TL;DR
The short version. Popodoro is offline-first. Your sessions live on your device. If you turn on sync, your data is end-to-end encrypted โ we cannot read your tasks, tags, or timestamps. We don't sell your data, we don't run ads, we don't embed third-party trackers.
What we collect
We collect the smallest amount of data we can to run Popodoro. Below is the complete list โ there is nothing else.
| Data | Why | Optional? |
|---|---|---|
| Email address | Account sign-in and password reset | Required only if you create an account |
| Handle (@you) | So buddies can invite you | Required for Pop Together |
| Encrypted session blobs | Sync between your devices | Optional โ sync is opt-in |
| Crash diagnostics | Fix bugs that affect focus | Optional โ off by default |
We do not collect: your location, your contact list, your calendar, your browsing history, your installed apps, or any device identifier beyond what's needed to deliver app updates.
How we use it
- Authentication. Your email and a securely-hashed password let you sign in across devices.
- Sync. Encrypted blobs are stored so your sessions appear on any device you sign in to.
- Pop Together. Your handle is visible to people you've added as buddies. Live presence is broadcast only while you're actively in a co-focus room.
- Service health. If you opt in, anonymous crash reports help us fix bugs faster.
Pop's "golden hours" intelligence runs on your device. The model that predicts your best windows never leaves your phone or laptop. We don't see your patterns, even in aggregate.
Who we share with
We work with a small number of sub-processors to keep Popodoro running. Each one has signed a DPA and is restricted to the specific function listed.
| Sub-processor | Purpose | Location |
|---|---|---|
| Cloudflare | CDN, DNS, DDoS protection | Global |
| Stripe | Payments for Pop Plus | USA |
| Postmark | Transactional email (verification, receipts) | USA |
| Hetzner | Encrypted blob storage | Germany |
We never sell your data. We never share it with advertisers. If a government requests data, we will fight unwarranted requests and notify you unless legally prohibited.
Sync & encryption
When you enable sync, Popodoro generates a private key derived from your password. Your data is encrypted on your device before it's uploaded. Our servers see ciphertext.
If you forget your password, we cannot recover your synced data. That's the trade-off for true end-to-end encryption. Keep a recovery code (Settings โ Account โ Recovery code) in a password manager.
Cookies & analytics
The Popodoro web app uses one cookie โ a session token โ when you're signed in. That's it. No analytics cookies, no fingerprinting, no third-party scripts.
The marketing site (this one) uses no cookies and no analytics. Server logs are kept for 7 days for abuse prevention, then permanently deleted.
Your rights
Wherever you are, you have these rights over your data:
- Access. Download everything we have on you, in machine-readable JSON, from Settings โ Account โ Download my data.
- Correction. Edit your email or handle anytime in Settings.
- Deletion. Delete your account from Settings, or use the direct link below โ no sign-in required.
- Portability. Your downloaded JSON can be imported into any app that supports the open
.pomodoroformat. - Objection. Opt out of any optional data collection in Settings โ Privacy.
Children
Popodoro is not directed at children under 13 (or under 16 in the EU/UK). We do not knowingly collect data from anyone in those age ranges. If you believe a child has created an account, contact us and we'll delete it immediately.
Changes to this policy
If we make material changes, we'll notify you in-app and by email at least 30 days before the change takes effect. Minor clarifications get logged in our changelog. The current version is always at the top of this page.
Contact
Email our privacy team at privacy@popodoro.app. For GDPR or CCPA requests, please use the subject line "Privacy request" so we can route it correctly. We respond within 7 days.
Our postal address: Popworks Inc., 2261 Market St #4521, San Francisco, CA 94114, USA.
Want to delete your account?
One link, no sign-in required. We purge everything within 7 days.