Privacy Policy

This Privacy Policy describes how UX Things GmbH ("we", "us", "our") collects, uses, and shares your personal information when you use doneframe ("Service", "App").

By using doneframe, you agree to the collection and use of information in accordance with this policy.

UX Things GmbH
Große Rittergasse 5
60598 Frankfurt am Main
Germany

Managing Director: Filip Grkinic
Registration Court: Amtsgericht Frankfurt am Main
Registration Number: HRB 137053
VAT ID: DE452265250

Contact: filip@uxthings.com

2.1 Information You Provide

• Account Information: When you create an account via Google Sign-In, we collect your email address and name from your Google account.
• Todo Data: Tasks, notes, priorities, and related information you create within the app.
• Calendar Data: When you connect your Google Calendar, we access and store calendar events (title, time, location, meeting links) to display them alongside your tasks.

2.2 Information Collected Automatically

• Usage Data: Information about how you interact with the app, including features used and time spent.
• Device Information: Browser type, operating system, and IP address (collected by our hosting provider).
• Log Data: Server logs containing timestamps and request information for security and debugging purposes.

2.3 Cookies and Similar Technologies

We use authentication tokens (stored in your browser's local storage) to keep you signed in. No tracking cookies are currently used.

We use the collected information for:

• Providing the Service: To create and manage your account, sync your calendar, and deliver core functionality.
• Improving the App: To understand how users interact with doneframe and improve features.
• Communication: To send you service-related notifications (e.g., account updates, security alerts).
• Security: To protect against fraud, abuse, and unauthorized access.
• Legal Compliance: To comply with applicable laws and regulations.

We do not sell your personal data. We may share your information only in the following circumstances:

4.1 Service Providers

• Google LLC: For authentication and calendar integration (Google OAuth 2.0).
• Hetzner Online GmbH: Our hosting provider for data storage (servers located in EU Central, Helsinki).
• Vercel Inc.: Hosting provider for our frontend application.
• Postmark (Wildbit LLC): For transactional emails (when implemented).
• MailerLite: For promotional emails, only if you explicitly subscribe (when implemented).

4.2 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities.

4.3 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice before your data is transferred.

Location: Your data is stored on secure servers operated by Hetzner Online GmbH in the European Union (Helsinki data center).

Security Measures: We implement appropriate technical and organizational measures to protect your data, including:

• Encrypted connections (HTTPS/TLS)
• Secure password hashing (bcrypt)
• Regular security updates
• Access controls and authentication
• Regular backups

Data Retention: We retain your personal data as long as your account is active or as needed to provide you services. You can request deletion of your account at any time.

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of Access: You can request a copy of your personal data.
• Right to Rectification: You can correct inaccurate personal data.
• Right to Erasure: You can request deletion of your personal data ("right to be forgotten").
• Right to Restriction: You can request that we limit how we use your data.
• Right to Data Portability: You can request your data in a machine-readable format.
• Right to Object: You can object to our processing of your personal data.
• Right to Withdraw Consent: You can withdraw consent for data processing at any time.

To exercise any of these rights, contact us at filip@uxthings.com.

Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of alleged infringement.

When you connect your Google Calendar:

• We request read-only access to your calendar events.
• We store event details (title, time, location, meeting links) to display alongside your tasks.
• We do not modify, delete, or create calendar events.
• You can disconnect Google Calendar at any time from your account settings.
• We comply with Google's API Services User Data Policy.

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal data, please contact us.

Your data is primarily stored and processed within the European Union. However, some of our service providers (such as Google and Vercel) may process data outside the EU. When data is transferred outside the EU, we ensure appropriate safeguards are in place in accordance with GDPR, such as Standard Contractual Clauses.

doneframe is currently in beta/early access. While we take security seriously and implement industry-standard protections, please be aware that the service is under active development. We recommend not storing sensitive or critical information until the service reaches full production status.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Significant changes will be communicated via email.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Email: filip@uxthings.com
Address: UX Things GmbH, Große Rittergasse 5, 60598 Frankfurt am Main, Germany

For GDPR-related inquiries or to exercise your data protection rights, please use the same contact information.