Privacy Policy for SilhouSync

Effective Date: June 7, 2026

SilhouSync ("the Application") is a local-first Android application designed to put shadow events to block availability between multiple calendars. This Privacy Policy describes how the Application accesses, processes, and protects your information.

1. Zero-Data-Collection Philosophy

The Application is built on a zero-trust, local-only architecture.

• No Cloud Storage: We do not host, store, or back up your data on external servers.
• No Remote Tracking: The Application does not use analytics SDKs, crash reporters that transmit data online, or advertisement libraries.
• No Network Transmission: The Application operates entirely offline. It does not request or possess the Android Internet permission (android.permission.INTERNET) and is technically incapable of transmitting your data over the network.

2. Information Accessed and Processed

To perform its core synchronization functions, the Application requires access to specific sensitive device resources. This data is processed strictly on-device and is never shared.

A. Calendar Event Data

• Permissions Requested: android.permission.READ_CALENDAR and android.permission.WRITE_CALENDAR.
• Data Accessed: Event details (titles, descriptions, locations, start/end times, recurrence rules, and calendar IDs) stored in your device's native Android Calendar Provider.
• How it is Used: The sync engine queries your source calendars to identify busy time slots and writes shadow placeholder events (e.g., "#work-conflict" or "Busy") onto your target calendars to prevent double-bookings.
• Storage: The calendar data remains inside Android's native system calendar database. The Application does not cache or clone the contents of your events.

B. Local Configuration and Metadata

• Data Processed: Sync rules, shadow event ID mappings (source event ID matched to target shadow event ID), and short audit logs (limited to 200 entries).
• Storage: Saved locally inside a private SQLite database (silhousync.db) hosted within the Application's sandboxed storage.
• Lifecycle: This data is isolated inside your device's Work Profile sandbox and is completely destroyed if you uninstall the Application or wipe the Work Profile.

3. Data Sharing and Third-Party Disclosure

• Third-Party Sharing: We do not sell, trade, license, or otherwise share your calendar data or personal information with any third-party company, advertising network, or cloud service provider.
• Subprocessors: Because the Application operates entirely offline, we do not utilize any third-party infrastructure subprocessors.

4. Security of Your Data

The Application relies on the native security controls provided by the Android Operating System:

• Work Profile Isolation: By running within the Android Work Profile, the Application’s private SQLite database is logically isolated from the personal profile, preventing unauthorized access by personal apps.
• Sandbox Security: Your configuration data is restricted under Android's application sandbox security, meaning other applications running within the same profile cannot read or modify SilhouSync's database.

5. User Control and Rights

You have complete control over your data:

• Access Revocation: You can revoke calendar permissions at any time via Android System Settings (Settings > Apps > SilhouSync > Permissions). Doing so will disable all synchronization functionality.
• Data Clean-up: Deleting a sync rule within the Application automatically runs a cleanup routine to delete all corresponding shadow events from your target calendar.
• Complete Deletion: Uninstalling the Application deletes all sync configurations, shadow mappings, and audit logs from your device.

6. Compliance Declarations

A. Google Play Developer Program Policies

This Application is fully compliant with Google Play’s User Data policies:

• Prominent Disclosure: An in-app prominent disclosure is displayed on the main dashboard explaining the access, collection, use, and sharing of calendar data before requesting runtime permission.
• Limited Use: Calendar permissions are requested solely for the purpose of placing shadow blocks to prevent calendar overlaps as explicitly configured by the user.

B. General Data Protection Regulation (GDPR) & California Consumer Privacy Act (CCPA)

Under GDPR and CCPA, the Application is a local-only utility. Since no personal data is collected or transmitted to a controller or processor, there is no processing of personal data outside your immediate custody. All rights (access, erasure, portability) are exercised directly by you by deleting rules or uninstalling the app.

7. Contact Information

If you have any questions regarding this Privacy Policy or the Application's data handling practices, you may review the open-source code directly in this workspace.