Your data stays
in your browser.
Last updated: February 2026
The short version
Your calendar data never leaves your browser. LookOut reads Outlook Web App calendar events and writes them directly to your Google Calendar. The data flows from Outlook to Google — our servers never see it.
We collect only what's necessary to run the service: your email address for authentication and anonymous usage counts for improving the product. That's it.
What we access
LookOut reads your Outlook Web App calendar data — event titles, times, locations, attendees, and meeting links — and syncs it directly to your Google Calendar.
This data is cached temporarily in chrome.storage.local on your device only. It is never sent to our servers or any third party other than Google Calendar.
Google Calendar auth tokens are managed by Chrome's built-in identity API. Tokens are short-lived (under 60 minutes) and used exclusively for writing synced events.
Analytics & error reporting
We use PostHog (EU-hosted) for usage analytics and Sentry for crash reporting. These services receive:
- Anonymous usage counts (e.g., "sync completed", "settings changed") — no event details
- Error reports with technical stack traces
- Extension version and browser environment
What analytics never include: event titles, attendee names or emails, meeting descriptions, locations, Teams links, or any other calendar content. We literally cannot see your calendar data — it flows directly between Outlook and Google Calendar without touching our infrastructure.
Google Calendar access
We request the minimum OAuth scopes needed to sync events:
calendar.events— create, update, and delete synced eventscalendar.calendars— create a dedicated LookOut calendarcalendar.calendarlist— list your calendars so you can pick a sync targetuserinfo.emailanduserinfo.profile— display your name and email in the extension
We only write events synced from Outlook. We never read, modify, or delete events that weren't created by LookOut.
Account & billing
We use Clerk for authentication and Convex as our backend. The only personal data stored server-side is:
- Your email address (for sign-in and account recovery)
- Subscription status (managed by Stripe — we never see your card details)
No calendar data is ever sent to or stored in our backend. Our servers exist solely for authentication and subscription management.
Third-party services
| Service | Purpose |
|---|---|
| Google Calendar API | Write synced events |
| PostHog (EU) | Anonymous analytics |
| Sentry | Error tracking |
| Clerk | Authentication |
| Stripe | Payment processing |
| Convex | Backend (subscriptions only) |
What we don't do
- We don't sell, share, or monetize your data
- We don't read your Outlook emails or contacts
- We don't store calendar data on our servers
- We don't track your browsing activity outside the extension
- We don't use your data for advertising or profiling
Data deletion & contact
Uninstalling the extension removes all locally stored data. To delete your account and server-side data (email, subscription), use the "Delete Account" option in the extension settings or contact us.
Questions about this policy? Reach out via our contact page.