Data privacy

Privacy Policy

This policy explains what information ESO Shift Sync uses to turn ESOSuite roster data into private and shareable calendar feeds, account-connected calendar syncs, subscriber emails, and related support.

1. Overview

ESO Shift Sync is operated by K. Affolder. The service helps eligible subscribers sync ESOSuite fire department schedule information to calendar feeds and, when enabled, subscriber selected Google Calendar, Microsoft Outlook or Microsoft 365, and CalDAV calendars.

This policy describes how information is collected, used, stored, and shared when you visit the website, subscribe, use the account portal, receive calendar links, connect a calendar provider, or contact support.

ESO Shift Sync is not affiliated with, endorsed by, or sponsored by ESO or ESOSuite.

2. Information we collect

The information handled by ESO Shift Sync depends on which features are enabled for your subscription or deployment.

  • Subscriber information such as email address, name, phone number if provided through Stripe, Stripe customer and subscription identifiers, subscription status, match status, access state, and support messages.
  • Account portal information such as magic-link requests, hashed sign-in tokens, hashed session identifiers, OAuth state values, and selected calendar destinations.
  • Calendar sync information such as private and shareable feed filenames, randomized feed tokens, calendar URLs, app-managed event IDs, provider account email addresses, OAuth scopes, and provider connection status.
  • Technical and operational information such as request metadata, IP address, browser or device information, sync run statistics, error logs, and delivery status for service emails or notifications.

3. Schedule and roster data

ESO Shift Sync logs into ESOSuite using the configured ESOSuite credentials for the deployment, reads roster and schedule pages, and stores the data needed to generate calendar output. This may include employee names, abbreviations, aliases, shift dates and times, station or unit assignments, role and qualification labels, shift type, relieving and relieved-by details, same-shift roster sections, and event revision metadata.

If an employee directory is provided, it may include employee names, aliases, shift reference metadata, and phone numbers. Phone numbers are only added to calendar descriptions when that optional feature is enabled.

4. Connected calendar accounts

If you connect a calendar provider, ESO Shift Sync uses the access you authorize to list writable calendars where needed and to create, update, or remove app-managed shift events in the calendar you select.

  • Google Calendar sync requests offline access with calendar event access and read-only calendar-list access so you can choose a destination calendar.
  • Microsoft sync requests delegated offline_access and Calendars.ReadWrite permissions so you can choose an Outlook or Microsoft 365 calendar.
  • CalDAV sync uses the calendar collection URL, username, and app password that you enter in the account portal.

OAuth tokens and CalDAV credentials are encrypted before they are stored in SQLite. Magic-link, session, and OAuth state tokens are stored as hashes. ESO Shift Sync is designed to manage only events it creates or marks as app-managed.

ESO Shift Sync's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Google user data is not used for advertising, sold to third parties, or used to train generalized AI models.

5. Payments and subscriptions

Payments, checkout, billing portal access, and payment method handling are provided by Stripe. ESO Shift Sync receives subscription lifecycle information from Stripe, such as customer details, subscription identifiers, invoice events, payment status, grace-period status, and cancellation or revocation events.

ESO Shift Sync does not store full payment card numbers. Stripe may collect and process payment information according to Stripe's own terms and privacy policy.

6. How we use data

ESO Shift Sync uses information only for service operation, subscriber support, security, and billing-related access control.

  • To fetch and parse ESOSuite schedule data, resolve roster identities, and generate per-person shift events.
  • To provision private and shareable calendar feeds, account-connected provider syncs, and optional JSON API or TRMNL schedule output.
  • To match subscribers to roster names, review uncertain matches, send activation, shareable-feed, payment, access, and support emails, and manage subscription access.
  • To diagnose sync problems, prevent unauthorized access, rotate or revoke feed URLs, maintain service reliability, and comply with applicable obligations.

7. How data is shared

ESO Shift Sync does not sell personal information or share schedule data for advertising. Information may be processed by service providers and third-party systems needed to operate the service.

  • Stripe processes checkout, subscription, billing, invoice, and customer portal information.
  • Calendar providers such as Google, Microsoft, and CalDAV services receive the calendar events and provider requests needed for the syncs you connect.
  • Hosting, email, logging, and notification providers may process information necessary to serve pages, deliver service emails, route notifications, and operate the application.
  • Information may be disclosed if required by law, to protect the service or users, or to investigate abuse, security issues, or unauthorized access.

8. Calendar feed links

Private and shareable ICS calendar URLs work like bearer links: anyone with a valid link may be able to subscribe to or view the calendar data available at that URL. Private feeds are intended for the subscriber's own use. Shareable feeds are intended for family, friends, or others the subscriber chooses to share with.

If randomized feed tokens are enabled, URLs are harder to guess and can be rotated when access changes. You should still treat calendar URLs as sensitive and share them only with people who should see the schedule information.

9. Data retention

ESO Shift Sync keeps information for as long as needed to provide the service, maintain subscription records, troubleshoot issues, protect against abuse, satisfy accounting or legal obligations, and preserve calendar sync continuity.

Schedule history, roster cache data, feed tokens, subscriber records, provider links, and event metadata may be stored in SQLite. Some deployments may configure schedule retention, historical reuse, stale feed pruning, or local Stripe data purge behavior. When a subscription is revoked, ESO Shift Sync may rotate or revoke feed URLs and attempts to remove stored provider credentials after final app-managed calendar cleanup where supported.

10. Security

ESO Shift Sync uses reasonable technical and operational safeguards for the type of service it provides. Examples include encrypted storage for OAuth tokens and CalDAV credentials, hashed account portal tokens and sessions, Stripe webhook signature verification, subscription access checks, and hard-to-guess optional calendar feed tokens.

No internet service or storage system can be guaranteed perfectly secure. If you believe a calendar link, connected calendar account, or account portal session has been accessed without authorization, contact support promptly.

11. Your choices

You can manage your subscription through the billing portal when available. You can disconnect Google, Microsoft, or CalDAV calendar syncs from the account portal or revoke access directly through the calendar provider. You can also ask support to update subscriber matching, rotate calendar feed access where supported, or delete information that is no longer needed for the service.

Some information may need to be retained for billing, security, legal, backup, or operational reasons. Requests can be sent to [email protected].

12. Children

ESO Shift Sync is intended for adult subscribers and authorized schedule users. It is not directed to children under 13, and the service does not knowingly collect personal information from children under 13.

13. Changes to this policy

This policy may be updated from time to time. The effective date at the top of the page shows when the current version took effect. Continued use of ESO Shift Sync after an update means the updated policy applies to your use of the service.

14. Contact

Questions about this Privacy Policy or ESO Shift Sync privacy practices can be sent to [email protected].