Privacy Policy

Last updated: April 24, 2026

Who we are

Gnomik is a small soft­ware service that helps solo profes­sionals organise their sched­ule, reminders and simple book­keep­ing. Gnomik is oper­ated by the Gnomik Team: Alina Riaby, Pavel Riaby, Andrey Andri­anov, and Nick McLarnan. You can contact us at [email protected].

What Gnomik does

Gnomik connects your existing tools — Tele­gram and Google Calen­dar — to help you manage appoint­ments and payment remind­ers. Gnomik itself is inten­tion­ally built on a prin­ciple of minimal data stor­age: it doesn't keep its own copy of your data and uses your Google account as the primary data store.

Roles under data-protection law

  • If you use Gnomik in your own prac­tice, you are the data controller for inform­a­tion about your clients.
  • For that data, Gnomik acts as your data processor: we process it only on your instruc­tions and only to provide the service.
  • Gnomik is a data controller for data about you as a user (billing, account manage­ment, support).

Data we process

Depending on how you use the service, we may process:

  • Ac­count data: display name (a name you choose to present to your clients — this need not be your legal name), Tele­gram user ID, Google account ID, language, time zone.
  • Scheduling data: appoint­ment date, time and dura­tion, a display name provided by your client when booking (which may not be their legal name), internal client iden­ti­fi­ers, basic appoint­ment metadata read from your Google Calen­dar. When a client books via Gnomik, their Tele­gram user­name or display name is added to the corres­ponding event in your Google Calendar so you can identify and contact them; this data is written to your own Google account and governed by Google's privacy policy.
  • Pay­ment config­ur­a­tion data: if you use Gnomik's invoicing feature, we store the payment details you expli­citly provide so Gnomik can include them in invoices sent to your clients. Depending on your chosen payment method this may include a payment link URL, a phone number for bank trans­fers (e.g. SBP), bank account holder name, IBAN, SWIFT/BIC, routing number, or a crypto­cur­rency wallet address. This data is stored only at your explicit request and is treated as your busi­ness config­ur­a­tion. It is never logged or shared with third parties beyond deliv­ering invoices to your clients.
  • Mes­saging data: tech­nical details of Tele­gram messages sent to and from the Gnomik bot (chat IDs, timestamps, message IDs). We do not store copies of message contents in our data­base; they remain in Tele­gram.
  • Tech­nical data: server logs with anonymised iden­ti­fi­ers: request IDs, error codes, IP address in security logs. On the public landing website, we also use Umami Cloud to collect anonymised pageview analytics such as page URL, referrer URL, browser, oper­ating system, device type and country of origin. The Umami tracker does not use cookies and is configured to respect Do Not Track. When you click a landing CTA, Gnomik uses a first-­party attri­bu­tion bridge to remember the landing page, campaign para­met­ers, refer­rer, landing language, browser language, time zone hint, coarse device/browser­/screen class, and Do Not Track state before opening Tele­gram. The bridge does not store IP address or raw user agent. If Do Not Track is enabled, Gnomik keeps the first-­party CTA and campaign facts but does not keep a durable Umami join key or durable device/browser­/screen analytics fields.

Google API data and Limited Use

Gnomik accesses your Google account through OAuth 2.0 author­isa­tion that you expli­citly grant. The specific data accessed includes:

  • Cal­endar list — to let you select which calendar Gnomik should use for your appoint­ments.
  • Cal­endar events (read and write) — to display your sched­ule, create booking events, set reminder metadata, and remove cancelled appoint­ments.
  • Free/busy inform­a­tion — to identify avail­able time slots for client book­ings.

This data is used ex­clus­ively to provide the schedul­ing, book­ing, and reminder features visible in the service. In partic­u­lar:

  • We do not use any Google user data to serve you advert­ise­ments or for any advertising-­related purpose.
  • We do not allow any human to read your Google account data, except where required by applic­able law, where strictly neces­sary for security or fraud-­prevention (and only to the minimum extent required), or where you have given explicit written consent.
  • We do not sell, trans­fer, or disclose Google user data for any purpose other than those expli­citly described in this Privacy Policy.
  • We do not use Google user data for any purpose unre­lated to providing and improving Gnomik's user-­facing features.
  • We do not use your data — including any data obtained via Google APIs — to develop, improve, or train gener­al­ised AI or machine-­learning models.

