Last updated: June 2026.
What we collect: your email, a hashed password, your planner data, and your Stripe customer reference when you upgrade.
Where it lives: EU-hosted infrastructure. Encrypted in transit (HTTPS). Passwords are hashed by our auth provider — we never see them.
Who can see it: only you. Row-level security scopes every database row to your account. No other user can read it. No employee accesses it outside of explicit incident response.
What we don't do: we don't sell your data, we don't share it with third parties for marketing, we don't send promotional emails by default.
Stripe: payment processing is handled by Stripe. We never see your full card details.
Your rights (GDPR/UK GDPR): you can export, correct or delete your data at any time from Settings. Deletions are processed within 24 hours.
Contact: reply to any email from us — every receipt and notification comes from a real inbox.