Privacy Policy

1. Information we collect

We collect the following categories of information:

• Account information: your email address and authentication credentials. Your password is handled by our authentication provider (Supabase Auth) and stored only in hashed form — we never see or store your plaintext password.
• Content you create: your boards, blocks, tasks, per-day steps, notes, labels, deadlines, and related metadata.
• Settings and preferences: such as theme, accent color, font, layout sizes, pinned items, and notification preferences.
• Activity data: a log of actions you take in the app, which we use to power features such as your weekly summary and to operate and secure the Service.
• Collaboration and presence data: when you use shared boards, your email and display name, online presence, live cursor position, drag state, and chat messages are shared in real time with other members of that board.
• Payment information: when you purchase a paid plan, payments are processed by Stripe. We receive limited billing details (such as your plan, subscription status, and Stripe customer/subscription identifiers) but we do not collect or store your full payment card number.
• Technical data: standard log and device information (such as IP address and browser type) and cookies or local storage used to keep you signed in and remember your preferences.

2. How we use your information

We use personal information to:

• provide, operate, maintain, and improve the Service;
• create and authenticate your account and keep it secure;
• process payments and manage subscriptions and trials;
• enable real-time collaboration features you choose to use;
• power product features such as summaries, reminders, and notifications;
• detect, prevent, and address fraud, abuse, and security issues;
• send you service and transactional communications; and
• comply with legal obligations and enforce our Terms.

2a. Legal bases

Where applicable law requires a legal basis for processing, we rely on: the performance of our contract with you (to provide the Service); your consent (for example, accepting these policies at signup or enabling browser notifications); our legitimate interests in operating, securing, and improving the Service; and compliance with legal obligations. You may withdraw consent at any time, though some features may not work without it.

3. Cookies and local storage

We use cookies and similar technologies that are essential to the Service — for example, session cookies that keep you signed in, and local storage that remembers preferences such as your theme. We do not use third-party advertising cookies or cross-site tracking.

4. How we share information

We do not sell your personal information. We share it only as follows:

• Service providers (processors): we use trusted vendors that process data on our behalf, including Supabase (database, authentication, and hosting of your data), Stripe (payment processing), Vercel (application hosting and delivery), and Cloudflare (delivery of demo media). They may only use the data to provide services to us.
• Other users: information you place on a shared board, and your presence data on that board, is shared with the other members of that board.
• Legal and safety: we may disclose information if required by law or legal process, or to protect the rights, property, or safety of our users, the public, or us.
• Business transfers: if we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to this Policy.

5. Data retention

We retain your information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal information within a reasonable period, except where we must retain certain records to comply with legal, accounting, or tax obligations or to resolve disputes.

6. Data security

We use technical and organizational measures designed to protect your information, including encryption in transit, access controls, and database row-level security that isolates each user's data. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

7. International data transfers

Our providers may store and process your information in the United States and other countries, which may have different data-protection laws than your own. Where required, we take steps to ensure your information receives an adequate level of protection.

8. Your rights and choices

Depending on where you live, you may have the right to access, correct, update, port, or delete your personal information, and to object to or restrict certain processing. You can update much of your information in the app, or contact us at hello@weekloom.com to make a request. If you are in Canada and have an unresolved concern, you may contact the Office of the Privacy Commissioner of Canada.

If you enable browser notifications, you can turn them off at any time in your browser or device settings, or from the app's settings.

9. Children's privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us so we can delete it.

10. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new effective date and, for material changes, take reasonable steps to notify you.

11. Contact us

If you have questions about this Policy or our handling of your information, contact Weekloom Inc. at hello@weekloom.com.