Privacy Policy

Last updated: December 4, 2024

1. Introduction

LogToDone ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Information You Provide

  • Account Information: Email address, name, and password when you create an account
  • Content: Tasks, notes, projects, and other content you create in the app
  • Payment Information: Billing address and payment details (processed securely by our payment provider)
  • Communications: Messages you send to us for support or feedback

Information Collected Automatically

  • Usage Data: Features used, actions taken, and time spent in the app
  • Device Information: Browser type, operating system, and device identifiers
  • Log Data: IP address, access times, and pages viewed
  • Cookies: Session cookies for authentication and preferences

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process transactions and send related information
  • Send technical notices, updates, and support messages
  • Respond to your comments and questions
  • Analyze usage patterns to improve user experience
  • Detect, prevent, and address technical issues
  • Protect against harmful or unlawful activity

4. AI Features and Data Processing

Our Service includes optional AI-powered features. When you use these features:

  • Relevant content is sent to AI providers (OpenAI, Anthropic, Google, or local models) for processing
  • AI providers process data according to their own privacy policies
  • We do not use your content to train AI models
  • You can disable AI features entirely in settings
  • You can choose to use local AI models (Ollama) for complete privacy

Your choice: AI features are opt-in. The core functionality of LogToDone works without any AI processing.

5. Data Storage and Security

We protect your data through:

  • Encryption: All data is encrypted in transit (TLS) and at rest (AES-256)
  • Isolation: Each user's data is stored in separate, isolated databases
  • Access Controls: Strict internal access policies and authentication
  • Backups: Regular encrypted backups with secure storage
  • Monitoring: Continuous security monitoring and incident response

Your data is stored on servers in the United States. We use industry-standard cloud providers with SOC 2 compliance.

6. Data Sharing

We do not sell your personal information. We may share your information only in these circumstances:

  • Service Providers: With vendors who assist in operating our service (payment processing, hosting, analytics)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly agree to share information

7. Third-Party Services

We use the following third-party services:

  • Authentication: Google OAuth, GitHub OAuth (for login)
  • Payments: Stripe (for subscription billing)
  • AI Providers: OpenAI, Anthropic, Google (optional, for AI features)
  • Analytics: Privacy-focused analytics (no personal data tracking)
  • Hosting: Cloud infrastructure providers

Each third-party service has its own privacy policy governing their use of your data.

8. Cookies and Tracking

We use cookies for:

  • Essential Cookies: Authentication and session management (required)
  • Preference Cookies: Remembering your settings like theme choice
  • Analytics Cookies: Understanding how you use the Service (optional)

We do not use advertising cookies or cross-site tracking. You can control cookies through your browser settings.

9. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate data
  • Deletion: Request deletion of your account and data
  • Export: Download your content in standard formats (Markdown, JSON)
  • Restrict Processing: Limit how we use your data
  • Object: Opt out of certain data processing activities

To exercise these rights, contact us at privacy@logtodone.com. We will respond within 30 days.

10. Data Retention

We retain your data for as long as your account is active. Upon account deletion:

  • Your content is deleted within 30 days
  • Backups are purged within 90 days
  • Some data may be retained for legal compliance (e.g., billing records for tax purposes)
  • Anonymized, aggregated data may be retained for analytics

11. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where required.

13. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information we collect and how it's used, the right to delete personal information, and the right to opt-out of the sale of personal information (we do not sell personal information).

14. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under GDPR including access, rectification, erasure, restriction, portability, and objection. Our legal basis for processing is contract performance and legitimate interests. You may lodge a complaint with your local supervisory authority.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use after changes indicates acceptance of the updated policy.

16. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

LogToDone

Email: privacy@logtodone.com

← Back to Home