Privacy Policy

Planned – Privacy Policy
Effective date: August 27, 2025

This Privacy Policy explains how Planned (“the App”, “we”, “us”) collects, uses, and shares information when you use our iOS application and related websites or support channels.

Developer: Khandker Tafiqul Islam
Privacy contact: apps.rashad@gmail.com

If you do not agree with this Policy, please do not use the App.

1. Scope
   This Policy applies to:
   • The Planned iOS app and any in-app web views
   • Our website and support communications
   • AI/voice features you choose to use

2. Information we collect

A. You provide directly
• Account (optional): We use Firebase Authentication. Users start with anonymous sign-in; you may later link an email to your account (planned feature).
• Content you create: day planning data (e.g., tasks, titles, notes, due dates, lists, attachments) you add to the App.
• Support: messages and contact details when you email us.

B. From your device (with permission)
• Notifications: device token to deliver reminders.
• Microphone/voice: audio and/or transcripts when you use voice or AI features (see “AI & Voice Features”).
• Calendars/Reminders (if you enable import/sync): event/task metadata you choose to share.

C. Analytics, diagnostics, and technical data
• Usage & performance: device type, OS version, App version, feature interactions, crash logs, timestamps, and IP-derived general location. Collected primarily via Firebase.
• Session UX analytics: on our website and in certain in-app web views we use Microsoft Clarity for anonymized heatmaps and session replays; we configure masking to avoid capturing sensitive text where possible.
• Purchases: subscription status/entitlements, product identifiers, and receipts via Apple and RevenueCat (no payment card data).

We do not collect special category data (e.g., health) and do not collect precise location unless a feature explicitly needs it (e.g., location-based reminders, if added and enabled by you).

3. How we use information (purposes and legal bases)
   • Provide and operate the App (contract/performance): core planning features, reminders, widgets, sync, account/auth flows.
   • Maintain safety and reliability (legitimate interests): debugging, preventing abuse, securing accounts, improving performance.
   • Improve features and UX (legitimate interests): analytics, A/B testing, session UX analysis, crash diagnostics.
   • Communications (consent or contract): service messages and support responses. We do not send marketing newsletters.
   • Compliance (legal obligations): tax, accounting, fraud prevention, and responding to lawful requests.
   Where we rely on consent (e.g., optional permissions, AI/voice features), you can withdraw it at any time in iOS Settings or in-app (where available).

4. AI & voice features (Groq AI)
   If you use voice input or AI-assisted features, the App will process the audio and/or text only to fulfill your request (e.g., transcribe a command, generate a suggested plan).
   • Processor: Groq AI (Groq, Inc.).
   • What is sent: the prompt content necessary for the feature (e.g., text transcript and, if applicable, audio).
   • Our retention: we keep only what is required to deliver the feature and to store the resulting task/plan in your account if you confirm it.
   • Third-party handling: Groq processes the input to return a response subject to its own terms. We do not permit use for advertising.
   • Opt-out: simply do not use voice/AI features or disable them in Settings.

5. Sync, storage, and subscriptions
   • User content storage: Your day planning data is stored in Firebase (e.g., Firestore/Realtime Database). Data is encrypted in transit and at rest by the platform.
   • Authentication: Firebase Auth supports anonymous accounts; you may optionally add email later (planned).
   • Subscriptions: managed via Apple and RevenueCat. We receive subscription status/entitlements and receipts but never your full payment details (Apple processes payments).

6. Cookies and similar technologies
   • In-app: we do not use third-party cookies in native App screens. In web views or on our website, we may use essential and analytics cookies (e.g., Clarity) to understand usage and improve design.
   • You can manage cookie preferences via your browser settings for the website portion.

7. Sharing of information
   We do not sell personal information and we do not “share” it for cross-context behavioral advertising under the CPRA.

