Privacy Policy

Tododo ("we", "our", "us") is a task management service. Contact: privacy@tododo.io

• Account data — email address, name (via Clerk)
• Task data — tasks, subtasks, notes, due dates you create
• Usage data — AI conversation history (stored in Redis, TTL 1 hour)
• Device data — push notification token (for reminders)
• Payment data — handled entirely by Stripe; we never store card details

• To provide and improve the Tododo service
• To send reminders and notifications you have requested
• To process payments and manage subscriptions
• To respond to support requests

• Clerk — authentication (EU DPA available)
• Neon — PostgreSQL database (EU region)
• Upstash — Redis cache (EU region)
• Stripe — payment processing
• Resend — transactional email
• Anthropic / OpenAI — AI inference (messages processed, not stored by provider beyond inference)
• Expo — push notifications

We retain your data for as long as your account is active. You can delete your account at any time from Settings → Data & Privacy, which permanently removes all your data.

If you are in the EU/EEA, you have the right to:

• Access your data (Settings → Export my data)
• Correct inaccurate data
• Delete your data (Settings → Delete account)
• Withdraw consent at any time
• Lodge a complaint with your local supervisory authority

The web app uses only strictly necessary cookies for authentication. No third-party tracking cookies are used.

We will notify you of material changes by email. Continued use after the effective date constitutes acceptance.

For privacy requests: privacy@tododo.io