PlanDDay
Start free

Privacy Policy

Last updated: 28 May 2026

Privacy Policy#

Last updated: 28 May 2026

This Privacy Policy explains how PlanDDay ("Service") collects, uses, shares, and protects personal data.

1. Controller and contact#

The controller of personal data for PlanDDay is:

Žarko Dukić, Belgrade, Serbia (individual / fizicko lice) Contact email: planddayapp@gmail.com

If you are in the EEA or UK, you may also lodge a complaint with your local supervisory authority.

2. Scope#

This Policy applies to personal data processed when you:

  • create or use a PlanDDay account,
  • use web app functionality,
  • contact support,
  • subscribe to paid plans,
  • receive service communications.

3. Data we collect, purpose, and legal basis#

Where GDPR/UK GDPR applies, we rely on one or more legal bases below.

Data categoryExamplesPurposeLegal basis
Account and identity dataemail, hashed password / social auth identifieraccount creation, login, identity managementperformance of contract
User contentnotes, tasks, goals, questions, optional attachmentscore functionality, sync, backup, collaboration featuresperformance of contract
AI interaction dataprompts, selected workspace context sent for AI features, model outputs, AI usage metadataprovide AI features (for example research/assist), safety and abuse prevention, usage enforcementperformance of contract; legitimate interest
Subscription and billing metadataplan type, status, payment provider customer/subscription IDs, invoices metadatabilling, fraud prevention, entitlement enforcementperformance of contract; legal obligation
Device and technical dataIP, device/browser metadata, logs, error events, security eventssecurity, reliability, abuse prevention, diagnosticslegitimate interest
Communications datasupport emails, bug reports, feedbacksupport delivery, dispute handling, product qualityperformance of contract; legitimate interest
Marketing preferencesopt-in statesend product updates where allowedconsent

We do not sell personal data. We do not use private note/task content for third-party advertising.

4. How we use personal data#

We use personal data to:

  • provide and maintain the Service,
  • authenticate users and enforce access controls,
  • process subscriptions, billing, and plan limits,
  • monitor performance, detect abuse, and secure infrastructure,
  • respond to support requests and legal obligations,
  • send service notices and (if opted in) product updates.

5. Processors and recipients#

We share data only when necessary, including with processors acting on our instructions:

  • infrastructure and database provider (for example Supabase),
  • payment provider (for example Lemon Squeezy / payment processor),
  • AI model/API providers used to deliver AI features,
  • transactional email and operational tooling providers,
  • legal/compliance recipients when required by law.

We require processors to implement appropriate security and confidentiality obligations.

5.1 AI processing specifics#

When you use AI features, relevant inputs may be sent to third-party AI providers to generate responses.

Depending on the feature, this may include:

  • your prompt/instruction,
  • selected workspace context needed to answer the request,
  • technical and usage metadata required for safety, abuse prevention, and quota enforcement,
  • generated output returned to your workspace.

AI providers process this data under their own infrastructure and may store limited logs for reliability, security, abuse prevention, and legal compliance, subject to their contractual commitments with us.

You should avoid submitting unnecessary sensitive personal data to AI features unless required for your intended workflow. You should also avoid submitting confidential third-party data unless you have a valid legal basis and authorization to do so.

6. International transfers#

Some providers may process data outside your country, including outside the EEA/UK. When required, we rely on approved safeguards such as:

  • adequacy decisions,
  • Standard Contractual Clauses (SCCs),
  • other lawful transfer mechanisms.

You may request additional information about transfer safeguards via contact email.

7. Retention#

We retain data only as long as needed for the purposes above:

  • Account and content data: for the account lifetime, then deleted or anonymized within a reasonable period after valid deletion request, unless retention is legally required.
  • Billing and accounting records: retained for mandatory accounting/tax/legal periods.
  • Security and technical logs: retained for limited operational/security windows unless longer retention is required for incident investigation or legal defense.
  • Support communications: retained as needed for support continuity and legal protection.

8. Security measures#

We apply organizational and technical measures, including:

  • encryption in transit (HTTPS),
  • access controls and account isolation (including row-level access constraints where applicable),
  • least-privilege handling of infrastructure credentials,
  • logging and monitoring for security events,
  • optional local encryption/passcode features on supported clients.

No method of transmission or storage is 100% secure, but we continuously improve protections.

9. Your rights#

Depending on your jurisdiction (especially EEA/UK), you may have rights to:

  • access,
  • rectification,
  • erasure,
  • restriction,
  • portability,
  • objection (where processing is based on legitimate interest),
  • withdrawal of consent (for consent-based processing),
  • lodge a complaint with a supervisory authority.

To exercise rights, contact: planddayapp@gmail.com. We may request identity verification before fulfilling requests. Where required by law, we respond to valid rights requests within applicable legal deadlines.

10. Cookies and similar technologies#

The Service uses essential cookies and/or local storage for:

  • authentication/session handling,
  • security and abuse prevention,
  • core preferences and app functionality.

We do not use third-party advertising cookies for profiling. If non-essential cookies are introduced, consent mechanisms will be implemented where legally required.

11. Children's data#

The Service is not directed to children under the minimum age required by applicable law to provide valid consent for data processing in your jurisdiction. If you believe a child provided personal data unlawfully, contact us for removal.

12. Changes to this Policy#

We may update this Policy from time to time. For material changes, we will provide reasonable notice (for example in-app and/or by email). The "Last updated" date indicates the latest revision.

13. Contact#

Privacy requests and questions: planddayapp@gmail.com

Related legal documents