TRKR

Google OAuth details

TRKR Calendar access is optional and user-directed.

This page explains why TRKR requests Google OAuth access, how Calendar data is used, and what a Google verification reviewer should see in the product demo.

Requested Google scopes

https://www.googleapis.com/auth/calendar.events

Used to create, update, delete, and sync workflow events for the connected user's own Google Calendar. Examples include site surveys, installs, welcome calls, and follow-up reminders.

openid

Used as part of the Google OAuth identity flow so TRKR can confirm the Google account connected during authorization.

email

Used to associate the connected Google account with the signed-in TRKR user and display the connected email in TRKR settings.

Google OAuth FAQ

Who can connect Calendar?

Only signed-in, authorized TRKR users can start the Google Calendar connection flow from inside their account settings.

Is Calendar required?

No. Google Calendar is optional. Users can use TRKR without connecting a Google Calendar account.

Can users disconnect?

Yes. Users can disconnect Google Calendar from TRKR settings or revoke TRKR access directly from their Google Account.

Demo video checklist

  • Start signed into TRKR as an authorized user.
  • Open Settings and click Connect Google Calendar.
  • Show the Google consent screen with the exact Calendar Events permission visible.
  • Approve access and return to TRKR.
  • Create or sync a workflow event such as a site survey, install, welcome call, or follow-up reminder.
  • Show the event visible in the connected user's Google Calendar.
  • Return to TRKR settings and show how the user can disconnect Google Calendar.

Security controls

Two-factor authentication

Privileged TRKR accounts require two-factor authentication before sensitive account actions.

Role-scoped access

TRKR limits dashboard records and actions based on the signed-in user's approved role and scope.

Server-side route gates

Protected app pages and authenticated app bundles are blocked before they are served to logged-out visitors.

Audit logs

High-impact administrative and sensitive data actions are recorded for review.

Encrypted tokens

Google OAuth tokens are encrypted at rest before storage in TRKR's backend.

No advertising use

TRKR does not sell Google user data and does not use Google Calendar data for advertising.