← Back to home

Privacy Policy

Last Updated: January 27, 2026

In Short: Sidekick connects to your task management service (Google Tasks or Notion) to help you organize and prioritize your tasks. Your tasks stay in YOUR account — we don’t store copies. Delete your data anytime with /deleteaccount.

What We Store

On our servers (Cloudflare Workers KV), we store:

• Telegram chat ID — to identify you
• OAuth tokens — encrypted, to maintain your connection to Google Tasks or Notion
• Preferences — language, selected task list/database

We do NOT store:

• Your task titles, descriptions, or due dates
• Copies of your tasks
• Your email or profile information

Google Tasks

Data We Access

When you connect Sidekick to Google Tasks, we request the https://www.googleapis.com/auth/tasks scope. This allows us to access:

• Task titles — the names of your tasks
• Task due dates — when tasks are due
• Task notes — descriptions and notes attached to tasks
• Task status — whether tasks are completed or pending
• Task list names — your Google Tasks lists (e.g., “My Tasks”, “Work”)

We access this data only when you interact with the bot (e.g., viewing your tasks, adding a new task, or tapping a button). We do not sync or monitor your tasks in the background.

How We Use Google Data

• Display tasks in Telegram when you request them
• Create tasks when you send a message or use the menu
• Update tasks when you complete, reschedule, or change priority
• Delete tasks when you request removal
• Sort and prioritize using the Eisenhower matrix (based on due dates and importance metadata stored in task notes)
• Send reminders for scheduled tasks

Google API Services Compliance

Sidekick’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:

• We only use Google data to provide task management features
• We do not transfer Google data to third parties except as necessary to provide the service
• We do not use Google data for advertising
• We do not allow humans to read Google data unless required for security or legal compliance

Notion

Data We Access

When you connect Sidekick to Notion, you choose which databases to share during the OAuth flow. We access:

• Database pages — your tasks stored as Notion pages
• Page properties — title, status, due date, priority, and other task properties
• Database structure — to understand your task fields

We access this data only when you interact with the bot. We do not sync or monitor your Notion workspace in the background.

How We Use Notion Data

• Display tasks in Telegram when you request them
• Create pages in your selected database when you add a task
• Update page properties when you complete, reschedule, or change priority
• Sort and prioritize using the Eisenhower matrix

Data We Do NOT Collect

Regardless of which backend you use:

• We do NOT use your data for advertising or marketing
• We do NOT share your data with third parties
• We do NOT train AI models on your task content
• We do NOT analyze your tasks beyond displaying them to you

Data Storage and Security

• All data is stored in Cloudflare KV with encryption at rest
• OAuth tokens are stored securely and never logged
• All communications use HTTPS/TLS encryption
• We follow the principle of minimal data retention

Data Deletion

To delete all your data:

1. Send /deleteaccount to the bot — this immediately deletes your data from our servers
2. Revoke Sidekick’s access:
   • Google: Google Permissions
   • Notion: Notion Settings → My connections

Your tasks remain in your Google/Notion account — we never stored copies.

Future Backends

We may add support for additional task management services in the future. Each backend will have its own data access section in this policy, following the same principles: minimal access, no storage of task content, and transparent data handling.

Contact

Questions about this privacy policy?

LinkedIn: Rahal Aboulfeth

• Telegram: Send /help to the bot