← Smart Sync for Obsidian

Privacy Policy

Last updated: March 4, 2026

This Privacy Policy describes how Smart Sync for Obsidian ("Smart Sync", "the Plugin") handles your information. Smart Sync is an open-source Obsidian community plugin developed by Takehito Gondo ("we", "us").

1. What the plugin does

Smart Sync provides bidirectional file synchronization between your local Obsidian vault and your Google Drive account. The plugin runs entirely within the Obsidian application on your device.

2. Information we collect

We do not collect, transmit, or store any of your personal data on our servers.

Smart Sync operates locally on your device. The only network communication the plugin performs is directly between your device and Google's APIs. Specifically:

• Google account information: When you authorize the plugin, Google provides an OAuth 2.0 authorization code. The OAuth relay server exchanges this code for access and refresh tokens, which are then passed directly to the plugin and stored locally on your device within Obsidian's settings storage.
• Google Drive file data: The plugin reads and writes files in a single designated folder in your Google Drive to perform synchronization. File content is transferred directly between your device and Google Drive over HTTPS.

We operate a lightweight OAuth relay server (auth-smartsync.takezo.dev) hosted on Cloudflare Workers. This server performs the OAuth token exchange on your behalf — it receives a temporary authorization code from Google, exchanges it for access and refresh tokens using the securely stored client secret, and immediately passes those tokens to Obsidian via a custom URI scheme redirect. The server does not log, store, or persist any tokens or user data. All processing is transient and stateless.

3. How your information is used

All data processing occurs locally on your device. The plugin uses your Google Drive access to:

• List files in your designated sync folder
• Download remote files to synchronize with your local vault
• Upload local files to keep your Google Drive folder in sync
• Delete or rename files to reflect changes made locally or remotely

4. Data stored on your device

The following information is stored locally on your device:

• OAuth tokens (access token and refresh token) — stored in Obsidian plugin settings
• Sync state records (file paths, hashes, timestamps) — stored in the browser's IndexedDB
• Plugin settings (sync folder ID, sync interval, conflict strategy, exclude patterns)

No data is stored on any external server controlled by us.

5. Google API Services — Limited Use Disclosure

Smart Sync's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

The plugin requests the https://www.googleapis.com/auth/drive scope. This scope is required to perform bidirectional synchronization (list, read, create, update, and delete files) within your designated Google Drive folder. The plugin does not access files outside of the folder you designate for synchronization.

6. Third-party services

The plugin communicates exclusively with the following third-party services:

• Google OAuth 2.0 (accounts.google.com) — for authentication
• Google Drive API v3 (www.googleapis.com) — for file synchronization

We do not use any analytics, advertising, or tracking services. We do not share your data with any third party.

7. Data retention and deletion

Since all data is stored locally on your device:

• To revoke access: Disconnect your Google account from the plugin settings, or revoke access from your Google Account permissions page.
• To delete local data: Uninstall the plugin from Obsidian. This removes plugin settings and the locally stored tokens. IndexedDB data can be cleared through your browser's developer tools or by deleting the vault's app data.
• Google Drive data: Files stored in your Google Drive remain under your full control and are not modified or deleted by the plugin once synchronization is disconnected.

8. Security

The plugin uses industry-standard security practices:

• OAuth 2.0 with PKCE (Proof Key for Code Exchange) for secure authentication
• All communication with Google APIs is over HTTPS
• Access tokens are short-lived and automatically refreshed
• The OAuth relay server (Cloudflare Workers) processes tokens transiently and does not log or persist any data
• No credentials or tokens are stored on any server other than your local device

9. Children's privacy

Smart Sync is not directed at children under the age of 13. We do not knowingly collect personal information from children.

10. Open source

Smart Sync is open-source software licensed under the MIT License. You can review the complete source code:

• Plugin: github.com/takezoh/obsidian-smart-sync
• OAuth relay: github.com/takezoh/smart-sync-auth

11. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the plugin after any changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy, please open an issue on the GitHub repository.