Privacy Policy

Last updated: June 24, 2026

This Privacy Policy describes how Promodify (promodify.app) collects, uses, and protects information when you use the Service. This page is maintained by the Promodify team and reflects current product behaviour; it is not an independent certification.

1. Data we collect

You provide

Account info: email address (and OAuth identifier if you sign in with Google) when you create an account.
Session data: Pomodoro sessions you start — duration, focus integrity, theme, optional intention text.
Pro purchase: Stripe checkout session ID; payment details are handled by Stripe and never touch our servers.

Collected automatically

Basic request metadata (IP address, user agent, referrer) for security and aggregate analytics.
Cookies / local storage strictly needed to keep you signed in and to remember your preferences.

2. Why we use it

Run the timer and save your sessions and streaks.
Authenticate you and protect against abuse.
Process Pro purchases and apply referral discounts.
Send transactional emails (sign-in, receipts, account changes).
Improve the product through anonymous aggregate stats.

3. Legal basis (EU/UK)

We process personal data on the basis of (a) contract — to deliver the Service you signed up for; (b) legitimate interest — to keep the Service secure and improve it; and (c) consent — where you opt into non-essential cookies or marketing emails.

4. Third-party processors

We use the following sub-processors to operate Promodify. Each is bound by their own privacy terms.

Lovable Cloud (Supabase) — database, authentication, file storage (EU region).
Stripe — payments for Promodify Pro.
ElevenLabs — voice coach text-to-speech (optional Pro feature; audio prompts only, no account data).
Spotify — only if you connect your account, to control playback during sessions.
TikTok — only used by the Promodify team to publish promotional clips. End-user accounts are never connected to TikTok.
Google — only if you choose Sign in with Google.

5. Sharing

We do not sell personal data. We share it only with the processors above, with authorities when legally required, and with a buyer in the event of a corporate transfer (subject to this Policy).

6. Retention

Account and session data: kept while your account is active. We delete it within 30 days of an account-deletion request.
Email logs: kept up to 90 days for deliverability troubleshooting.
Payment records: kept as long as required by tax / accounting law.

7. Your rights

You can:

Access, correct, or export the personal data we hold about you.
Request deletion of your account and associated data.
Withdraw consent for non-essential processing at any time.
Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email privacy@promodify.app.

8. Security

Data is encrypted in transit (HTTPS) and at rest by our cloud provider. Access to production data is restricted to the Promodify team and protected by strong authentication. No system is perfectly secure — please report vulnerabilities to security@promodify.app.

9. Children

Promodify is not directed at children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.

10. International transfers

Our primary infrastructure is hosted in the EU. Some sub-processors (e.g. Stripe, Spotify, TikTok) may process data outside the EEA under appropriate safeguards such as Standard Contractual Clauses.

11. Cookies

We use a small number of strictly necessary cookies for sign-in and preferences. Non-essential analytics or marketing cookies are only set after you accept them via the cookie banner.

12. Changes

We will update this page when our practices change and update the "Last updated" date above. Material changes will be announced in-app or by email where appropriate.

13. Contact

Privacy questions: privacy@promodify.app.