Privacy Policy

1. Introduction

TriggerFlo ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our productivity and task management platform, including our website, desktop applications, and mobile applications (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you create an account, we collect your name, email address, and password.
• Profile Information: Optional information such as profile picture and display preferences.
• User Content: Projects, tasks, comments, time entries, and other data you create within the Service.
• Payment Information: If you subscribe to Pro features, we collect billing information through our secure payment processor (Stripe). We do not store your full credit card number.
• Communications: When you contact us for support, we collect the information you provide.

2.2 Information Collected Automatically

• Usage Data: Information about how you use the Service, including features accessed, actions taken, and time spent.
• Device Information: Device type, operating system, browser type, and unique device identifiers.
• Log Data: IP address, access times, pages viewed, and referring URLs.
• Cookies: Small data files stored on your device to improve your experience (see Section 7).

2.3 Information from Third Parties

• OAuth Providers: If you sign in using Google or other OAuth providers, we receive your name and email from those services.
• Team Invitations: When invited to a team, we may receive your email address from the inviting user.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process transactions and send related information
• Send you technical notices, updates, and support messages
• Respond to your comments, questions, and requests
• Monitor and analyze trends, usage, and activities
• Detect, investigate, and prevent fraudulent transactions and abuse
• Personalize and improve your experience
• Sync your data across devices
• Generate aggregated, anonymized analytics

4. Data Storage and Security

4.1 Data Storage

Your data is stored on secure servers provided by trusted cloud infrastructure providers. We use industry-standard encryption for data in transit (TLS/SSL) and at rest.

4.2 Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. You can request deletion of your account and associated data at any time.

4.3 Security Measures

• Encryption of data in transit and at rest
• Secure authentication with hashed passwords
• Regular security audits and updates
• Access controls and monitoring
• Secure payment processing through PCI-compliant providers

Important: While we implement reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

5.1 With Your Consent

We may share information when you explicitly consent, such as when sharing projects with team members.

5.2 Service Providers

We work with third-party service providers who help us operate the Service:

• Cloudflare: Hosting, CDN, and security services
• Stripe: Payment processing
• Neon: Database hosting
• Resend: Transactional email delivery

These providers are bound by contractual obligations to keep your information confidential and use it only for the purposes we specify.

5.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request.

5.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6. Your Rights and Choices

You have the following rights regarding your personal information:

6.1 Access and Portability

You can access your data through the Service. You may request a copy of your data in a portable format.

6.2 Correction

You can update your account information at any time through your account settings.

6.3 Deletion

You can delete your account and associated data through account settings or by contacting us. Some information may be retained for legal or legitimate business purposes.

6.4 Marketing Communications

You can opt out of marketing emails by clicking the unsubscribe link in those emails. You will still receive transactional emails related to your account.

6.5 Do Not Track

We do not currently respond to "Do Not Track" browser signals.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Keep you signed in
• Remember your preferences
• Understand how you use the Service
• Improve performance and security

Types of Cookies We Use

• Essential Cookies: Required for the Service to function (authentication, security)
• Preference Cookies: Remember your settings (theme, language)
• Analytics Cookies: Help us understand usage patterns

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. By using the Service, you consent to the transfer of your information to these countries.

We take appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy.

9. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you visit.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new policy on this page
• Updating the "Last Updated" date
• Sending you an email notification (for significant changes)

Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

• Email: support@triggerflo.app
• Website: https://triggerflo.app

13. Additional Rights for EU/EEA Residents

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Object: You can object to processing of your personal information
• Right to Restriction: You can request we restrict processing of your information
• Right to Lodge a Complaint: You can file a complaint with your local data protection authority

Our legal basis for processing your information includes: performance of our contract with you, our legitimate interests, and your consent.

14. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect
• Right to delete your personal information
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us using the information provided above.

15. Google Calendar Integration

TriggerFlo offers an optional integration with Google Calendar. When you connect your Google account, we request access to your Google Calendar data to provide the following features:

• Viewing your calendar events alongside your tasks and time entries
• Creating calendar events from within TriggerFlo
• Displaying event details including titles, times, descriptions, locations, attendees, and conference links

15.1 Google Calendar Data We Access

When you authorize the integration, we access:

• Calendar List: The names and identifiers of your Google Calendars
• Event Data: Event titles, descriptions, locations, start/end times, attendee email addresses, and conference/meeting links
• Basic Profile: Your Google account email address (used to identify your connected account)

15.2 How Google Calendar Data Is Stored

Your Google OAuth tokens (used to access the Calendar API on your behalf) are stored locally on your device using encrypted secure storage. Calendar event data is fetched on demand and displayed in the app; it is not uploaded to or stored on our servers. When you disconnect your Google account or delete your TriggerFlo account, all locally stored tokens are removed.

15.3 Limited Use Disclosure

TriggerFlo's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only use Google Calendar data to provide and improve the user-facing features described above.
• We do not transfer Google Calendar data to third parties, except as necessary to provide the Service, as required by law, or as part of a merger or acquisition with your prior consent.
• We do not use Google Calendar data for serving advertisements, including retargeting, personalized, or interest-based advertising.
• We do not sell Google Calendar data to data brokers, information resellers, or any other third parties.
• We do not use Google Calendar data to determine credit-worthiness or for lending purposes.

15.4 Human Access to Google Calendar Data

TriggerFlo personnel do not read or access your Google Calendar data unless:

• You have given us explicit permission for a specific support request
• It is necessary for security purposes, such as investigating abuse or a security incident
• It is required to comply with applicable law
• The data has been aggregated and anonymized for internal operations in accordance with applicable privacy law

15.5 Revoking Access

You can disconnect your Google Calendar integration at any time from the Integrations settings in TriggerFlo. You can also revoke TriggerFlo's access directly from your Google Account permissions page. Upon disconnection, all stored tokens are deleted from your device.