Privacy Policy

Overview

Pomofy is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information.

Information We Collect

Account Information (Premium Users):

• Email address (for account creation and authentication)
• Account ID (generated by Firebase Authentication)
• Subscription status (active, canceled, trial)
• Subscription start and renewal dates

Payment Information:

We use Stripe for payment processing. We do NOT store your payment information on our servers. Stripe collects and processes:

• Credit/debit card information
• Billing address
• Transaction history

Stripe's handling of your payment data is governed by their Privacy Policy.

Analytics Data (Google Analytics):

We use Google Analytics to understand usage patterns:

• Device information (browser, OS, screen resolution)
• Usage information (page views, session duration)
• Geographic location (country/city only)
• Timer events (starts, pauses, completions)

Local Storage:

• Timer state and preferences
• Theme and audio settings
• Custom durations

Session History (Premium Users):

• Completed Pomodoro sessions (last 30 days)
• Session timestamps and durations
• Session types (focus, break, long break)

How We Use Your Information

• Provide and maintain the Service
• Process subscription payments and renewals
• Send service-related emails (subscription confirmations, receipts, cancellations)
• Authenticate your account and verify your identity
• Store and sync your premium features (session history)
• Understand how users interact with Pomofy
• Improve features and user experience
• Monitor performance and fix bugs
• Comply with legal obligations

Email Communications:

We will only send you:

• Subscription confirmation and receipts
• Payment failure notifications
• Subscription renewal reminders
• Important service updates (rare)

We do NOT send marketing emails or newsletters.

Data Sharing

We do not sell or rent your information.

We share data only with trusted service providers:

• Stripe: Payment processing (see Stripe Privacy Policy)
• Firebase (Google): Authentication and database hosting (see Firebase Privacy Policy)
• Google Analytics: Usage analytics (see Google Privacy Policy)

These providers process data on our behalf under strict confidentiality agreements.

Data Security

We implement industry-standard security measures:

• All data transmission via HTTPS encryption
• Firebase Authentication for secure account access
• Stripe's PCI-compliant payment processing
• Anonymized IP addresses in Google Analytics
• Regular security updates and monitoring

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

Your Rights

You have the right to:

• Access Your Data: View your account information and session history in Account Settings
• Delete Your Account: Request account deletion via Account Settings (deletes all personal data)
• Export Your Data: Download your session history data
• Opt Out of Analytics: Use ad blockers or disable JavaScript
• Unsubscribe: Cancel your subscription at any time
• Control Cookies: Manage in browser settings

Data Retention

• Account Data: Retained while your account is active
• Session History: Premium users: 30 days rolling window, Free users: Local browser storage only
• Payment Records: Retained for 7 years (tax and legal requirements)
• Deleted Accounts: All personal data deleted within 30 days (except payment records for legal compliance)

GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in machine-readable format
• Right to Object: Object to processing of your data
• Right to Withdraw Consent: Withdraw consent at any time

Legal Basis for Processing:

• Contract performance (providing the Service)
• Legitimate interests (improving the Service, fraud prevention)
• Consent (analytics, optional features)

To exercise your rights, contact us via GitHub or email.

Children's Privacy

Pomofy is not intended for users under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

International Data Transfers

Your data may be transferred and processed in countries outside your country of residence, including the United States. These countries may have different data protection laws. By using the Service, you consent to such transfers.

Changes to Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated via email or Service notification. Continued use of the Service constitutes acceptance of the updated policy.

Contact

Questions? Contact us via GitHub.