Void Moons

Privacy Policy

Last updated: February 2, 2026

Void Moons ("we", "us", or "our application") is a web-based calendar tool that helps you track Void of Course (VoC) Moon periods and optionally sync them to your Google Calendar. This Privacy Policy describes how we access, use, store, and share Google user data.

1. Data Accessed

Google User Data We Access

When you choose to connect your Google account to Void Moons, our application requests the following OAuth 2.0 scope:

  • https://www.googleapis.com/auth/calendar - This scope allows our application to:
    • View and manage calendars in your Google Calendar account
    • Create a dedicated "Void Moons" calendar
    • Add, update, and delete events within the "Void Moons" calendar only

Specific Data Types Accessed

Our application accesses the following specific types of Google user data:

  • Calendar List: We read your list of calendars to check if a "Void Moons" calendar already exists
  • Calendar Creation: We create a new calendar named "Void Moons" if it doesn't exist
  • Calendar Events: We create, update, and delete events only within the "Void Moons" calendar
  • OAuth Tokens: We receive access tokens and refresh tokens to maintain your authenticated session

Data We Do NOT Access

Our application does not:

  • Read the contents of your existing calendar events from other calendars
  • Modify, update, or delete your existing calendars or events (except within the "Void Moons" calendar we create)
  • Access Gmail, Google Drive, Google Contacts, Google Photos, or any other Google services
  • Access personal information beyond what is included in the standard OAuth profile (email address and name)

2. Data Usage

How We Use Your Google Data

We use your Google Calendar data exclusively for the following purposes:

  • Calendar Synchronization: To create and maintain a dedicated "Void Moons" calendar in your Google Calendar account
  • Event Management: To add Void of Course Moon events to your "Void Moons" calendar based on astronomical data
  • Update Operations: To clear and re-sync events when you trigger a manual sync, ensuring your calendar data remains up-to-date
  • Authentication: To maintain your authenticated session using OAuth tokens

Data Processing

All data processing occurs in real-time during sync operations. When you initiate a calendar sync:

  1. We authenticate your session using your stored OAuth tokens
  2. We retrieve your calendar list to locate or create the "Void Moons" calendar
  3. We calculate Void of Course Moon periods based on astronomical data (not from your personal data)
  4. We add these calculated events to your "Void Moons" calendar

Prohibited Uses

We explicitly do NOT:

  • Use your data for advertising or marketing purposes
  • Use your data for user profiling or behavioral analysis
  • Train artificial intelligence or machine learning models with your data
  • Sell, rent, or monetize your data in any way
  • Use your data for any purpose other than providing the calendar sync functionality

3. Data Sharing

Third-Party Data Sharing

We do not share, sell, rent, or transfer your Google user data to any third parties.

Service Providers

The only third-party service involved in our data processing is:

  • Google LLC: As the provider of Google Calendar API and OAuth authentication services. Your data is transmitted directly between your browser and Google's servers using secure HTTPS connections. Google's handling of your data is governed by Google's own privacy policy.

Hosting Infrastructure

Our application is hosted on Vercel. However, because OAuth tokens are stored only in HTTP-only cookies in your browser and we do not maintain a backend database of user data, your Google Calendar data does not reside on our hosting servers beyond transient processing during API calls.

Legal Disclosure

We will only disclose your data if required by law, such as in response to a valid subpoena, court order, or other legal process. Given our minimal data retention practices, there is typically no data to disclose.

4. Data Storage & Protection

Storage Practices

  • OAuth Tokens: Your Google OAuth access tokens and refresh tokens are stored as secure, HTTP-only cookies in your browser. These cookies are not accessible to client-side JavaScript, reducing the risk of XSS (Cross-Site Scripting) attacks.
  • No Database Storage: We do not store your Google Calendar data, event details, or personal information in any server-side database.
  • Transient Processing Only: Calendar data is processed in real-time during sync operations and is not persisted beyond the immediate API request/response cycle.
  • Session Duration: OAuth tokens remain valid for the duration of your authenticated session or until the refresh token expires (as determined by Google's policies).

Security Measures

We implement the following security practices to protect your data:

  • HTTPS Encryption: All communication between your browser, our servers, and Google's APIs is encrypted using HTTPS/TLS
  • OAuth 2.0 Protocol: We use industry-standard OAuth 2.0 for secure authentication
  • HTTP-Only Cookies: OAuth tokens are stored in HTTP-only cookies, preventing client-side JavaScript access
  • Secure Cookie Flags: Cookies are configured with Secure and SameSite flags to prevent unauthorized access
  • Minimal Scope Request: We request only the minimum Google Calendar scope necessary for our functionality
  • No Third-Party Analytics: We do not use third-party analytics services that might access your personal data

5. Data Retention & Deletion

Data Retention Policy

We retain your Google user data for the minimum time necessary to provide our service:

  • OAuth Tokens: Stored in browser cookies until they expire or you log out. Access tokens typically expire within 1 hour; refresh tokens may last longer per Google's policies.
  • Calendar Event Data: Not retained. We do not store calendar event data on our servers.
  • Session Data: Any session data is cleared when you close your browser or log out.

How to Delete Your Data

You can delete your data at any time through the following methods:

Option 1: Revoke Application Access (Recommended)

To completely remove Void Moons' access to your Google account:

  1. Go to your Google Account at myaccount.google.com
  2. Navigate to SecurityThird-party apps with account access
  3. Find "Void Moons" in the list
  4. Click Remove Access

This action immediately revokes our application's access to your Google Calendar and invalidates all OAuth tokens. Your "Void Moons" calendar and its events will remain in your Google Calendar until you manually delete them.

Option 2: Delete the Void Moons Calendar

To remove all Void of Course Moon events from your calendar:

  1. Open Google Calendar
  2. Find the "Void Moons" calendar in your calendar list (usually on the left sidebar)
  3. Click the three dots next to the calendar name
  4. Select Settings and sharing
  5. Scroll down and click Remove calendar

This will permanently delete the calendar and all VoC Moon events we created.

Option 3: Clear Browser Cookies

To remove OAuth tokens stored in your browser, clear your browser cookies for voidmoons.com. This will log you out and remove stored authentication data.

Data Deletion Requests

If you need assistance with data deletion or have questions about what data we have stored, you can contact us at support@voidmoons.com. Due to our minimal data retention practices, there is typically no server-side data to delete, but we will confirm this for you upon request.

Other Information We Collect

Technical Information

Our application may collect basic technical information to operate and improve the service, including:

  • Browser type and version
  • Operating system
  • IP address (transiently, for request processing)
  • Error logs (to diagnose and fix technical issues)
  • General usage statistics (page views, feature usage)

This technical data is not linked to your Google account or personal information and is used solely for application performance monitoring and improvement.

Compliance with Google API Services User Data Policy

Void Moons' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we comply with all requirements regarding:

  • Limited use of data for providing and improving user-facing features
  • Transparent disclosure of data access and usage
  • Secure handling and storage of user data
  • No sale or transfer of user data to third parties

Children's Privacy

Our service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. The "Last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, your data, or our privacy practices, please contact us at:

Email: support@voidmoons.com

We will respond to your inquiry within a reasonable timeframe, typically within 7-14 business days.

Return to Void Moons