FlexiPlanner Privacy Policy
1. Operator / Data Controller
Data Controller: Onur Şentürk (individual developer)
Location: Netherlands
Contact: In-app “Leave Feedback” (secure channel)
We keep data handling minimal, do not sell data, and do not use your information for advertising or analytics.
2. What Information We Collect
We only collect data necessary for the service to function.
2.1 Account Information
- Email address
- Password (securely hashed using industry-standard methods)
This allows you to create and access your account.
2.2 Content You Create
Tasks, lists, schedules, and attachments you upload. Stored only to provide the service functionality.
2.3 Optional Third-Party Integrations
If you connect Google Tasks, we process:
- Google OAuth tokens (stored encrypted)
- Task data you choose to sync
Tokens are used only to sync data at your request.
2.4 Technical Logs
Automatically generated logs may include:
- IP address
- Browser/device type
- Error codes
- Server events
These are used only for security and troubleshooting, not profiling.
2.5 Cookies / Local Storage
We use:
- Authentication tokens (to keep you logged in)
- UI preferences (e.g., dark mode)
Legal basis: These are essential for providing the service and do not require additional consent. No advertising or tracking cookies are used.
3. Where Your Data Is Stored
Your data is hosted exclusively in Microsoft Azure:
- West Europe (Netherlands)
- Sweden Central
Azure services used:
- Azure Static Web Apps (front-end hosting)
- Azure App Service (API/backend)
- Azure Database for PostgreSQL Flexible Server (database)
Microsoft acts as a data processor and provides enterprise-grade security and GDPR compliance.
Data transfers outside the EEA: Only occur if required by integrations (e.g., Google). Such transfers rely on EU-approved safeguards, including Standard Contractual Clauses.
4. How We Use Your Information
We use your information only to:
- Provide requested features (task storage, sync, notifications)
- Authenticate your account
- Sync with external services you connect
- Ensure security and prevent abuse
- Resolve bugs or issues
- Maintain reliable service operation
We do not:
- Sell or rent personal data
- Use data for advertising
- Train AI models on your data
- Share data with third parties for marketing or analytics
Automated processing is limited to functional features (e.g., syncing data you create).
5. Legal Bases for Processing (GDPR)
We process your personal data under the following legal bases:
- Performance of a contract (Art. 6(1)(b)): Account, task storage, notifications
- Consent (Art. 6(1)(a)): Optional integrations like Google Tasks
- Legitimate interest (Art. 6(1)(f)): Security logs, abuse prevention
- Legal obligation (Art. 6(1)(c)): If required by law
6. How Long We Keep Your Data
Account data: Kept while your account is active.
User-generated content: Kept until deletion.
Backups: Azure automated backups retained up to 35 days. Deleted data may remain until backup expiration.
Inactive accounts: Accounts unused for 12 months may be flagged for deletion, with prior notice.
Deleted data in backups: Will be permanently removed after backup expiration.
7. Your Rights (EU/UK GDPR)
You have the right to:
- Access your data
- Correct inaccurate data
- Delete your account (“right to be forgotten”)
- Export your data in a machine-readable format
- Restrict processing
- Object to processing
- Withdraw consent (for integrations like Google Tasks)
Response timeframe: We will respond to your privacy requests within 30 days via the in-app “Leave Feedback” system.
8. Data Security
We use Microsoft Azure’s enterprise-grade infrastructure:
- Encryption in transit (HTTPS/TLS)
- Encryption at rest (Azure-managed)
- Secure password hashing
- Access control and audit logs
- Regular security updates
No online service can guarantee perfect security, but we apply reasonable and industry-standard measures.
9. Data Processors
We rely on:
- Microsoft Azure: Static Web Apps, App Service, Azure Database for PostgreSQL, backups, and logging
- Google (if integrated): Only for syncing tasks, with your explicit consent
Processors are not allowed to use your data for their own purposes.
10. Data Breaches
In case of a breach that may impact your rights and freedoms:
- You will be notified promptly via the in-app feedback channel or email if available.
- Relevant authorities will be notified within 72 hours, as required by GDPR.
11. Children’s Privacy
FlexiPlanner is not intended for children under 16. If a minor has created an account, we will delete it immediately upon verification via the in-app feedback channel.
12. Changes to This Policy
We may update this policy due to service or legal changes. Material updates will be highlighted with a new effective date. Users are encouraged to review this page periodically.
13. Contact
For data access, deletion, or other privacy questions, use the in-app “Leave Feedback” method. Email support is not provided.
14. Use at Your Own Risk / Limitation of Liability
FlexiPlanner is provided “as is” and “as available”. By using the service, you acknowledge and agree that:
- You use the platform at your own discretion and risk.
- We are not responsible for any direct, indirect, incidental, or consequential damages arising from use of the app, including but not limited to loss of data, loss of functionality, errors in task management, or any damages resulting from third-party integrations.
- We do not guarantee uninterrupted, error-free, or secure operation.
- Your use of any content, tasks, or attachments within FlexiPlanner is entirely your responsibility.
By continuing to use FlexiPlanner, you accept all risks associated with using the platform and waive any claims against the operator for issues arising from normal use of the service.