Privacy Policy

Last Updated: January 5, 2026

Effective Date: January 5, 2026

1. Introduction and Our Commitment to Privacy

Codoha Ltd. (“we,” “our,” or “us”) provides the AI Shift Planner Google Workspace™ Add-on and its associated Web App (collectively, the “Service”). This Privacy Policy describes our policies and procedures on the collection, use, and disclosure of your information when you use the Service and informs you of your privacy rights.

We are committed to protecting your privacy and handling your data in an open and transparent manner, in accordance with the laws of Taiwan, including the Personal Data Protection Act (PDPA). We use your Personal Data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

Codoha Ltd. is a limited company registered in Taiwan, located at Rm. 5, 4 F., No. 8, Guomin 8th St., Hualien City, Hualien County 970015, Taiwan (R.O.C.). This Privacy Policy applies to all services provided under the AI Shift Planner brand.

2. Geographic Restrictions

Our Service is NOT intended for or available to users located in the European Economic Area (EEA), Switzerland, the United Kingdom, and Russia. We do not intentionally collect or process Personal Data from individuals in these regions. To enforce this, our Service is only made available for installation through the Google Workspace Marketplace™ in permitted countries. By using the Service, you represent and warrant that you are not located in any of these restricted regions.

3. Interpretation and Definitions

For the purposes of this Privacy Policy:

Application: The AI Shift Planner Google Workspace™ Add-on and its associated Web App.
Backend Service: Our secure server-side application, hosted on Google Cloud Platform™, that receives requests from the Application to perform the core logic of the Service.
Company: Refers to Codoha Ltd.
Country: Refers to Taiwan, R.O.C.
Personal Data: Any information that relates to an identified or identifiable individual.
Service: The Application, the Backend Service, and our website, collectively.
Service Provider: Third-party companies or individuals we employ to facilitate the Service, provide the Service on our behalf, or assist us in analyzing how our Service is used. This includes our payment processor and AI service providers.
Usage and Diagnostic Data: Data collected automatically when you use the Service, such as error logs and performance metrics.
You: The individual or legal entity accessing or using the Service.

4. Information Collection and Use

4.1. Types of Data Collected

Google Account Information: Your Google Account email address.
Application Data: The scheduling instructions and any reference schedules you provide through the Application. This content is determined by you and may contain Personal Data (such as employee names).
License and Subscription Information: When you subscribe to a paid plan, our payment processor (Paddle) collects payment information. We receive confirmation of your subscription status from Paddle, linked to your email address.
Usage and Diagnostic Data: To monitor the health of our Service and troubleshoot issues, we automatically log information when you perform an action or when an error occurs. This data includes your Google Account email address, locale, time zone, the host Google™ application (e.g., “Google Sheets™”), and a temporary, non-identifiable session identifier provided by Google™.

4.2. How We Use Your Data

We use the collected data for the following specific purposes:

To provide, maintain, and secure our Service.
To generate schedules: To process your Application Data via our Backend Service and third-party AI models.
To manage your access: To validate your license status and manage access to premium features or trial runs.
To manage your subscription: To process payments and manage subscriptions for paid plans through our Service Provider.
For service improvement: To log errors and usage statistics for troubleshooting, internal diagnostics, and to evaluate and improve our Service.
To contact You: To notify you about critical changes or updates to our Service, if necessary.
To manage your requests: To attend to and manage your support requests.

We only share your information with Service Providers in the following situations:

With Our Backend Service on Google Cloud Platform™: Your Google Account email address, Application Data, and Usage and Diagnostic Data are processed by our secure Backend Service hosted on Google Cloud Platform™. This is necessary to execute the core logic of the Service. All data remains within Google’s™ secure infrastructure during this processing.
With Our Merchant of Record (Paddle): To manage subscriptions and process payments, we share your Google Account email address with our reseller and merchant of record, Paddle.com Market Limited.
With AI Model and Routing Services (OpenRouter.ai and Google Gemini™): To provide AI features, we transfer your Application Data (scheduling instructions) to our AI routing partner, OpenRouter.ai, which in turn sends it to the Google Gemini™ API. We do not share your Google Account email address or any other personal identifiers with these AI services.
For Internal Diagnostics (Google Cloud Logging): Usage and Diagnostic Data, including your email address, is stored in logs within Google Cloud Logging for troubleshooting purposes.

Other Legal Disclosures

We may be required to disclose Your Personal Data under certain circumstances:

Business Transactions: If the Company is involved in a merger, acquisition, or asset sale, Your Personal Data may be transferred. We will provide notice before your data is transferred.
Law Enforcement: We may disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
Other Legal Requirements: We may disclose Your Personal Data in the good faith belief that such action is necessary to comply with a legal obligation, protect the rights or property of the Company, prevent wrongdoing, or protect the personal safety of users.

