Nylas’ privacy mode is a security feature that restricts users’ access to objects created using the Nylas APIs only. This provides a layer of protection for sensitive calendar and event data. When privacy mode is enabled, users maintain access to all of their calendars, regardless of how they were created — however, they can only access events created using Nylas.
We recommend using privacy mode in cases where your users’ data privacy and access management are critical (for example, in projects where compliance requirements stipulate that only authorized, application-created events should be accessible).
How privacy mode works
Section titled “How privacy mode works”Nylas doesn’t track how events are created before you enable privacy mode. When you enable privacy mode, your users immediately lose access to all events created previously, regardless of how they were created.
When you enable privacy mode, Nylas applies the following restrictions to API requests:
- The Get Event, Get all Events, and Import Events endpoints return events created using Nylas only.
- The Update Event endpoint accesses and updates events created using Nylas only.
- The Delete Event endpoint accesses and deletes events created using Nylas only.
If your project tries to access events created outside of Nylas, you receive a 403 error.
{ "error": { "message": "Event is not accessible under privacy filter", "type": "forbidden" }, "request_id": "5967ca40-a2d8-4ee0-a0e0-6f18ace39a90"}You also receive Events webhook notifications for events created through Nylas only. Events created using other methods won’t trigger notifications, even if they exist in the user’s calendar.
Privacy mode and recurring events
Section titled “Privacy mode and recurring events”Nylas determines how to treat recurring events based on the series’ parent event. If the parent event was created using Nylas, users have full access to the entire series. Updating an occurrence doesn’t revoke users’ access to the series, and all instances of the recurring event remain accessible.