This document outlines the technical architecture and data-handling practices of KiviCare Google Meet integration, specifically intended for Google App Reviewers. It explains how user data is processed, stored, and secured during API interactions.
Technical Design Overview
Data Flow Architecture
- Authentication
The plugin uses OAuth 2.0 to securely obtain access and refresh tokens from Google. These tokens are stored safely as user metadata within the WordPress database.
- Event Creation
When a consultation appointment is scheduled in KiviCare, the plugin sends a POST request to the Google Calendar API to create a corresponding calendar event with a Google Meet link.
- Local Data Storage
Only essential and minimal data is stored locally, including:
- Google Calendar Event ID
- Google Meet link
This data is saved in the kc_appointment_google_meet_mappings database table.
- Data Synchronization
To maintain consistency, the plugin periodically checks for updates to Google Calendar events or uses webhooks (when available) to synchronize data between KiviCare and Google Calendar.
Security & Privacy Measures
Data Encryption
- All communication between the plugin and Google APIs is conducted over HTTPS, ensuring secure data transmission.
- OAuth access and refresh tokens are stored in the WordPress database and protected using standard WordPress security mechanisms.
Data Usage Policy
- The plugin only requests access to the Google Calendar API scope:
https://www.googleapis.com/auth/calendar
- This access is strictly used to manage telemedicine appointments.
- No personal Google account data is shared with third parties or used for any purpose other than scheduling and managing consultations.
App Uninstallation & Account Disconnection
When a user disconnects their Google account from KiviCare:
- All stored access and refresh tokens are permanently removed from the WordPress database.
- The user’s connection status is updated to
not_connected.
- The plugin immediately stops making any further API requests to Google on behalf of that user.
