Privacy Policy

Last updated June 15, 2026

This Privacy Policy explains what personal data Todolu (“Todolu”, “we”, “us”) collects when you use the app at todolu.com, how we use it, and the choices you have. If you have any questions, email support@todolu.com.

Information we collect

We keep what we collect to what the app needs to work:

  • Account information — your email address, an optional display name, your language preference, and your security settings (a password hash or Google sign-in, and two-factor authentication if you turn it on).
  • Content you create — the tasks, categories, events, reminders and preferences you add in Todolu.
  • Google Calendar data — only if you choose to connect a Google account (see the next section).
  • Technical and diagnostic data — limited error and performance data that keeps the service reliable (see “Error and performance monitoring” below).

Google Calendar data

Connecting Google Calendar is optional. If you connect it, Todolu asks Google for permission to:

  • read your list of calendars and the events in them, so we can show them on Todolu’s calendar;
  • create, edit, move and delete events, when you make those changes in Todolu;
  • create, rename, delete and recolor your calendars, when you manage them from Todolu’s sidebar.

We use this access only to provide those features, and only when you ask. Your Google calendars and events are read live from Google each time you view them — we do not copy them into our database. The only thing we store is the secure access token that keeps your account connected (held by our authentication provider), plus a short-lived cache so the app stays responsive.

You can disconnect Google at any time from within Todolu (in the calendar sidebar, under your calendar accounts), and you can revoke Todolu’s access from your Google Account at myaccount.google.com/permissions. Disconnecting removes the stored token; it does not change any events already in your Google Calendar.

How we use Google data (Limited Use)

Todolu’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In plain terms: Todolu does not use Google Calendar data for advertising, does not sell it, and does not allow humans to read it except (a) with your consent, (b) for security purposes such as investigating abuse, or (c) to comply with the law.

Error and performance monitoring (Sentry)

To keep Todolu reliable and to fix problems quickly, we use Sentry (operated by Functional Software, Inc., d/b/a Sentry) to monitor application errors and performance. When something goes wrong or a page is slow, Sentry collects technical diagnostic data such as error messages, stack traces, a record of the actions leading up to the error, your browser, operating system and device type, the page path you were on, and the app version. This data is associated only with a pseudonymous internal user identifier, never your name or email address.

We deliberately do not collect your IP address (it is removed before the data ever leaves the app, and Sentry is also configured never to store it), and we do not use any session recording or session replay. The diagnostic data is stored in Sentry’s EU region (Frankfurt, Germany) and is kept for roughly 90 days before deletion. We rely on our legitimate interest in operating a secure, functioning service as the legal basis for this processing (Art. 6(1)(f) GDPR; equivalent provisions of the Swiss Federal Act on Data Protection). For details on how Sentry handles data as our processor, see Sentry’s privacy policy and sub-processor list.

Other services we rely on

We use a small number of trusted providers to run Todolu. Each processes data only as needed to provide its part of the service:

  • Vercel — application hosting and content delivery.
  • Neon — our managed PostgreSQL database, where your account and the content you create are stored.
  • Resend — sends transactional emails (email verification, invitations, reminders, event invitations).
  • Upstash — rate limiting that protects the service from abuse.
  • Google — the Calendar API, only if you connect Google Calendar.
  • Sentry — error and performance monitoring, as described above.

How long we keep your data

  • Account and content — kept until you delete the item or your account.
  • Google connection token — kept until you disconnect Google or delete your account.
  • Diagnostic data (Sentry) — roughly 90 days.

Your rights

Depending on where you live, you may have the right to access, correct, export or delete your personal data, and to object to or restrict certain processing. You can edit much of your account directly in the app, or contact us at support@todolu.com and we’ll help.

Changes to this policy

We may update this policy as the app evolves. We’ll post the new version here and update the date above.

Contact

For any privacy question or request, email support@todolu.com.