6. Data Retention and Deletion

6.1. Retention Policy

We will retain your personal information for the length of time needed to fulfill the purposes outlined in this privacy policy unless a longer retention period is required or permitted by law. Our specific retention periods are as follows:

Application Data (Scheduling Instructions): This data is handled transiently. It is held in memory on our Backend Service only for the duration required to generate and return a schedule. It is not stored or retained on our servers or in databases after this process is complete.
Usage and Diagnostic Data: This data, stored in Google Cloud Logging, is retained for a maximum of 30 days for troubleshooting and service analysis, after which it is automatically and permanently deleted.
License and Subscription Information: Your subscription status is managed by our payment processor, Paddle, and is retained for the duration of your subscription and as required by financial regulations.

6.2. Deletion Policy

You have the right to request the deletion of the Personal Data We have collected about You.

You may request for your data to be deleted by contacting us at support@aishiftplanner.com.
Upon receiving your request, we will delete any Personal Data we hold, such as your subscription record in Paddle and any associated logs, to the extent permitted by our legal and contractual obligations.
Please note that we may need to retain certain information when we have a legal obligation or lawful basis to do so (for example, for financial record-keeping).

7. Security of Your Personal Data

The security of Your Personal Data is important to Us. All data processing occurs within the Google Workspace™ environment and on our servers hosted on Google Cloud Platform™, keeping your data within Google’s™ secure infrastructure. Your add-on settings are stored directly in your Google™ Account using Google’s™ PropertiesService.

However, remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While We strive to use commercially reasonable means to protect Your Personal Data, We cannot guarantee its absolute security.

8. Your Control Over Data and Google Permissions

To function, AI Shift Planner requires your authorization to access specific Google™ services (known as “scopes”). Below is a clear explanation of why each one is necessary.

https://www.googleapis.com/auth/script.container.ui: To display the user interface (sidebar, dialogs).
https://www.googleapis.com/auth/script.external_request: To send your instructions to our secure backend API for processing.
https://www.googleapis.com/auth/script.scriptapp: To create temporary, one-time triggers to prevent timeouts during complex schedule generation.
https://www.googleapis.com/auth/userinfo.email: To validate your subscription status.
...documents.currentonly, ...presentations.currentonly, ...spreadsheets.currentonly: To read instructions from your currently open file in Google Docs™, Google Slides™, or Google Sheets™.
https://www.googleapis.com/auth/drive.file: To create new Google Docs™, Sheets™, or Slides™ files when you export a schedule.
...gmail.addons.execute, ...calendar.addons.execute: To run the add-on within Gmail™ and Google Calendar™.

You can review and revoke these permissions at any time by visiting your Google™ Account security settings: https://security.google.com/settings/security/permissions.

9. AI Interactions and Data Usage

The content of your AI interactions (your instructions and the generated schedules) is never used to train any AI models. We achieve this by exclusively using enterprise-grade versions of the AI APIs, which ensures your data is not logged by the model provider or reviewed by humans.

10. Third-Party Services and Terms

Our Service integrates with and relies on several third-party services to function. Your use of the AI Shift Planner Service constitutes your agreement to the terms and policies of these essential providers.

10.1. Google APIs and Services

AI Shift Planner interacts with and exchanges data with various Google™ API and Google™ services. By using our Service, you agree to be bound by all applicable Google™ terms, which include:

Google Privacy Policy
Google API Services User Data Policy (including the Limited Use requirements)
Google APIs Terms of Service
Gemini API Additional Terms of Service
Google’s Generative AI Prohibited Use Policy

10.2. Payment and Subscription Services

We use Paddle as our Merchant of Record to handle payments and subscriptions for our paid plans. When you purchase a subscription, you are also agreeing to their terms.

10.3. AI Model Routing Services

We use OpenRouter.ai to route your scheduling instructions to the most appropriate AI model, such as Google Gemini™. Your use of our AI features means you also agree to their terms.

11. Children’s Privacy

Our Service does not address anyone under the age of 18 (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 18.

12. Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

13. Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date.

14. Contact Us

If you have any questions about this Privacy Policy, you can contact us:

Email: support@aishiftplanner.com
Address: Codoha Ltd., Rm. 5, 4 F., No. 8, Guomin 8th St., Hualien City, Hualien County 970015, Taiwan (R.O.C.)

15. Governing Law and Jurisdiction

This Privacy Policy and any disputes related to it are governed by and construed in accordance with the laws of Taiwan, R.O.C. You agree to submit to the exclusive jurisdiction of the Hualien District Court, Taiwan for the resolution of any disputes arising out of or relating to this Policy.

16. Compliance and Legal Notices

Codoha Ltd.’s use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Google Docs™, Google Slides™, Google Sheets™, Google Gemini™, Google Cloud™, Google Workspace™, Gmail™, and Google Drive™ are trademarks of Google LLC. This Add-On is not endorsed by or affiliated with Google LLC. Paddle is a trademark of Paddle.com Market Limited.