Privacy Policy

Welcome to Pomogolo ("we", "our", or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application available at https://pomogolo.com/ (the "Site") and any related services (collectively, the "Service").

This policy is intended to be transparent for users, payment partners, and infrastructure providers we rely on to run the Service. Please read it carefully. If you disagree with its terms, please discontinue use of the Service.

Information You Provide

• Account information: Name, email address, and profile details when you register (for example via email/password or Google OAuth) through our authentication integration with Better Auth, which is configured to work with our backend.
• User-generated content: Project names, tags, to-do items, session titles, time-block data, invites, and any other content you create within the app.
• Payment-related information: When you purchase a subscription, payment details are collected and processed by Dodo Payments (our payment processor). We do not store your full payment card numbers on our systems; we may receive limited payment metadata from Dodo Payments as described in Section 5.
• Communications: If you contact support, we collect the information you send (for example your email address and message content).

Information Collected Automatically

• Usage and session data: Pomodoro session timestamps, durations, completion and abandonment events, focus minutes, productivity streaks, and similar statistics generated as you use the Service.
• Device and technical data: Browser type, operating system, IP address, time zone, language preferences, and similar technical identifiers needed to operate and secure the Service.
• Log data: Pages or screens viewed, features used, error logs, and performance diagnostics.
• Cookies and similar technologies: Session tokens, authentication cookies (or equivalent), and local storage used to keep you signed in and remember preferences.

We process personal information to:

• Provide, operate, secure, and improve the Service.
• Create in-app productivity statistics and insights from your sessions (for example, charts, summaries, and streaks).
• Authenticate your account and manage sessions.
• Process payments and manage subscriptions through Dodo Payments.
• Send transactional communications related to your account (for example, invite notifications and, where applicable, payment or subscription notices from our processors or email providers).
• Respond to customer support requests.
• Detect, prevent, and address fraud, abuse, and technical issues.
• Analyse aggregated or de-identified usage trends to improve the Service.
• Comply with legal obligations and enforce our terms.

If you are in the European Economic Area, United Kingdom, or Switzerland, we process personal data on one or more of the following legal bases under applicable law:

• Performance of a contract — to provide the Service you requested (for example account access, syncing your data, and billing).
• Legitimate interests — to secure the Service, prevent abuse, understand how features are used in aggregate, communicate about the Service, and improve reliability (balanced against your rights).
• Consent — where required for specific optional processing (for example certain cookies or marketing, if we offer them and you opt in). You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Legal obligation — where we must retain or disclose information to comply with applicable law.

Paid subscriptions are processed by Dodo Payments, which acts as a payment service provider. When you pay:

• Sensitive payment details (such as full card numbers) are collected directly by Dodo Payments through their checkout flows and are handled according to their policies and industry security standards.
• We may receive limited information from Dodo Payments to operate your subscription (for example transaction references, subscription status, customer identifiers Dodo assigns, and masked card details such as the last four digits, where available).
• Your use of Dodo Payments' services is also subject to their terms and privacy policy; see dodopayments.com for current documentation.

We use trusted service providers ("subprocessors") to operate the Service. They may process personal data only as instructed by us and for the purposes described in this policy. Key providers include:

• Convex (convex.dev) — hosts our backend application logic and database; stores account data and user-generated content and powers real-time sync. See Convex's privacy notice at convex.dev/legal/privacy.
• Better Auth — provides authentication capabilities used with our Convex deployment (for example OAuth and credential flows as configured).
• Dodo Payments — payment processing and subscription management as described in Section 5.
• Cloud infrastructure — the Site and related assets may be delivered through edge or hosting providers (for example CDN or serverless hosting) so that the Service loads quickly and securely.

Our service providers may process or store information in the United States and other countries where they operate. If we transfer personal data from the EEA, UK, or Switzerland to countries not deemed to provide an adequate level of protection, we rely on appropriate safeguards where required (such as the UK IDTA / EU Standard Contractual Clauses, or another lawful transfer mechanism). You may contact us for more information about these safeguards.

We do not sell your personal information. We may disclose information only as follows:

• Service providers: As described in Section 6 (including Convex, authentication, payments, and hosting).
• Project collaborators: If you invite members to a project, your display name and information needed for collaboration may be visible to those members within the shared project context.
• Legal and safety: If we believe disclosure is required by law, regulation, legal process, or governmental request, or to protect the rights, safety, and security of us, our users, or the public.
• Business transfers: In connection with a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction, subject to appropriate confidentiality obligations.
• With your direction: When you ask us to share information or integrate with a feature you choose.

We retain personal data for as long as your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Unless you delete content or request erasure sooner, session and productivity data may be retained for up to two years from creation, after which it may be deleted or aggregated where no longer needed.

You may request deletion of your account and associated personal data by contacting hi@pomogolo.com. Some information may persist in backups for a limited period or where we must retain it by law.

Depending on your location, you may have rights regarding your personal data, including to:

• Access — request a copy of the personal data we hold about you.
• Correction — request correction of inaccurate data.
• Deletion — request deletion of your personal data, subject to exceptions.
• Portability — request a machine-readable copy of certain data you provided.
• Objection / restriction — object to or ask us to restrict certain processing.
• Withdraw consent — where processing is based on consent.
• Lodge a complaint — with a supervisory authority in your country (EU/UK residents).

To exercise these rights, email hi@pomogolo.com. We will respond within a reasonable period, and within 30 days where required by applicable law (extensions may apply for complex requests).

We use the following categories:

• Strictly necessary: Required for authentication, security, and core app functionality.
• Preferences: Remember settings such as timer preferences where we store them in the browser.
• Analytics (if used): Help us understand usage in an aggregated form. Where analytics cookies are not strictly necessary, we will obtain consent where required by law.

You can control cookies through your browser settings. Blocking strictly necessary cookies may prevent parts of the Service from working.

We implement technical and organisational measures designed to protect personal information, including encrypted transmission (TLS), access controls, and least- privilege practices for administrative access. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

The Service is not directed to children under 13 (or the higher age required in your jurisdiction for valid consent). We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will take steps to delete it.

The Service may link to third-party sites. We are not responsible for their content or privacy practices. Review their policies before providing information.

We want you to be satisfied with Pomogolo. If you are not happy with your purchase, the following terms apply:

15-Day Money-Back Guarantee

• Eligibility: All new paid subscriptions (monthly or annual) are eligible for a full refund if requested within 15 days of the initial charge date.
• How to request: Email hi@pomogolo.com with the subject line "Refund Request" and include your registered email address and reason for the refund. We aim to process requests within 3–5 business days; timing may depend on your bank or card issuer.
• Renewals: Refunds are not available for subscription renewal charges after the initial 15-day window. You may cancel your subscription at any time to prevent future charges; access continues until the end of the then-current billing period unless otherwise stated at checkout.
• Partial periods: We do not pro-rate or refund partial billing periods for mid-cycle cancellations unless required by law.
• Abusive use: We may deny refund requests where we detect abuse of this policy (for example repeated sign-up and refund cycles).

Cancellation

You may cancel your subscription from your account settings where available, or by contacting support at hi@pomogolo.com. Cancellation stops future billing; you generally retain paid-feature access until the end of the current billing cycle unless your plan terms state otherwise.

Free Trial

New accounts may receive a 30-day free trial of Pro features where we offer one — no credit card required unless we disclose otherwise at signup. At the end of the trial, access reverts to the free plan unless you subscribe. No charge is made during the trial period.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify you via email or an in-app notice where appropriate. Continued use of the Service after the effective date of changes constitutes acceptance of the updated policy, except where prohibited by law.

Questions about this Privacy Policy or our data practices: