← Back to NeverMiss

Privacy Policy

Last updated: March 31, 2026

1. Who we are

NeverMiss (“we”, “our”, or “us”) is a service that automatically detects events in emails sent from an organization's domain and adds them to members' calendars. We operate at www.nevermiss.cr.

For questions about this policy, contact us at hello@nevermiss.cr.

2. What data we access

When you connect your inbox, NeverMiss requests the following permissions:

Gmail (gmail.readonly)

We read your unread inbox messages to identify emails sent from your organization's registered domain. We only process emails whose sender matches your organization's domain. We do not read, store, or process any personal emails.

Google Calendar (calendar.events)

We create calendar events on your behalf when an event is detected in an organization email. We do not read, modify, or delete your existing calendar events.

Microsoft Outlook (Mail.Read)

Same as Gmail — we read unread inbox messages only to identify emails from your organization's domain. Personal emails are never accessed.

Microsoft Calendar (Calendars.ReadWrite)

We create calendar events in your Outlook calendar when events are detected. We do not read or modify your existing calendar events.

3. How we use your data

  • To detect events in emails sent from your organization's registered domain.
  • To create calendar events in your connected calendar on your behalf.
  • To mark processed emails as read so they are not processed again.
  • To send you transactional emails related to your account (e.g. billing).

We do not sell your data. We do not use your email content for advertising. We do not share your data with third parties except as described in Section 5.

4. Data storage and security

  • OAuth tokens (access and refresh tokens) are stored encrypted using AES-256.
  • We store a record of processed email IDs to avoid duplicate processing — we do not store the email content itself.
  • Calendar event metadata (title, date, time) is stored to prevent duplicate events from being created.
  • All data is stored in the European Union on Supabase infrastructure.
  • We use HTTPS for all data in transit.

5. Third-party services

To operate NeverMiss, we share data with trusted third-party service providers solely for the purpose of providing the service. This includes cloud infrastructure, database hosting, payment processing, and AI-based event extraction from email content. We do not authorize any third party to use your data for their own purposes.

6. Data retention

We retain your account data for as long as your subscription is active. When you delete your account or cancel your subscription, your OAuth tokens and personal data are deleted within 30 days. Email IDs and event records may be retained in anonymized form for up to 90 days for deduplication purposes.

7. Your rights

You have the right to:

  • Access the personal data we hold about you.
  • Request deletion of your account and associated data.
  • Revoke OAuth access at any time from your Google or Microsoft account settings.
  • Disconnect your inbox or calendar from your NeverMiss dashboard at any time.

To exercise any of these rights, contact us at hello@nevermiss.cr.

8. Children's privacy

NeverMiss is intended for use by adults (parents, staff, and administrators) within educational institutions. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us immediately.

9. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. Your continued use of NeverMiss after changes are posted constitutes your acceptance of the updated policy.

10. Contact

For any privacy-related questions or requests, please reach out at hello@nevermiss.cr.