Gnomik's use of inform­a­tion received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Where your data lives

  • Google Calen­dar: most long-­term data about your clients and appoint­ments lives in your own Google account and is governed by Google's privacy policy.
  • Tele­gram: messages between you, your clients and the Gnomik bot live in Tele­gram and are governed by Tele­gram’s privacy policy.
  • Gnomik infra­struc­ture: we operate servers on reput­able hosting providers, where we store only what is needed to run the service: OAuth tokens, internal iden­ti­fiers and tech­nical logs.

Security

We take the protec­tion of your data seri­ously and use appro­priate tech­nical and organ­isa­tional meas­ures to safe­guard it. All data trans­mitted between you, Gnomik, and our integ­ra­tion part­ners (Google, Telegram) is encrypted in transit using TLS. Access to systems that hold your data is restricted to author­ised members of the Gnomik team. No method of trans­mis­sion or storage is 100% secure, but we work to protect your inform­a­tion using industry-­standard prac­tices.

Why we process your data

We use your data to:

  • provide and main­tain the service (legal basis: perform­ance of a contract);
  • secure and troubleshoot the service (legal basis: our legit­imate interest in keeping the service reli­able and secure);
  • under­stand anonymous usage of the public landing website (legal basis: our legit­imate interest in improving the website);
  • commu­nicate with you about your subscrip­tion, updates and changes (legal basis: perform­ance of a contract / legit­imate interest);
  • comply with legal oblig­a­tions (for example, accounting and tax rules).

How long we keep data

Account-­level data is kept for as long as your account is active and for a reas­on­able period after­wards where required by law (e.g. invoicing records).

Tech­nical logs are kept for short, fixed periods (90 days maximum) for security and debug­ging, then perman­ently deleted.

We do not keep our own copy of any of your and your clients' records; those remain under your control in your Google and Tele­gram accounts.

Sharing and subprocessors

We do not sell your data. We do not transfer or disclose your inform­a­tion to third parties for purposes other than the ones provided in this policy. We use the following service providers to operate Gnomik. Where required by law we sign data-­processing agree­ments with them.

Provider Country Purpose
Het­zner Online GmbH Germany Cloud infra­struc­ture — the servers and in-­memory data­base (Valkey) that store your account data, OAuth tokens, and oper­a­tional state
Sentry (Functional Soft­ware, Inc.) United States Error monit­or­ing — anonymised crash reports and stack traces used to diagnose bugs. May include tech­nical iden­ti­fiers (e.g. Tele­gram user ID, request path) attached to error events
Umami Soft­ware, Inc. United States Privacy-­focused analytics for the public landing website — anonymised pageviews, refer­rers, browser­/OS/device type and country of origin, without cookies
Google LLC (Gemini API) United States AI-­assisted schedule import — used only when you photo­graph a paper schedule and ask Gnomik to extract appoint­ments from it. Only the photo is sent; no calendar data or personal details are included
OpenAI, L. L.C. United States AI-­assisted schedule import (fallback) — same feature; used only if Google Gemini is unavail­able

Google LLC is also our primary integ­ra­tion partner for Google Calen­dar; that rela­tion­ship is described under Where your data lives and Google API data and Limited Use above.

International transfers

Our infra­struc­ture may be hosted outside the region where you are located. We take reas­on­able steps to ensure your data is handled with appro­priate care during any such trans­fers, and we intend to imple­ment formal transfer safe­guards (such as Standard Contrac­tual Clauses) as the service matures.

Your rights

You have the right to:

  • access, correct or delete your personal data;
  • restrict or object to certain processing;
  • receive a copy of your data in a port­able format;
  • complain to your local data-­protection author­ity.

For most requests about your clients’ data (for example, a client who wants their Google Calendar entry removed), you remain the controller and handle those requests your­self through your own Google and Tele­gram accounts. We will support you where reas­on­ably possible.

Contact

For privacy ques­tions or requests, email us at [email protected]

Update History

  • April 24, 2026: Added the public landing website analytics disclosure for Umami Cloud, including the no-­cookie tracker config­ur­a­tion, Do Not Track hand­ling, analytics legal basis, and subpro­cessor entry.
  • April 28, 2026: Added the first-­party landing-­to-­Telegram attri­bu­tion bridge disclos­ure.