Back

Privacy Policy

Last updated: 2026-03-14

1. Who we are

This application is a personal productivity tool. For privacy-related questions, contact us at the email address provided during registration or at [your-contact@email.com].

2. What data we collect

  • Name and email address — provided at registration
  • Password — stored as a bcrypt hash (never in plaintext)
  • Board data — columns, tasks, priorities, and due dates you create
  • Timestamps — when records were created or updated

We do not collect analytics, tracking data, advertising identifiers, or third-party cookies of any kind.

3. Lawful basis (GDPR Art. 6)

We process your personal data on the basis of contract performance (Art. 6.1.b) — the data is necessary to provide you with the service you have signed up for. We do not process your data for marketing or profiling purposes.

4. Cookies

We use a single, strictly necessary session cookie (authjs.session-token) to keep you signed in. This cookie expires after 30 days. No other cookies are set. Because this cookie is strictly necessary for the service to function, it is exempt from consent requirements under the ePrivacy Directive.

5. Data processors

We use the following sub-processors to deliver the service. Each has entered into a Data Processing Agreement (DPA) with us:

Neon (Neon Inc.)

PostgreSQL database hosting — United States. Covered by the EU–US Data Privacy Framework and Standard Contractual Clauses.

Vercel (Vercel Inc.)

Application hosting and CDN — United States. Covered by the EU–US Data Privacy Framework and Standard Contractual Clauses.

6. International transfers

Your data is stored and processed in the United States. Transfers from the EU/EEA are covered by the EU–US Data Privacy Framework (DPF) and, where applicable, Standard Contractual Clauses (SCCs) included in our processors' DPAs.

7. Data retention

  • Your account data is retained for as long as your account is active.
  • You may delete your account at any time via Settings, which permanently deletes all associated data.
  • Session cookies expire after 30 days of inactivity.

8. Your rights (GDPR)

If you are in the EU, UK, or EEA, you have the following rights regarding your personal data:

  • Access (Art. 15) — request a copy of your data via Settings → Download my data
  • Rectification (Art. 16) — correct your name or email via Settings
  • Erasure (Art. 17) — delete your account and all data via Settings → Delete account
  • Portability (Art. 20) — download your data in JSON format via Settings
  • Restriction / Objection (Art. 18, 21) — contact us directly

You also have the right to lodge a complaint with your local supervisory authority (e.g., your national Data Protection Authority).

9. Contact

For any privacy-related questions or to exercise your rights, contact us at [your-contact@email.com].