Privacy Policy - Google Tasks MCP Server

Last updated: December 2024

This Privacy Policy describes how Google Tasks MCP Server ("we", "our", or "the Service") collects, uses, and protects your information when you use our Model Context Protocol (MCP) server to connect your AI assistant to Google Tasks.

Summary: We store only the minimum data required to authenticate you with Google. We never store, access, or log your actual task data.

Information We Collect

When you authorize the Service to access your Google Tasks, we collect and store:

OAuth Tokens: Authentication credentials that allow the Service to access Google Tasks on your behalf. These tokens are encrypted at rest using AES-128 encryption.
Client Registration Data: Technical identifiers for your MCP client (such as Claude Desktop or Cursor) to maintain your session.

Information We Do NOT Collect

We want to be clear about what we do not store:

Task Data: Your tasks, task lists, due dates, notes, and any other Google Tasks content are never stored on our servers. This data flows directly between your AI assistant and Google.
Personal Information: We do not collect your name, email address, or any other personal details from your Google account.
Usage Logs: We do not log or track which tasks you create, view, complete, or delete.
Conversation Data: We have no access to your conversations with your AI assistant.

How We Use Your Information

The OAuth tokens we store are used solely to:

Authenticate requests from your AI assistant to Google Tasks
Refresh expired access tokens to maintain your connection

Data Security

We take the security of your authentication credentials seriously:

Encryption at Rest: All OAuth tokens are encrypted using Fernet (AES-128) encryption before storage.
Secure Transmission: All data is transmitted over HTTPS/TLS.
Minimal Storage: We store only what is necessary for the Service to function.

Third-Party Services

The Service integrates with:

Google Tasks API: To read and write your tasks. Google's use of your data is governed by Google's Privacy Policy.
Your MCP Client: Such as Claude Desktop, Cursor, or Claude Code. These clients have their own privacy policies.

Data Retention

Your OAuth tokens are retained as long as you use the Service. You can revoke access at any time by:

Removing the Google Tasks MCP server from your client configuration
Revoking access in your Google Account permissions

When access is revoked, your stored tokens become invalid and will be automatically cleaned up.

Your Rights

You have the right to:

Revoke the Service's access to your Google Tasks at any time
Request information about what data we store related to your account
Request deletion of your stored authentication tokens

Children's Privacy

The Service is not intended for use by children under 13 years of age. We do not knowingly collect information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by updating the "Last updated" date at the top of this page.

Contact

If you have questions about this Privacy Policy or our data practices, please open an issue on our GitHub repository.

Back to Home