Privacy Policy

Last updated: April 25, 2026

Overview

IIMBX Companion is a student tool built for enrolled students of the Indian Institute of Management Bangalore (IIMBx) program. This privacy policy explains how we collect, use, store, and protect your data, including data accessed through Google APIs.

Google User Data We Access

When you sign in with Google, we request access to the following Google user data:

  • Basic profile information (name, email address, profile picture) via the openid, email, and profile scopes

We do not access Google Drive, Gmail, Contacts, YouTube, Google Calendar, or other Google services. Google Calendar reminders are planned for a future release and are not requested by the current Google sign-in flow.

How We Use Google User Data

Profile information (name, email, picture):

  • To identify you within the app and display your name and avatar in the dashboard
  • To associate your IIMBx course data with your account
  • To maintain your authenticated session securely

For normal sign-in, we use only basic profile information. Calendar reminder sync is coming soon and will require separate Google approval and consent before it is enabled.

How We Store and Protect Data

  • Google OAuth tokens are encrypted at rest using AES-256-GCM encryption and stored in a secure database. Only the app backend can decrypt them.
  • Google profile data (name, email, picture URL) is stored in our database to maintain your account and session.
  • IIMBx credentials are required for private tracking, encrypted at rest, and used solely for automated login to the IIMBx portal to fetch and refresh course/exam data on your behalf.
  • All data is transmitted over HTTPS (TLS 1.2+) in transit.
  • We do not share, sell, or distribute your Google data to any third party.

Data Retention and Deletion

Your Google OAuth tokens, profile data, encrypted IIMBx credentials, cached IIMBx session, and dashboard cache are retained while your account is active. You can delete saved IIMBx credentials or disconnect Google access from within the app. Deleting saved credentials disables private tracking until you reconnect. Full account/data deletion removes app-stored account data where technically feasible.

Third Party Data Sharing

We do not share your Google user data with any third parties. Data is processed exclusively within our application infrastructure (hosted on Vercel and the configured database provider) to provide the app functionality described above.

Google API Compliance

Our use of Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, we do not transfer Google data to third parties, and we only access the data necessary to provide the features described in this policy.

Contact

For questions about this privacy policy or to request data deletion, contact the developer at the support email listed on the Google OAuth consent screen.

Back to IIMBX Companion