PebNotes — GoogleTasks for Pebble
Privacy Policy
Last updated: April 8, 2026
-
Overview
PebNotes is a client application for Google Tasks.
This policy explains what Google user data the app accesses, how that data is used, stored, protected, shared, retained, and how users can request deletion.
-
Data accessed from Google accounts
- Google Tasks data: task lists and tasks (title, notes/description, due date/time, status/completion, list/parent identifiers).
- Basic Google account identifier returned by OAuth (email address and Google Account user ID) used only for identification and access control.
- OAuth tokens required to call the Google Tasks API.
- Requested OAuth scope:
https://www.googleapis.com/auth/tasks
- Why this scope is needed
The tasks scope (https://www.googleapis.com/auth/tasks) is required so the app can read task lists and read, create, and edit tasks on behalf of the user, and keep the Pebble device and phone synchronized with the user’s Google Tasks.
-
How data is used
- Display: Google Tasks data is used to show task lists and tasks on the phone and Pebble smartwatch.
- Sync: The app creates, updates, completes/uncompletes, and deletes tasks per the user’s actions and syncs those changes with Google Tasks.
- Identification: The user’s user ID is used only to associate OAuth credentials and local cache with the signed-in user.
-
Data storage & protection
- OAuth tokens: Short-lived access tokens and refresh tokens are stored on the user’s device. During login, access and refresh tokens are temporarily cached on our server for at most 10 minutes to facilitate the passcode-based authentication flow between the Pebble device and the server; they are automatically deleted after this period. A refresh token is also transmitted to our authentication proxy server when the app requests a token refresh; in that case the server acts solely as a relay and does not persist the token.
- Local storage: Cached task data and OAuth credentials are kept only in the app’s local storage on the user’s phone and on the Pebble device as needed for offline use.
- Server storage: Apart from the temporary token cache described above (at most 10 minutes during login), we do not store Google Tasks content, refresh tokens, or any identifying user data on our server.
- Transport security: All communications between the app, the proxy server, and Google APIs use HTTPS/TLS.
- Device security: Tokens and any cached data are stored using platform-recommended secure storage where available.
-
Data sharing
- We do not share Google Tasks content or user-identifying data with third parties, except:
- Google, as necessary to provide Google Tasks API services.
- We do not send Tasks content to analytics, advertising, or marketing providers.
- No third parties receive user Tasks data unless the user explicitly authorizes such sharing.
-
Data retention & deletion
- Local retention: Cached OAuth credentials remain on the user’s device until the user logs out, clears app data, or uninstalls the app. Task data is only caced in memory and is cleared as soon as the user closes the app.
- Server retention: The server temporarily caches OAuth tokens for at most 10 minutes during the login flow; these are automatically deleted afterward. Outside of this brief window, no user Tasks content or OAuth tokens are retained server-side.
- Deletion requests: To request deletion of any data we might hold (none stored server-side), contact simeon@maryasin.name. We will respond to requests within 30 days.
-
User controls & revocation
- Revoke via Google: Users can revoke the app’s access at any time from their Google Account’s security settings (Connected apps & sites), which invalidates OAuth tokens.
- In-app controls: Users can use the “Logout” button in app's settings to remove stored credentials and local cache, or uninstall the app to remove all local data.
-
Contact & developer information
- Changes to this policy
We may update this policy; the “Last updated” date above will indicate the latest revision.