Security and privacy
Kilevo reads your calendar. It is the first question we get, and it deserves a precise answer rather than a promise.
We cannot modify your calendar
Technically, not merely contractually. Kilevo asks Google for
calendar.readonly and calendar.events.readonly, and
Microsoft for Calendars.Read. Those are read permissions. No write scope
is requested anywhere.
Kilevo cannot create, move or delete an event. Even if we wanted to, Google and Microsoft would refuse.
What we read, and what we keep
They are not the same thing.
| Event data | Read | Stored |
|---|---|---|
| Event location | yes | yes — it is the trip destination |
| Date and times | yes | yes |
| Event title | yes | yes — it becomes the business purpose |
| Description, notes | yes | no |
| Attendees, guests | no | no |
| Attachments | no | no |
The title is stored because it is the business purpose of the trip — precisely what the IRS expects in a mileage log. You can edit it trip by trip: your edit is locked and survives later synchronizations.
An event with no location produces no trip, and is therefore not stored.
Your access tokens are encrypted
The token that lets Kilevo read your calendar is encrypted in the database. A copy of a backup is not enough to use it: the decryption key lives elsewhere, in the server configuration.
Your receipts are not on the web
Files you attach to a trip are stored outside the server's public directory. No direct URL reaches them. Every download goes through an access check: you, or your manager if you have one.
Who else sees your data
| Processor | What it receives | Why |
|---|---|---|
| Google, Microsoft | Your identity, your calendars | Sign-in and reading events |
| Google Maps | Start and end addresses | Computing real distances |
| Stripe | Your billing details | Payment. No card data touches our servers |
| Tawk.to | Your browsing, your IP address | Support chat, present on every page |
We use no analytics tool. No Google Analytics, no advertising pixel.
Disconnecting a calendar
You can remove a connected calendar from your settings at any time. We delete the token from our database.
For a full revocation, also remove Kilevo from the authorized applications list in your Google or Microsoft account. That is the only place where the grant is actually revoked on the provider's side.
Hosting
Data is hosted with OVHcloud, in France, and therefore under the GDPR. Google, Microsoft, Stripe and Tawk.to process the data sent to them according to their own infrastructure locations.
Full details are in our privacy policy.