Last updated: 15.11.2025
1. Controller and Contact
- Service name: EESTEC ScheduleBridge
- Controller / operator: EESTEC LC St. Petersburg
- Website: `https://sched.eestec.ru`
- Contact email: kulakov.spbstu@gmail.com
- Telegram support: https://t.me/fascinat00r
2. Scope of This Policy
This Policy applies to:
- the EESTEC ScheduleBridge Telegram bot;
- the backend and APIs used to operate the bot and perform synchronization; and
It does not govern the independent processing carried out by Telegram or Google under their own terms and privacy policies.
3. Categories of Data Processed
3.1 Telegram Data
We process the following data received via the Telegram Bot API:
- Telegram user ID and/or chat ID;
- username, first name, last name, language code (where provided);
- bot commands, configuration messages, and callback data used to set up and manage synchronization.
This data is stored in our backend to identify you, link your Telegram account to your timetable and Google account, and apply your configuration.
3.2 Google Data
We use Google OAuth 2.0 and the Google Calendar API with the scope:
- `https://www.googleapis.com/auth/calendar`
We process:
- Google account identifier (subject ID) and, where provided, email address;
- calendar identifiers;
- event data related to timetable synchronization, including titles, dates and times, locations, descriptions, and event IDs of events created or managed by the service;
- OAuth access and refresh tokens to allow ongoing synchronization.
We do not receive or store your Google password.
3.3 Timetable and Configuration Data
We process timetable and configuration data necessary for synchronization, including:
- timetable or group identifiers;
- course and class titles;
- dates, times, room numbers;
- teacher names if present in the timetable source;
- user preferences (selected group, calendar, time zone, and other sync-related settings).
3.4 Technical Logs
We process technical and operational data such as:
- timestamps and status of synchronization operations;
- error messages and diagnostic information;
- technical identifiers related to infrastructure and API calls.
This data is used for security, monitoring, and maintenance.
4. Purposes and Legal Bases
We process personal data for the following purposes and legal bases (where applicable under GDPR or similar laws):
1. Provision of the service (performance of a contract)
- Linking your Telegram account, timetable, and Google Calendar.
- Creating, updating, and deleting Google Calendar events corresponding to your timetable.
- Maintaining your configuration.
2. Operation, security, and improvement (legitimate interests)
- Monitoring performance and reliability;
- Detecting and resolving errors;
- Preventing misuse or security incidents.
3. Access to Google data (consent)
- When you authorize the app through the Google OAuth consent screen, you consent to our access to your Google Calendar under the specified scope. You may revoke this access at any time.
5. Use of Google APIs and Limited Use
EESTEC ScheduleBridge uses Google APIs in accordance with the Google API Services User Data Policy, including the Limited Use requirements:
- Google Calendar data is accessed exclusively to perform timetable–calendar synchronization (creation, update, and deletion of relevant events).
- Google user data is not sold, and is not used for personalized advertising or to build marketing profiles unrelated to the timetable–calendar functionality.
- OAuth tokens and related Google data are used only to provide and maintain the synchronization requested by the user.
6. Data Sharing and Recipients
Personal data may be shared with the following categories of recipients:
- Telegram (as platform provider), which independently processes your data under its own terms;
- Google (as provider of Google OAuth and Google Calendar API), acting largely as an independent controller;
- Hosting and infrastructure providers that process data on our behalf to operate the service;
- Competent authorities, courts, or legal advisers where disclosure is required by law or necessary to protect our rights, users, or third parties.
We do not sell personal data to third parties.
7. International Transfers
Data may be processed in countries other than your country of residence, depending on the location of our infrastructure and service providers. Where required by law, appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) are applied to such transfers.
8. Retention
Data is retained only for as long as necessary for the purposes described above, or as required by applicable law, in particular:
- Telegram identifiers, configuration data, timetable mappings, and calendar mapping data are retained while your account remains active and synchronization is enabled, and for a limited period thereafter for technical and legal reasons.
- OAuth tokens are retained while synchronization is active; they are deleted within a reasonable period after you revoke access or request deletion.
- Technical logs are retained for a limited period necessary for security, diagnostics, and troubleshooting and are then deleted or anonymized, unless longer retention is required in connection with a specific incident or legal obligation.
9. Your Rights and Choices
9.1 Revoking Google Access
You can revoke the app’s access to your Google account at any time via your Google Account settings (e.g., Security → Third-party access or a similar section). After revocation, we can no longer access your Google Calendar, and synchronization stops. Tokens are deleted within a reasonable period thereafter.
9.2 Disabling or Deleting Your Profile
The bot may offer commands or settings to stop synchronization and/or reset configuration. You may also contact us at kulakov.spbstu@gmail.com or via https://t.me/fascinat00r to request deletion of your profile and associated data, subject to any legal retention obligations.
Existing calendar events previously created by the service may remain in your Google Calendar after disconnection or revocation; you may delete or modify them directly in Google Calendar.
9.3 Rights under Data Protection Law
Where applicable (e.g., in the EU/EEA, UK), you may have the following rights:
- right of access;
- right to rectification;
- right to erasure;
- right to restriction of processing;
- right to data portability;
- right to object to processing based on legitimate interests.
You may exercise these rights by contacting us at kulakov.spbstu@gmail.com. You may also lodge a complaint with your competent data protection authority.
10. Security
We implement appropriate technical and organizational measures to protect personal data, including:
- secure communication channels where applicable (e.g., HTTPS);
- restricted access to personal data and credentials;
- secure server-side storage of OAuth tokens and other secrets.
No security measure can guarantee absolute protection, but we aim to maintain safeguards appropriate to the nature and risks of the processing.
11. Children’s Data
The service is intended primarily for university-level users and is not directed to children under 13 years of age (or the minimum age required by applicable law to use such services). We do not knowingly process personal data of such children. If you believe we have done so, please contact us so that we can take appropriate action.
12. Changes to This Policy
We may amend this Privacy Policy from time to time. The updated version will be indicated by the “Last updated” date above. Where required by law or where changes are material, we will provide additional notice through appropriate channels.
13. Contact
For any questions or requests concerning this Privacy Policy or our processing of personal data, please contact:
- Operator: EESTEC LC St. Petersburg
- Email: kulakov.spbstu@gmail.com
- Telegram support: https://t.me/fascinat00r