Privacy Policy

Last updated: February 13, 2026

Overview

ICUcal is a macOS desktop application for ICU physician shift scheduling and invoice management. This policy describes how the app handles your data.

Data we access

ICUcal requests access to your Google account with the following permissions:

• View your calendars — To list your Google Calendars so you can select which one to use for scheduling.
• View and edit events on your calendars — To read existing shift assignments, create new shift events, and delete events when you undo a schedule.

How your data is used

Calendar data is used solely to display shift schedules within the app and to generate PDF invoices and reports. ICUcal does not use your data for any other purpose.

Data storage

• OAuth tokens are stored locally on your Mac in the macOS Keychain, which is encrypted and protected by your system password.
• App settings (physician names, shift configurations, billing rates) are stored locally in UserDefaults on your Mac.
• No data is sent to external servers. ICUcal communicates only with Google's Calendar API to read and write calendar events. There is no ICUcal server, analytics, or telemetry.

Protection of Google user data

Security procedures are in place to protect the confidentiality of your data. ICUcal protects your Google user data with the following measures:

• Encryption at rest — OAuth tokens are stored in the macOS Keychain, which uses hardware-backed encryption to protect your credentials.
• Encryption in transit — All communication with Google APIs is conducted over HTTPS/TLS, ensuring your data is encrypted during transmission.
• Minimal data access — ICUcal only requests the calendar scopes necessary for its functionality and does not access any other Google user data.
• No server-side storage — ICUcal has no backend server. Your Google data is processed entirely on your local device and is never transmitted to or stored on any third-party server.
• No data retention — Calendar data is fetched on demand and held only in application memory during use. It is not written to disk or cached.

Data sharing

ICUcal does not sell, share, or transfer your data to any third parties. Your data stays on your device and in your Google account.

Data retention

ICUcal does not retain your calendar data. Events are fetched from Google Calendar each time you use the app and are not cached or stored locally. If you remove ICUcal, no calendar data remains on your device.

Revoking access

You can revoke ICUcal's access to your Google account at any time by visiting your Google Account Permissions page and removing ICUcal.

Contact

If you have questions about this privacy policy, please open an issue on the ICUcal site repository.