Privacy Policy

Effective date: April 13, 2026

1. Introduction

Planist AI (“we”, “our”, “us”) respects your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you use our Service.

2. Information We Collect

Account Information

  • Email address (for authentication and communication)
  • Language preference

Content You Create

  • Notes, tasks, comments, and subtasks
  • Voice input transcriptions (processed client-side)
  • Custom templates

Usage Data

  • Focus session durations and timestamps
  • Device tokens for push notifications
  • General usage patterns

3. How We Use Your Information

  • AI Analysis — Your notes are sent to Google Gemini AI to extract tasks, detect mood, and generate insights.
  • Notifications — Device tokens are used solely to deliver push notifications you have opted into.
  • Communication — Your email is used for authentication (magic links) and important service updates.
  • Improvement — Aggregated, anonymized usage data may be used to improve the Service.

4. Data Storage & Security

  • Your data is stored in PostgreSQL databases with encryption at rest
  • All connections use HTTPS/TLS encryption
  • Authentication uses JWT tokens with short expiration times
  • Each user can only access their own data — strict server-side ownership verification on every API endpoint
  • OAuth state parameters are HMAC-signed to prevent tampering

5. Third-Party Services

We use the following third-party services:

  • Google Gemini AI — for note analysis and AI insights
  • Firebase Cloud Messaging — for push notifications
  • Google Calendar API — for calendar sync (opt-in only)

Each third-party service has its own privacy policy. We only share the minimum data necessary for each service to function.

6. Data Retention

  • Your data is retained as long as your account is active
  • Deleted content is permanently removed from our databases
  • You can export all your data at any time via the Settings page
  • Upon account deletion, all data is permanently deleted within 30 days

7. Your Rights

You have the right to:

  • Access — View and export all your data
  • Rectify — Edit or correct your information
  • Delete — Delete your account and all associated data
  • Portability — Export your data in JSON format
  • Withdraw consent — Disable push notifications or disconnect integrations at any time

8. Cookies & Local Storage

  • Authentication token — stored as an HTTP cookie for session management
  • Preferences — theme, language, timezone stored in localStorage
  • Focus timer state — stored in localStorage to survive page refresh

We do not use tracking cookies or third-party analytics cookies.

9. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes via email or in-app notification.

11. Contact

For privacy-related questions, contact us at privacy@planist.ai.