Effective date: July 11, 2026
What Layovers is
Layovers ("we", "us") is a web app at layoversapp.com that lets small, invite-only groups of friends ("hubs") see when everyone in the group is free, based on their Google Calendars. This policy explains exactly what data we access, how we use it, how we store it, and what we never do with it.
Information we access
- Google profile basics when you sign in with Google: your name, email address, and profile photo. These identify you to the friends in your hubs.
- Google Calendar data, read-only (the
calendar.readonlyscope): the dates, times, and busy/free status of events on the calendars you have visible in Google Calendar, for a rolling 14-day window. We cannot add, edit, or delete anything on your calendar. - Event titles are read in memory only, for two purposes: applying your own "actually free" keyword rules, and showing you (and only you) why you appear busy. Your event titles are never stored in our database and are never shown or sent to anyone else, including your friends.
How we use your data
We use calendar data for exactly one thing: computing which 30-minute windows you are free or busy, so the members of a hub you chose to join can see shared availability. Hub members see only your name, photo, and free/busy status — never event names, descriptions, locations, attendees, or any other event details.
Google user data and Limited Use
Layovers' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. In particular: we only use Google user data to provide the user-facing features described above; we do not transfer it to third parties except as necessary to provide those features (see "Service providers" below), for security, or to comply with law; we do not use it for advertising; we do not allow humans to read it except with your explicit permission, for security purposes, or to comply with law; and we do not use Google user data to train AI or machine-learning models.
How we store and protect data
- Google access and refresh tokens are stored encrypted at rest with AES-256-GCM. Browser clients are technically blocked from reading the token columns at the database level.
- Our database enforces row-level security: you can only read data for hubs you belong to.
- Event titles and event details are never written to our database.
- All traffic is served over HTTPS.
Service providers
We use Supabase (database and authentication) and Vercel (hosting) to run Layovers, and Google's APIs to read your calendar. These providers process data only on our behalf to operate the service. We do not sell your data, share it with advertisers or data brokers, and we show no ads.
What your friends can and cannot see
- Hub members see: your name, profile photo, and free/busy status per 30-minute slot.
- They never see: event names, locations, descriptions, or which calendar an event is on.
- There are no read receipts, "last viewed" indicators, or view counts.
- Leaving a hub or being removed from one sends no notification to anyone.
Data retention and deletion
- You can leave any hub at any time; your availability immediately stops being shared with that hub.
- You can revoke Layovers' access to your Google account at any time at myaccount.google.com/permissions. Once revoked, we can no longer read your calendar.
- To delete your account and all associated data (profile, encrypted tokens, hub memberships, and keyword rules), email us at hello@layoversapp.com from the address you signed in with. We complete deletions within 30 days.
Children
Layovers is not directed to children under 13, and we do not knowingly collect data from them.
Changes to this policy
If we change how we handle Google user data, we will update this page and its effective date before the change takes effect.
Contact
Questions about privacy: hello@layoversapp.com