1. Overview
NotchOz ("the app") is a menu bar application for macOS. We do not collect, store, or transmit any personal data to our servers. Your settings and preferences are stored only on your Mac.
2. Data stored on your device
The app stores the following data locally on your Mac (using macOS UserDefaults and Keychain): language preference, selected widgets and their order, your todo list and note, and similar settings. Google Calendar authentication tokens are stored securely in the macOS Keychain. This data never leaves your device.
3. Third-party services
The app may connect to the following services to provide features. No personal data is sent by NotchOz beyond what is strictly necessary for each feature:
- Music: Spotify (if installed) — the app displays now-playing information via local Spotify APIs; no data is sent to us.
- Shazam: song recognition uses Apple's ShazamKit / system services; audio may be sent to Apple for matching per Apple's terms — not to NotchOz servers.
4. Google Calendar integration (Google user data)
If you connect Google Calendar, NotchOz uses Google’s OAuth 2.0 (with PKCE) to sign you in. The app requests this OAuth scope only: https://www.googleapis.com/auth/calendar.events.readonly (read-only access to your calendar events). NotchOz is a native macOS app; requests go from your Mac to Google’s APIs. We do not operate a backend that receives your Google data.
4.1 Why we request this OAuth scope
Notchoz is a macOS app that shows glanceable information in the menu bar and notch area. With your explicit consent, we use https://www.googleapis.com/auth/calendar.events.readonly only to read your upcoming calendar events (for example, title and start/end times) from Google Calendar via the official Calendar API. That data is shown solely inside the NotchOz Calendar widget (compact and expanded views) so you can see what is coming next without leaving your workflow. We do not create, edit, delete, or share calendar data. OAuth tokens are stored securely on your device (macOS Keychain) and are used only to keep this list up to date while you use the app. We request read-only access to calendar events—not broader Calendar or Gmail scopes—because listing upcoming events is the full extent of the integration.
4.2 Data accessed (types of Google user data)
Through the Calendar API, NotchOz reads event data from your primary Google Calendar only, for a limited time window (upcoming events). The fields used in the app are: event identifier, title (summary), start and end date/time, whether the event is all-day, and optional location. NotchOz does not read your contacts, email, Drive files, or other Google product data. OAuth access tokens and refresh tokens are obtained from Google and stored only in the macOS Keychain on your device so the app can refresh access and call the Calendar API.
4.3 How we use, process, store, and share Google user data
Purpose: to show your upcoming calendar events inside the NotchOz Calendar widget in the menu bar/notch. Processing: event data is requested over HTTPS and processed locally on your Mac to render the widget; it is not uploaded to servers operated by NotchOz. Storage: calendar event content is kept in app memory for display and is not written to our databases (we do not collect it). Authentication secrets (tokens) stay in your Keychain until you sign out. Sharing: we do not sell, rent, or disclose Google user data to third parties, and we do not use it for advertising. We do not use Google user data to train artificial intelligence or machine learning models. You can disconnect Google at any time in the app (sign out), which removes stored tokens from the Keychain on your device.
Google API Services User Data Policy: NotchOz’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
4.4 How Google data is used in NotchOz (video)
Short walkthrough showing exactly which Google Calendar data is requested and how it is displayed inside the app — no data leaves your Mac.
4.5 Retention and deletion of Google user data
Calendar event data is held only in app memory while NotchOz is running and is never written to disk or any database; it is discarded automatically when the widget refreshes or the app closes. OAuth access tokens and refresh tokens are stored in the macOS Keychain for as long as you keep Google Calendar connected. To delete all stored Google user data, sign out of Google Calendar in the app (Settings → Calendar → Sign out): this immediately removes all OAuth tokens from your device's Keychain. You can also revoke NotchOz's access at any time via your Google Account permissions page (myaccount.google.com/permissions). Because no Google user data is ever sent to or held on NotchOz servers, there is no additional server-side deletion step.
5. Data protection and security
NotchOz protects sensitive data with the following mechanisms: (1) Encryption in transit — all communication with Google APIs is conducted over HTTPS/TLS, which encrypts data between your Mac and Google's servers. (2) Encryption at rest — OAuth tokens (access token and refresh token) are stored exclusively in the macOS Keychain, which encrypts secrets at rest using AES-256 and restricts access to the specific app that created the entry. (3) OAuth 2.0 with PKCE — the Google sign-in flow uses Proof Key for Code Exchange, providing protection against authorization code interception attacks. (4) No server-side storage — no Google user data is transmitted to or stored on NotchOz servers; all processing occurs locally on your Mac. (5) Volatile memory only — calendar event data is held in app memory and is never written to any persistent storage we control.
6. No analytics or tracking
NotchOz does not require an account (Google sign-in is optional, only for the Calendar widget). We do not use analytics, advertising, or tracking.