We share information only with:
• Service providers (processors) acting on our instructions and under contract to protect data:
– Google Firebase (analytics, crash reporting, authentication, database/storage)
– Microsoft Clarity (website and in-app web view UX analytics)
– Groq AI (processing AI/voice requests you initiate)
– RevenueCat (subscription entitlement management)
– Apple (App Store purchase processing)
– Email/support tools (e.g., our email provider) for support requests
• Legal and safety: where required to comply with law or protect rights, safety, and security.
• Business transfers: in case of a merger, acquisition, or asset sale, with appropriate safeguards.
We require our processors to implement security and confidentiality measures and to process data only as instructed.

8. International data transfers
   Your information may be processed and stored in countries other than where you reside (e.g., the United States or other regions where our processors operate). Where required, we use lawful transfer mechanisms (such as the EU Standard Contractual Clauses) and apply appropriate safeguards.

9. Data retention
   • User content (planning data): retained until you delete it (in-app tools where available) or request deletion.
   • Account data: retained while your account exists. Anonymous accounts may be pruned after periods of inactivity.
   • Analytics and logs: retained for 12 months, then aggregated or deleted.
   • Backups: routine backups are kept on a rolling basis for disaster recovery and are generally overwritten within 30 days.
   • Purchase/receipt data: retained as required by law.

10. Security
    We use reasonable and appropriate safeguards, including encryption in transit, platform encryption at rest, access controls, and monitoring. No method of transmission or storage is absolutely secure; we continually improve our protections.

11. Your choices and rights
    In the App / on your device
    • Permissions: You can revoke access to Microphone, Calendars, and Notifications in iOS Settings.
    • Export/Delete: Where available, use in-app tools to export or delete your data. Otherwise, contact us (see Section 14).

EEA/UK residents (GDPR)
You may have the right to request access, rectification, erasure, restriction, portability, and objection to certain processing, and to withdraw consent where processing is based on consent. We will respond within statutory timelines.

US state privacy laws (e.g., CA/VA/CO/UT/CT)
Depending on your state, you may have rights to access, delete, correct, opt out of targeted advertising/sale/profiling, and appeal decisions. We do not sell personal information or share it for cross-context behavioral advertising. We will not discriminate for exercising rights.
To exercise rights, see Section 14.

12. Children
    The App is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us and we will delete it.

13. Do Not Track
    Some browsers offer “Do Not Track” (DNT) signals. Because there is no consistent industry standard, we do not respond to DNT. We honor applicable opt-out rights provided by law.

14. How to contact us and make requests
    • Privacy requests (access/export/delete, etc.): email [insert privacy@yourdomain.com] from the address associated with your account.
    • Identity verification: we may ask for information to verify your request.
    • Response time: we will respond within the timeframe required by applicable law.

15. Changes to this Policy
    We may update this Policy from time to time. We will change the “Effective date” above and, if changes are material, we will provide a more prominent notice (e.g., in-app notice). Your continued use of the App after the effective date signifies acceptance of the updated Policy.

16. Summary of processors and roles (for transparency)
    • Google Firebase – Authentication (anonymous + optional email), Analytics, Crash Reporting, Database/Storage for user planning data.
    • Microsoft Clarity – Website and in-app web view UX analytics (heatmaps/session replays with masking configured).
    • Groq AI – Processes the content you submit for AI/voice features to return responses.
    • RevenueCat – Manages App Store subscription entitlements and validates receipts.
    • Apple (App Store) – Processes purchases.

17. Regional disclosures (California)
    Categories of personal information collected (as defined by the CCPA/CPRA): Identifiers (e.g., email if provided, device identifiers), Commercial information (subscriptions), Internet/Network information (usage, diagnostics), Geolocation (coarse IP-derived), Inferences (feature usage patterns), and Audio (voice inputs you choose to submit).
    Sources: you, your device, and our service providers.
    Business purposes: as described in Sections 3–7.
    Disclosure for business purposes: to service providers listed in Section 16.
    Sale/Share: we do not sell personal information and do not share it for cross-context behavioral advertising.
    Sensitive personal information: we do not use or disclose SPI for the purpose of inferring characteristics.