nokokuPrivacy
Privacy

What we collect, and why.

Nokoku helps you schedule meetings by speaking one sentence. To do that we need a small amount of data from you and a few third-party services. This page explains what, why, and where it goes — in the same plain language we'd use if you asked us in person. Pair with the terms of service for the full picture.

What we store about you

When you sign up we store the basics: your email address, display name, and an avatar URL. Sign-in is handled by Clerk; if you use Google to sign in, Google's OAuth tokens are stored by Clerk on our behalf and used by us to read and write your calendar (see below). We store your booking rules (working hours, buffer preferences, etc.) and your preferred timezone in our own database.

What we read from your Google account

If you connect Google we ask for these scopes, no more:

  • Calendar (read + write) — we read your free/busy windows for the next 14 days to find good meeting slots, and we create the calendar event when an invitee picks one. We don't store the full content of your existing events in our database.
  • Contacts (read) — when you type a recipient's name in the composer we search your contacts to autofill their email. The search runs server-side over a short-lived cache; we don't copy your full address book into our database.
  • Recent events (read, last 14 days) — once per session we ask Google for your last two weeks of events and pass the titles + attendees to Claude (see AI section) to generate contextual prompts like “Catch-up with Sarah next week.” The list is cached for 5 minutes server-side and otherwise not retained.

You can disconnect Google at any time from your Clerk account settings. Disconnecting stops every read and write above immediately; existing events you've already booked stay on your calendar.

What we store about your meetings

For each share you create we store: the title and description, the recipient's name (and email if you picked a contact), the proposed time slots, the meeting mode (in person / video), any location, and any per-event rules you pinned. We don't store the live calendar event contents — those live in Google's systems.

When an invitee picks a slot we also store the timestamp and a reference to the created calendar event. Share links use a short random ID, not a sequential one, so they aren't guessable.

Personal API tokens

If you create a Claude / API token from Settings → Connect Claude we store a salted SHA-256 hash of the token, never the raw value. We can't recover a token after it's shown to you — if you lose it, generate a new one. Tokens can be toggled off or revoked at any time.

AI processing — what goes to Claude

Nokoku uses Anthropic Claude (via the official Anthropic API) for several jobs:

  • Parsing your spoken or typed booking rules into structured form (working hours, buffer minutes, etc.)
  • Extracting meeting details from your composer prompt (recipient name, duration, hint about which day)
  • Generating contextual prompt suggestions from your last two weeks of events
  • Powering the “suggest another time” negotiation chat your recipient sees

What we send to Anthropic for each call: the immediate text you typed, the relevant draft fields, and (for suggestions) the titles + attendee names of your recent events. We don't send your email content, your address book, or any historical conversation across sessions. Anthropic processes the request and doesn't train on the data per their commercial terms.

Email delivery — Resend

We use Resend to send booking emails (invitations, confirmations, reminders, cancellations). Resend sees the recipient's email address, the sender's display name, the meeting title, and a calendar attachment. We use Resend's bounce webhook so we can flag undeliverable addresses on the dashboard.

Maps + places — Google

For in-person meetings we use Google Places to look up locations you type. The query goes through our auth-gated proxy with your approximate browser geolocation as a bias hint (so “Soho House” prefers the one near you). Static map previews are rendered via a Google Static Maps proxy so the API key never reaches your browser.

Analytics — Vercel

We use Vercel Analytics for pageview counts and a handful of product events (event created, slot picked, rule toggled). No cookies, no cross-site tracking — Vercel uses a privacy-friendly daily-rotating visitor hash. You can opt out per their privacy policy.

Custom domains (Pro)

If you bring a custom domain we store the hostname and a verification status. DNS records on your registrar are yours — we don't touch them. We use Vercel's domains API to attach the domain to our project so TLS certificates can be issued.

How long we keep things

  • Profile + rules — until you delete your account.
  • Events — kept indefinitely while your account exists so you can see your share history. Deleting an event removes the share row immediately; the corresponding Google Calendar entry is your decision.
  • Tokens — until you revoke them. Each token also has a “last used” timestamp so you can see which ones are stale.
  • AI prompts + responses — sent to Anthropic per-request; we don't log the request bodies on our side.
  • Email send records — we keep the “email sent at” timestamp on the event row; Resend keeps the send history per their policy.

Your rights

You can:

  • Disconnect Google from your Clerk account at any time.
  • Delete any event from your dashboard.
  • Revoke any API token from Settings.
  • Request export or deletion of all your data — email hello@nokoku.ai and we'll come back within 30 days.

What we don't do

  • Sell your data. Ever.
  • Show ads.
  • Train AI models on your data — neither us nor Anthropic (per their commercial API terms).
  • Store your existing calendar event contents — we read titles and attendees transiently to generate smart prompts (see above) but never persist them in our database.
  • Drop third-party tracking cookies or use cross-site fingerprinting.

Children

Nokoku isn't designed for users under 16. We don't knowingly collect data from children. If you think we have, email hello@nokoku.ai and we'll delete it.

Changes to this policy

We'll update this page whenever we change a third-party service or a data category. Material changes (new sub-processor, expanded data scope) will be flagged via email to your account address.

Contact

Privacy questions, data requests, or anything that smells off: hello@nokoku.ai. We're a small team and read every message.

Last updated: 24 May 2026