your data, including sensitive data obtained through Google APIs:

  • Encryption in transit: All connections between your browser and our servers use TLS (HTTPS). All connections between our servers and third-party services (database, Google APIs) are also encrypted with TLS.
  • Encryption at rest: Our database is hosted on Supabase, which encrypts all stored data at rest using AES-256. This includes your account information, task data, and OAuth tokens.
  • OAuth token security: Google OAuth access tokens and refresh tokens are stored in our encrypted database and are only used server-side to sync your assignment deadlines to Google Calendar. Tokens are never exposed to the browser or to any third party. You can revoke access at any time from your PlanEra Settings page or from your Google Account permissions.
  • Access controls: Only authenticated, authorized server-side code can access your data. Each user can only access their own data — all database queries are scoped to the authenticated user's ID. Administrative access to production systems is restricted to the development team.
  • Minimal data access: We request only the Google API scopes necessary for the features you use. Calendar access is requested separately from sign-in and only when you choose to connect Google Calendar. We only create and update events for your PlanEra tasks — we do not read or modify your existing calendar events.
  • Account deletion: When you delete your account (from Settings or by contacting support), we remove all your data from our systems, delete synced events from your Google Calendar, and revoke stored OAuth tokens. Deletion is processed within 30 days.

Google API Services Usage

PlanEra's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data to provide and improve PlanEra's calendar sync feature.
  • We do not use Google user data for advertising or to serve ads.
  • We do not sell Google user data to third parties.
  • We do not use Google user data for purposes unrelated to PlanEra's functionality.

Safety and In-App Chat

The in-app chat is for schedule and planning questions only (e.g., due dates, assignments). It is not monitored for crisis or emergency situations. If you or someone you know is in crisis, please contact 988 (Suicide & Crisis Lifeline), Crisis Text Line (text 741741), or your school counseling or local emergency services.

Your Choices

You can disconnect calendar sync, delete uploads, clear all activity, or close your account from the Settings page. For account deletion, contact support and we will process your request promptly.

Contact

If you have questions about this privacy policy, email us at support@plan-era.com.

Terms of Service·Back to Home