Privacy Policy

Todello is operated by the project owner as an individual-run product. Privacy, account, deletion, export, and legal requests can be sent to support@todello.app.

Todello collects account details such as name, email, password hash, OAuth account details, session state, two-factor settings, recovery-code hashes, sign-in metadata, and security events. Workspace data includes tasks, descriptions, projects, sections, labels, filters, reminders, Pomodoro sessions, time entries, time blocks, settings, invite records, and sync metadata. The browser also stores local app data for offline use, preferences, theme, sidebar state, and cookie choices.

Data is used to create and secure accounts, keep users signed in, sync tasks, preserve settings, provide collaboration and invites, prevent abuse, deliver transactional email, support two-factor authentication, monitor reliability, troubleshoot errors, answer support requests, and maintain the service.

Todello does not sell workspace data. Limited providers may process data for hosting, database storage, authentication, transactional email, rate limiting, bot protection, error monitoring, analytics if enabled, and support. Current planned providers include Vercel, Postgres hosting such as Neon or Supabase, Resend, Upstash, Cloudflare Turnstile, Sentry, Google OAuth if enabled, and Auth.js/NextAuth.

Necessary cookies and local storage support authentication, security, preferences, offline task data, and abuse prevention. Optional analytics, performance measurement, and browser diagnostics run only after consent. See the Cookie Policy.

Account and workspace data is kept while the account is active or while needed to operate, secure, back up, or legally protect the service. Users can request deletion, export, or correction by email. Some deleted records may remain in backups, logs, security records, or sync tombstones for a limited period before they age out.

Todello uses password hashing, session protections, rate limits, bot checks, two-factor authentication support, encrypted two-factor secrets, HTTPS in production, and provider security controls. No online service can guarantee perfect security.

Todello is not intended for children under 13. If a child has provided personal information, contact support so it can be reviewed and deleted.

Users can update account details in settings, change cookie preferences, disconnect supported providers, request data export, request correction, or request account deletion. Some requests may require identity verification.

This policy may change as Todello evolves. Material changes will be reflected by updating the date on this page and, when appropriate, adding in-app or email notice.