Overview
Your privacy is fundamental to the ZenToDo philosophy. We believe your workspace should be a sanctuary, free from surveillance and data exploitation. This policy outlines exactly what we collect, why, and how we protect it.
Commitment to Privacy
We are committed to transparency and your control over personal data. This policy complies with GDPR, CCPA, and other global privacy regulations. We do not sell your data.
Data Collection
We collect only what is necessary to provide our services:
Identity Data
- Email address
- Display name
- Profile picture
- Authentication provider ID
Workspace Data
- Task titles & descriptions
- Completion timestamps
- Focus session duration
- Quiz & Poll results
Telemetry & Performance
- Device type & OS
- Browser version
- Crash reports
- Page load metrics
Security Protocols
Encryption Standards
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. Our database infrastructure is hosted in secure, SOC2 compliant data centers.
Integrations & Privacy
ZenToDo connects with a small set of trusted third-party services to power calendar sync, notifications, whiteboarding, payments, and AI features. We design these integrations with a strict "least access" philosophy and never sell or share your data for advertising.
Google Calendar
When you connect Google Calendar, we request the minimum scope needed to read and create events for your primary calendar. OAuth tokens are stored in your browser session and our servers never see your Google password. You can revoke access at any time from Google Account > Security.
Slack
Slack is used to deliver optional workspace notifications (for example when tasks are completed). Notifications are sent via a secure incoming webhook URL. We do not read your Slack messages or channels beyond the target destination you configure, and you can revoke access from your Slack workspace at any time.
Notion
The Notion integration uses OAuth 2.0. Access tokens are stored on our servers in a restricted Supabase table and are not exposed to other users or client-side code. We only access the workspaces, databases, and pages you explicitly share with ZenToDo, and you can disconnect at any time from either Notion or your ZenToDo settings.
Excalidraw & Whiteboard
Our visual whiteboard is powered by the open-source Excalidraw canvas and runs entirely in your browser. Whiteboard content is stored in ZenToDo only when you choose to save it; we do not send your drawings to any Excalidraw-hosted servers.
Payments & Subscriptions
Paid plans are processed through Cashfree Payments in India. We do not store full card numbers or banking credentials on our servers; those are handled by Cashfree as the payment gateway. We store only subscription metadata (plan, billing period, status) and minimal transaction references needed for invoicing and fraud prevention.
Optional AI features may send snippets of your content to our AI providers (such as Groq, Moonshot, or Google) strictly for the purpose of generating responses. This data is not used to train public models, and we retain only what is necessary for usage accounting and abuse prevention.
Your Rights
Right to Access: Request a copy of all your data.
Right to Rectification: Correct inaccurate information.
Right to Erasure: Permanently delete your account and data.
Right to Portability: Export your tasks in JSON/CSV formats.
Contact
Have Questions?
Our Data Protection Officer is available to address any concerns regarding your privacy rights.