Privacy Policy

Last Updated: February 6, 2026

This Privacy Policy explains how Octodoro collects, uses, and discloses personal information when you use our website, app, and related services. By using Octodoro, you agree to this policy.

Information We Collect

  • Account data: Name, username, email address, hashed password (for credentials login), and profile image (if provided through Google sign-in).
  • Authentication and security data: Session and verification data needed for sign-in, account security, and fraud prevention.
  • Study and productivity data: Timer activity, session history, reflections, focus/satisfaction ratings, tasks, XP, levels, streaks, and coins.
  • Social data: Friend relationships, clan membership, lobby participation, inbox notifications, and leaderboard records.
  • Subscription data: Premium status, Stripe customer ID, and subscription ID. We do not store full payment card numbers.
  • Technical data: Basic device, log, and request metadata (such as IP address) generated through normal operation of web infrastructure.

How We Use Information

  • Provide and maintain core features, including timer, tasks, social systems, and leaderboards.
  • Authenticate users, secure accounts, and detect abuse or policy violations.
  • Process subscriptions and account status updates for premium features.
  • Generate progress insights, reports, and optional AI outputs you request.
  • Respond to support requests and comply with legal obligations.

Legal Bases (EEA/UK Users)

  • Contract: To provide services you request and manage your account.
  • Legitimate interests: To improve product quality, reliability, and security.
  • Consent: Where required by law, including optional features you choose to use.
  • Legal obligation: To comply with applicable legal and regulatory requirements.

AI Features and Data Use

Octodoro offers optional AI features (for example, session summaries and coach chat). When you use these features, we send selected study activity data to our AI provider (currently OpenAI) to generate a response.

Data Sent for AI Requests

Depending on the feature, AI requests may include:

  • Session logs: Date, duration, and mode of recent sessions.
  • Reflection fields: The optional description you enter after sessions.
  • Ratings: Focus and satisfaction ratings when provided.
  • User prompt: Your question in AI chat mode.

How We Limit AI Data Use

  • Purpose limitation: Data is shared only to provide the AI feature you requested (for example, generating a session summary or answering your coach question).
  • No direct account IDs in prompts by default: We do not intentionally include direct account identifiers such as your email address in AI prompts.
  • Encrypted transport: AI requests are sent over encrypted connections.

Your Choices and Responsibilities

  • You can use Octodoro without AI features. If you do not want this data sent to the AI provider, do not use AI summary or chat features.
  • Do not submit sensitive personal information in reflections or chat prompts (for example, health records, financial account details, or government ID numbers).
  • AI outputs may contain mistakes and should be reviewed before relying on them.

By using Octodoro AI features, you instruct us to process and send the data described above to generate AI outputs for you.

Cookies and Local Storage

We use essential cookies and similar technologies to keep you signed in, protect accounts, and operate core product functionality.

We also use browser local storage for app settings and timer preferences. Some third-party services you choose to use (such as Google sign-in or Stripe checkout) may set their own cookies under their policies.

Sharing and Disclosure

  • Service providers: Hosting and infrastructure providers, MongoDB, and email delivery vendors.
  • Authentication providers: Google and email authentication services.
  • Payments: Stripe for subscription billing and customer portal management.
  • AI provider: OpenAI for requested AI summaries and coaching chat.
  • Legal requirements: When required to comply with law or valid legal process.
  • Business transfers: If part of a merger, acquisition, or asset sale, subject to legal safeguards.

International Transfers

Your information may be processed in countries other than your own. Where required, we use appropriate safeguards for cross-border data transfers.

Security and Retention

We use technical and organizational measures designed to protect personal information. We retain data only as long as needed for legitimate business purposes, legal obligations, dispute resolution, and service integrity.

Your Rights and Choices

  • You may request access to, correction of, or deletion of your personal information.
  • You may request a copy of your data, where applicable, under local law.
  • You may object to or request restriction of certain processing in some jurisdictions.
  • You can manage subscription settings through Stripe's customer portal.
  • We may verify your identity before processing requests.

Octodoro is not directed to children under 13. If you believe a child under 13 has provided personal information, contact us so we can review and remove it as appropriate.

Contact Us

For privacy requests or questions, email us at octodoro@gmail.com.

Email Privacy Team

We may update this policy from time to time. Material changes will be posted here with an updated effective date.