Privacy Policy

Last updated: April 29, 2026

This Privacy Policy describes how Someday (“Someday,” “we,” “us,” or “our”) collects, uses, and shares information when you use our website and services (collectively, the “Service”). Someday is operated by an individual developer based in California, United States. By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect information you provide directly to us and information that is generated automatically when you use the Service.

  • Account information: name, email address, and authentication identifiers (managed via Supabase Auth) when you sign in.
  • Content: tasks, notes, and chat messages you create or import into the Service.
  • Google Calendar data: if you connect Google Calendar, calendar events and metadata obtained via the Google Calendar API. See Section 3 for details.
  • SMS data: if you link a phone number, your phone number, the contents of SMS messages you send to and receive from Someday, and carrier delivery metadata. SMS is delivered via Telnyx.
  • Usage data: device type, browser, pages viewed, and interaction events used to operate and improve the Service. We use Vercel Analytics, which collects aggregated, privacy-friendly metrics without cross-site tracking cookies.

2. How We Use Information

  • To provide, maintain, and improve the Service.
  • To authenticate you and secure your account against unauthorized access.
  • To deliver the AI features you request, including generating suggestions, responding to your messages, and (where you have connected Google Calendar) reading and modifying calendar events on your behalf.
  • To communicate with you about the Service, including service updates and support.
  • To comply with legal obligations and enforce our Terms of Service.

3. Google User Data

When you connect Google Calendar to Someday, we request the following OAuth scopes:

  • openid and email — to identify your Google account.
  • https://www.googleapis.com/auth/calendar— full read and write access to your Google calendars. We use this to display your events in Someday’s day view and to allow the Someday assistant to create, update, and delete calendar events at your request.

How we access and use Google data: we read calendar events for the current day and the next 7 days to render your schedule and to provide context to the Someday assistant when you message it. The assistant may also create, update, or delete calendar events when you ask it to (for example, “move my 3pm to tomorrow”). We store OAuth refresh tokens server-side so the Service can keep your calendar in sync.

How we store Google data: calendar events themselves are fetched on demand and are not persisted to our database; only OAuth tokens and the fact that you have connected Google Calendar are stored.

How we share Google data: calendar event content is shared with Google’s Gemini API when it is needed as context for an AI feature you have invoked (see Section 4). It is not shared with any other third party.

Limited Use compliance: Someday’s use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer or sell Google user data to third parties (including for advertising, retargeting, credit assessment, or data brokers), and we do not use Google user data to develop, improve, or train generalized AI or machine-learning models.

Disconnecting Google Calendar: you can disconnect Google Calendar at any time from Someday’s integrations settings, which deletes the stored OAuth tokens. You can also revoke access directly at myaccount.google.com/permissions.

4. AI and Automated Processing

Someday uses Google’s Gemini large language models to power features such as suggestions and SMS replies. To deliver these features, we send the relevant context to Gemini, which may include your tasks, notes, connected Google Calendar events, recent SMS conversation history, and the message you are submitting. When processing inbound SMS, Gemini may also use grounding tools provided by Google (web search, URL retrieval, code execution, and Google Maps) to answer your request; portions of your message may be sent to those tools.

We use Gemini under terms that prohibit using your data to train Google’s general-purpose models. We do not use Google user data, SMS content, or your tasks and notes to create, train, or improve any AI or machine-learning model beyond features personalized to your own account.

5. Actions Taken on Your Behalf

The Someday assistant can take actions on your behalf in response to your instructions, including:

  • Creating, updating, completing, and deleting tasks and notes.
  • Creating, updating, and deleting Google Calendar events (when Google Calendar is connected).
  • Sending SMS replies to you from the Someday number.

These actions are initiated by your messages. We log the actions taken so you can review them.

6. Sharing of Information

We do not sell your personal information. We share information only as described below:

  • Service providers (sub-processors): Vercel (application hosting and analytics, United States), Supabase (authentication and database hosting, United States), Google (Gemini AI processing, United States), and Telnyx (SMS delivery, United States). These providers process data on our behalf under confidentiality and data-protection obligations.
  • Integrations: when you connect a third-party service (such as Google Calendar), data is exchanged with that service as needed to perform the integration.
  • Legal reasons: to comply with applicable law, regulation, legal process, or governmental request.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this Privacy Policy.

7. Data Retention and Deletion

We retain your information for as long as your account is active. You can delete your account at any time from Someday’s settings; account deletion takes effect immediately and removes your tasks, notes, chat history, SMS records, and stored Google Calendar OAuth tokens from our active systems. Routine encrypted backups may retain residual copies for a short period before being overwritten. We may retain limited records where required by law.

8. Security

We use reasonable administrative, technical, and physical safeguards to protect your information, including encryption in transit (TLS) and encryption at rest for our databases and backups. Inbound SMS webhooks are verified using Telnyx’s Ed25519 signature scheme. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Human Access to Your Data

We do not routinely read the contents of your tasks, notes, calendar events, or SMS messages. A human (the operator of Someday) may access this data only when (a) you give us affirmative permission, for example by sharing a specific message while requesting support; (b) it is necessary to investigate a security incident or suspected abuse; (c) it is required by law; or (d) the data has been aggregated or de-identified for internal operations.

10. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or port your personal information, and to object to or restrict certain processing. California residents have additional rights under the California Consumer Privacy Act (CCPA), as amended by the CPRA, including the right to know what personal information we collect, the right to delete it, the right to correct it, and the right not to be discriminated against for exercising these rights. We do not sell or “share” personal information for cross-context behavioral advertising. To exercise any of these rights, contact us at the email below.

11. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

12. International Users

Someday is operated from the United States, and your information is processed and stored in the United States. If you access the Service from outside the United States, you consent to the transfer and processing of your information in the United States.

13. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date above. If we make a material change to how we use your data, we will notify you and, where required, obtain your consent before the change takes effect.

14. Contact

Questions about this Privacy Policy can be sent to hu.evan123@gmail.com.