Privacy Policy

SsamPin collects the following information only when you explicitly enable a specific Google integration feature. If you do not use any integration feature, no personal information is collected.

• Google account email address — used to identify the connected account
• Google Calendar event data (when Calendar sync is enabled) — title, date, time, location
• SsamPin app-data backup files (when App-Data Backup is enabled) — a JSON copy of the timetable, seating, memos, to-dos, and other data you create inside SsamPin, stored in a hidden app-specific folder (appDataFolder) on your Google Drive. This folder is invisible to other Google apps (Drive web UI, Docs, etc.).
• Google Tasks data (when Tasks sync is enabled) — title, completion status, due date, notes

The collected information is used solely for the following purposes:

• Two-way synchronization of events between the SsamPin app and Google Calendar
• Backup and restoration of SsamPin app data to a dedicated Google Drive folder so you can use the same data across multiple devices
• Two-way synchronization of to-dos between SsamPin and Google Tasks (enabling use with the mobile Google Tasks app)

Your information is never used for marketing, advertising, third-party analytics, machine-learning model training, or any purpose other than directly delivering the features above.

SsamPin is designed with a serverless architecture:

• Local storage only: All active user data is stored exclusively on your PC (userData/data/*.json).
• No SsamPin developer servers: The SsamPin developer does not operate any server that stores or processes user data.
• Google Drive appDataFolder:When the "App-Data Backup" feature is enabled, a copy of your SsamPin data is stored in a hidden app-specific folder on your own Google Drive. This folder uses your Google Drive quota but is inaccessible via the regular Drive interface — only the SsamPin app can access it.
• Encrypted storage: OAuth tokens are encrypted and stored in the OS keychain using Windows DPAPI (Electron safeStorage).
• Direct communication: The app communicates directly with the Google Calendar, Drive, and Tasks APIs from your PC, without passing through any intermediate servers.
• Transit security: All communication with Google APIs is encrypted in transit via HTTPS (TLS).

• SsamPin retains data only while each Google integration feature is active. Data is immediately deleted when you disconnect an integration or uninstall the app.
• Google account disconnect:Pressing "Disconnect" in Settings > Google Integration removes OAuth tokens and all events/tasks imported from Google from local storage. Locally created timetables, memos, and to-dos are preserved.
• App-Data Backup deletion:The "Delete all cloud data" button in the Backup card permanently deletes all backup files stored in the Google Drive app-specific folder.
• Google Tasks sync off: Toggling Tasks off stops synchronization but preserves locally stored to-dos. When you delete or archive a to-do inside SsamPin, the corresponding item in Google Tasks is also deleted immediately.
• Uninstalling the app deletes all locally stored data (SsamPin's JSON files). Backup copies in the Google Drive app folder remain, so run "Delete all cloud data" beforehand if you want to remove them as well.
• You can also directly revoke the app's access from your Google Account permissions page. SsamPin will no longer be able to access your account on the next sync attempt.

• We do not sell your data, or provide or share it for any third party's own purposes.
• SsamPin communicates directly with the Google Calendar, Drive, and Tasks APIs. In addition, when you use online collaboration features (consultation booking, assignment collection, e-signature, surveys, etc.), some data is transmitted to and stored on a cloud backend (Supabase) as needed to provide those features. This is a processing consignment for feature delivery, not third-party provision; see Section 11 for details. No data is sent to any other external services.
• We do not transfer user data to advertisers, data brokers, or information resellers.
• We do not use user data for serving advertisements, credit assessment, lending decisions, or any other purposes beyond the app's core functionality.
• We do not use user data to train any machine-learning (ML) model, including SsamPin itself.

When you connect your Google account, SsamPin may request the following scopes and uses them only as described:

• .../auth/userinfo.email — retrieves the email address of the signed-in Google account to display it as the "Connected Account" in the Settings screen and to verify account consistency on re-login. Other profile information (name, picture, etc.) is not requested.
• .../auth/calendar — required to read and write events on the Google Calendars you select. Calendars you do not select are not accessed.
• .../auth/drive.file — accesses only the app-specific folder (appDataFolder) SsamPin creates. Your other Drive files (documents, photos, etc.) remain inaccessible to SsamPin.
• .../auth/tasks — required for two-way synchronization of to-dos with the Google Task List you select. Requested only after an additional consent dialog when you enable Tasks sync.

SsamPin uses these scopes in accordance with the Limited Use requirements of the Google API Services User Data Policy, and does not use the data for any purpose other than delivering the features above.

You may exercise the following rights at any time:

• Disconnect your Google account in Settings > Google Integration (all OAuth tokens are deleted immediately)
• Turn off App-Data Backup or run "Delete all cloud data"
• Turn off Google Tasks to stop synchronization
• Revoke access directly from the Google Account app permissions page
• Request access, correction, or deletion of personal data processing: pblsketch@gmail.com

For questions about our privacy practices, please contact us:

• Email: pblsketch@gmail.com

SsamPin's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Only when you explicitly connect the AI Bridge feature, SsamPin connects the student, seating, and observation data stored on your computer with external AI tools (MCP clients such as Claude, Codex/GPT, Antigravity/Gemini). This data is passed directly from your computer to the external AI tool without going through any intermediate server.

• Before being sent to an external AI, identifying information such as real names, contact details, and dates of birth is replaced with opaque tokens. However, tokenization alone does not guarantee complete anonymity, and individuals may still be re-identified from the context of the observations.
• Exposing raw observation content (get_observations) and writing (add_observation) are disabled by default, and operate only when you explicitly turn on the corresponding gate (or per-student, per-period, per-purpose consent). When enabled, raw observation content (which may include sensitive information) may be sent to the external AI.
• Data passed to a connected external AI tool is subject to that provider's policies (Anthropic, OpenAI, Google, etc.). SsamPin is not involved in the external AI provider's data processing.
• All bridge access is recorded in a local audit log (raw values are not recorded), and consent can be withdrawn at any time.

For more details, see the AI Bridge information page.

Most SsamPin features work offline, with data stored only on your PC. However, when you use certain collaboration features that must exchange information online with students and guardians, some data is transmitted to and stored on a cloud backend (Supabase Inc.) as needed to provide that feature. This is not the provision or sale of information to a third party, but a processing consignment for delivering the feature. These features operate only when a teacher explicitly uses them; if not used, no data is transmitted.

• Consultation booking— the schedule and target class/student numbers, and the student number at the time of booking. The booker's contact details and memo are encrypted on your device before transmission and storage.
• Assignment collection— assignment information and submission status (student name and number); submissions are stored as links in the teacher's Google Drive. Teacher identity is verified via the Google account.
• E-signature— the signer's name, submitted fields, and the signature image (cloud storage). Access IP and device information (User-Agent) are stored only as hashes, not in raw form.
• Surveys / checklists — student number and response content.
• Classroom screen-share delivery receipts — only technical information such as board identifiers and access timestamps; memo content is not transmitted.
• Google integration token storage— the teacher's email and encrypted OAuth tokens (AES-256-GCM).

Consignee: Supabase Inc. (cloud infrastructure). Purpose: providing the collaboration features above. Retention/Deletion: data is deleted when you remove it within each feature or when its retention period (e.g., real-time link expiry) passes. Data in transit is encrypted via HTTPS (TLS).