InitLife is a local-first productivity dashboard. All user preferences, settings, and tokens are stored
in your browser's localStorage on your device. InitLife does not operate a backend server,
does not collect personal data, and does not transmit your information to any servers controlled by InitLife.
InitLife uses Google OAuth 2.0 to optionally connect your Google account. This connection is entirely opt-in and can be revoked at any time. The following table describes every Google API scope requested, what data is accessed, how it is used, and why.
| Scope / API | Data accessed | How it is used | Purpose |
|---|---|---|---|
userinfo.profileopenid |
Given name, profile picture URL | Your first name is displayed in the personalised greeting shown on the dashboard. Your profile photo is converted to greyscale client-side using the Canvas API and displayed as your avatar in the header. No image data is stored or transmitted. | Personalise the dashboard greeting and header avatar for the signed-in user. |
calendar.readonly |
Upcoming calendar event titles, start/end times, locations, and event links from your primary Google Calendar |
Events from the next 14 days are fetched via the Google Calendar API and displayed
in the "google sync" section of the dashboard. Events are shown as a list including
title, time, and optional location. Data is fetched on demand and held in memory only —
it is not written to localStorage or any external store.
|
Show the user their upcoming schedule directly on the dashboard without leaving the app. |
gmail.readonly |
Unread message count for the Gmail inbox label; subject line and sender name of up to 5 unread messages | The Gmail API is queried to retrieve your inbox's unread message and thread count, which is displayed as a summary (e.g. "3 unread messages"). If unread messages exist, the subject and sender name of up to 5 messages are shown in an expandable panel. Message body content is never accessed or displayed. Data is held in memory only. | Give the user an at-a-glance inbox status without switching apps. |
contacts.readonly |
Contact names and birthday dates (month and day only) from Google Contacts | The People API is queried for contacts that have a birthday set. Only contacts with a birthday within the next 14 days are surfaced, displayed as a reminder (e.g. "Alice — birthday in 3 days"). Birth year is not accessed or used. Contact data is held in memory only and is not stored anywhere. | Surface upcoming birthday reminders so the user doesn't miss them. |
tasks |
Task list names, task titles, notes, due dates, and completion status |
The Tasks API is queried to fetch incomplete tasks across your task lists.
Task title, optional notes, due date, and list name are displayed in an
expandable panel. Users can create new tasks (title, notes, due date) and
mark existing tasks as complete directly from the dashboard. All interactions
happen in real time via the API. Data is held in memory only and is not
written to localStorage or any external store.
|
Allow the user to view, create, and complete Google Tasks without leaving the dashboard. |
The OAuth access token issued by Google is stored in your browser's localStorage
alongside its expiry timestamp. This token is used solely to make authenticated requests to the
Google APIs listed above on your behalf. All other Google user data (calendar events, inbox data,
contact birthdays, profile information) is held in browser memory only and is cleared when the
page is closed or refreshed. It is never written to disk, localStorage, cookies, or
any external server.
Google user data obtained through the Google APIs is never sold, rented, shared with, or transferred to any third party. It is not used for advertising or marketing purposes of any kind. It is not used to train machine learning models. It is used exclusively to render information on the InitLife dashboard for the authenticated user.
You can disconnect your Google account at any time by clicking "disconnect" in the InitLife
dashboard, which removes the stored access token from localStorage. You can also
revoke access directly from your
Google Account permissions page
.
InitLife's use of data obtained via Google APIs complies with the Google API Services User Data Policy , including the Limited Use requirements. Access is scoped to the minimum permissions required for each feature described above.
If you grant location permission, your device's GPS coordinates are used only to fetch local
weather conditions (via the Open-Meteo API) and to resolve a human-readable city name
(via OpenStreetMap Nominatim). Coordinates are not stored on any server operated by InitLife.
The resolved city name may be stored in localStorage to avoid repeated lookups.
When enabled by the user, InitLife communicates with the following external services:
Each of these services is governed by its own privacy policy. InitLife has no control over data handled by these providers.
InitLife does not use cookies. No analytics, tracking pixels, or advertising scripts of any kind
are included. The only client-side storage used is localStorage for user preferences
and the Google OAuth token.
You can delete all locally stored data at any time by using the "reset" function in the
application footer, which clears all localStorage data on your device, including
any stored OAuth tokens.
Because all sensitive data remains client-side, security depends on your device and browser. We recommend using a secure, up-to-date browser. The InitLife application is served over HTTPS.
For questions about this privacy policy or data handling, please contact the developer via the GitHub repository.
This policy applies to the InitLife web application at initlife.app only. It does not apply to third-party services accessed through the application.