Privacy Policy

This Privacy Policy explains how Pondari ("Pondari", "we", "us", or "our") collects, uses, and shares information about you when you create an account, run focus sessions, track projects, generate invoices, or otherwise use the Pondari web application and related services (the "Service").

We are the data controller for the personal data processed under this policy. By creating an account or using the Service, you agree to the practices described here.

We do not sell your personal data. We do not share your personal data with any person or third party for their marketing, advertising, profiling, or any purpose unrelated to running Pondari for you.

This policy applies to anyone who visits pondari.app, signs up for a free or paid plan, connects Pondari to a third-party integration, or contacts our support team. It does not cover websites, products, or services operated by other companies, even if you reach them through the Service.

We collect the following categories of personal data:

• Account data — name, email address, hashed password (or third-party sign-in identifiers), and the workspace settings you configure.
• Productivity data — focus sessions, Pomodoro intervals, projects, tasks, tags, notes, and the timestamps associated with them.
• Billing data — plan, subscription status, billing history, and limited card metadata (e.g. last four digits and expiry) returned by our payment processor.
• Device and usage data — IP address, browser type, device identifiers, pages viewed, and actions taken in the app.
• Support data — messages, attachments, and metadata you send us when you contact support.
• Integration data — if you connect Google Calendar, Todoist, or another supported service, OAuth tokens and the calendar events or tasks you choose to import into Pondari.

We process your personal data to:

• Create and operate your account, workspace, and projects.
• Provide the timer, reporting, billing, and integration features you actively use.
• Process subscription payments and send receipts, renewal notices, and important account communications.
• Improve the Service, debug issues, prevent abuse, and keep the platform secure.
• Comply with our legal obligations and enforce our Terms and Conditions.

We use your data only for the purposes listed above. We do not sell it, and we do not give it to unrelated third parties.

If you connect Google Calendar or another supported integration, we access your account there only when you ask us to — for example, when you run an import from your integration settings.

For Google Calendar, we request read-only access. We use that access solely to list your calendars and read events you choose to import as tasks in Pondari. We do not create, modify, or delete events in Google Calendar, and we do not use your calendar data for advertising, resale, or any purpose other than the import you initiated.

OAuth tokens for connected services are stored securely and removed when you disconnect the integration or delete your account.

Where the GDPR or UK GDPR applies, we rely on the following legal bases: performance of our contract with you (to deliver the Service); our legitimate interests (to keep the Service safe, improve it, and run our business); your consent (for optional features such as marketing emails); and compliance with legal obligations (such as tax and accounting record-keeping).

We use a small number of first-party cookies and local storage entries to keep you signed in, remember your theme and timer preferences, and measure aggregate product usage. We do not sell your data or share it with advertisers or other unrelated third parties.

You can clear or block cookies in your browser settings. If you do, some parts of the Service — such as staying signed in — may stop working as expected.

We do not sell your personal data. The only sharing we do is with the contracted processors required to operate the Service, including:

• Supabase — authentication and database hosting for your account and workspace data.
• Vercel — application hosting, edge networking, and deployment infrastructure.
• Polar — subscription billing and payment processing.
• Email and analytics providers — to deliver transactional email and to understand aggregate, non-identifying product usage.

These providers act on our instructions under appropriate data processing terms. They may not use your data for their own purposes, and we do not share your data with any other person or third party.

Some of our processors are located outside your country of residence, including in the United States and the European Union. Where required, we rely on Standard Contractual Clauses or equivalent safeguards to protect personal data when it is transferred internationally.

We keep your account data while your account is active. If you delete your account, we remove your personal data from our production systems within 30 days, except where we need to keep limited records for legal or accounting purposes (typically for up to seven years).

Backup copies are overwritten on a rolling schedule and are not used for any operational purpose.

We use industry-standard safeguards — encryption in transit, hashed credentials, scoped access controls, and regular dependency updates — to protect your data. No system is perfectly secure, so we ask that you choose a strong, unique password and enable any additional authentication options offered by your sign-in provider.

Depending on where you live, you may have the right to access, correct, export, restrict, or delete your personal data, and to object to certain types of processing. You can exercise most of these rights directly from your account settings or by emailing us at hello@pondari.app.

If you are based in the EU, the UK, or another jurisdiction with a data protection authority, you also have the right to lodge a complaint with that regulator.

The Service is not directed to children under 13 (or under 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

We may update this policy from time to time. When we make material changes, we will update the "last updated" date at the top of this page and, where appropriate, notify you in-app or by email before the change takes effect.

For any questions about this Privacy Policy, or to exercise your data rights, contact us at hello@pondari.app.