Privacy

lyncGoal is a stateless lens over your own Google Sheet. The app does not run a database, does not store your goals on any lyncGoal-operated server, and never retains a copy of your data. Your spreadsheet LyncGoal_Active in your own Google Drive is the sole source of truth.

When you sign in, lyncGoal requests a single Google OAuth scope:

• drive.file — grants access only to files the app itself creates or that you explicitly open through the app. lyncGoal cannot see, read, or modify any other file in your Google Drive. This one scope covers both spreadsheet operations (reading and writing your goal data) and file management (creating your LyncGoal_Active sheet on first sign-in).

lyncGoal uses this scope exclusively to discover or provision your spreadsheet and to read and write goal rows. You can revoke access at any time from your Google Account security page.

Two features send goal text to Google's Gemini 2.5 Pro model via Firebase AI Logic (backed by Vertex AI): Goal Starter (extracts structured fields from free-form text) and Strategist Pulse (a brief achievability and relevance assessment). Both features are optional and opt-in.

The request payload is strictly limited to these fields:

• Topic
• Title
• Details
• Success metric
• Target date

lyncGoal never sends your email address, your OAuth access token, your Firebase ID token, the internal goal identifier, creation or status timestamps, or any other field to Gemini. Under Google's enterprise API terms governing Vertex AI, data submitted to Gemini through this path is not used to train Google's foundation models. See Google Enterprise API terms.

lyncGoal uses Firebase Auth's browserSessionPersistence — your signed-in state lives only for the current browser tab and clears when you close the tab or sign out. lyncGoal writes no tracking cookies and stores no personal data in localStorage. A handful of session-scoped flags (AI call counter, privacy-notice seen, OAuth access token) live in sessionStorage and are wiped on sign-out.

lyncGoal uses a small set of Google services to run:

• Firebase Authentication — Google sign-in and session management.
• Firebase Analytics (GA4) — aggregate usage events such as sign-ins, goal creation counts, and feature-usage counts. Event parameters contain counts and flags only — never goal content, email, or tokens.
• Firebase App Check (reCAPTCHA Enterprise) — server-side attestation that requests to Firebase services originate from the lyncGoal web app, not a script or scraper.
• Firebase AI Logic / Vertex AI — the serving path for the Gemini calls described above.

Because lyncGoal holds no data of its own, deleting your data is as simple as deleting your LyncGoal_Active spreadsheet in Google Drive, or revoking the Google OAuth grant from your Google Account.