Security and privacy

Kilevo reads your calendar. It is the first question we get, and it deserves a precise answer rather than a promise.

We cannot modify your calendar

Technically, not merely contractually. Kilevo asks Google for calendar.readonly and calendar.events.readonly, and Microsoft for Calendars.Read. Those are read permissions. No write scope is requested anywhere.

Kilevo cannot create, move or delete an event. Even if we wanted to, Google and Microsoft would refuse.

What we read, and what we keep

They are not the same thing.

Event dataReadStored
Event locationyesyes — it is the trip destination
Date and timesyesyes
Event titleyesyes — it becomes the business purpose
Description, notesyesno
Attendees, guestsnono
Attachmentsnono

The title is stored because it is the business purpose of the trip — precisely what the IRS expects in a mileage log. You can edit it trip by trip: your edit is locked and survives later synchronizations.

An event with no location produces no trip, and is therefore not stored.

Your access tokens are encrypted

The token that lets Kilevo read your calendar is encrypted in the database. A copy of a backup is not enough to use it: the decryption key lives elsewhere, in the server configuration.

Your receipts are not on the web

Files you attach to a trip are stored outside the server's public directory. No direct URL reaches them. Every download goes through an access check: you, or your manager if you have one.

Who else sees your data

ProcessorWhat it receivesWhy
Google, MicrosoftYour identity, your calendarsSign-in and reading events
Google MapsStart and end addressesComputing real distances
StripeYour billing detailsPayment. No card data touches our servers
Tawk.toYour browsing, your IP addressSupport chat, present on every page

We use no analytics tool. No Google Analytics, no advertising pixel.

Disconnecting a calendar

You can remove a connected calendar from your settings at any time. We delete the token from our database.

For a full revocation, also remove Kilevo from the authorized applications list in your Google or Microsoft account. That is the only place where the grant is actually revoked on the provider's side.

Hosting

Data is hosted with OVHcloud, in France, and therefore under the GDPR. Google, Microsoft, Stripe and Tawk.to process the data sent to them according to their own infrastructure locations.

Full details are in our privacy policy.

Kilevo Install Kilevo for quick access