Privacy Policy

Last updated: July 3, 2026

This Privacy Policy explains how bytesvibe ("we") handles personal data when you use todo.bytesvibe ("the Service"). We follow the principles of the EU GDPR: collect only what we need, use it for a clear purpose, and delete it when it's no longer required.

1. What we collect

  • Account data: email address, full name, avatar image.
  • Workspace content: projects, tasks, comments, attachments, labels, time entries, and other data you submit through the product.
  • Operational metadata: sign-in timestamps, IP address at sign-in, device/browser user-agent — used for security and abuse detection.
  • If you connect an integration (Google, Slack), we store the OAuth tokens needed to call that service on your behalf.

2. How we use it

To provide the Service, secure your account, send transactional email (verification, password reset, notifications you enabled), and improve the product through aggregate, non-identifying usage analysis.

3. Data processors

We use the following subprocessors. Each is bound by a data processing agreement:

  • Supabase — hosted Postgres database, authentication, file storage, and edge functions. Data is stored in the EU region.
  • Lovable Cloud — application hosting and content delivery for the published site.

We do not sell personal data. We do not share it with advertisers or data brokers.

4. Cookies

The Service uses first-party cookies and browser storage that are strictly necessary to keep you signed in and remember interface preferences. We do not currently run third-party advertising, marketing, or cross-site tracking cookies. If we add analytics in the future, we will surface a consent notice before any non-essential cookie is set.

5. Retention

We keep account and workspace data for as long as your account is active. When you delete your account, we remove your personal data within 30 days, except where retention is required by law (e.g. accounting records). Backups are purged on the next rotation cycle.

6. Your rights

You can access, export, correct, or delete your data from the settings area, or by emailing connect@bytesvibe.com. You may also lodge a complaint with your local data protection authority.

7. Security

Data is encrypted in transit (TLS) and at rest. Access is protected with row-level security policies scoped to your workspace membership. We regularly review our security posture and welcome responsible disclosure at connect@bytesvibe.com.

8. Contact

Data controller: bytesvibe. For any privacy question contact connect@bytesvibe.com.