← Back to ToDone

Privacy Policy

Effective date: February 10, 2026. Last updated: February 12, 2026.

1. Overview

ToDone (“the Service”) is operated by todone.fyi. This Privacy Policy describes what information we collect, how we use it, and your rights with respect to it. By using the Service, you agree to the practices described in this policy. If you do not agree, do not use the Service.

The Service is provided on an “as-is” basis with no guarantees of availability, accuracy, or data retention. You assume all risk associated with your use of the Service and any data you store within it.

2. Information We Collect

We collect only the information necessary to provide the Service:

  • Account information: When you sign in via Google or GitHub OAuth, we receive your name and email address from those providers. When you register with email and password, we store your email address and a hashed (non-reversible) copy of your password.
  • Task and category data: Tasks, categories, stages, and related content you create within the Service are stored in our database.
  • Google Calendar data: If you choose to connect Google Calendar, the Service requests read and write access to your Google Calendar. This access is used solely to display and sync events you explicitly authorize. We do not store raw calendar event data beyond what is necessary to provide the sync feature.
  • Payment information: If you subscribe to a paid plan, billing details are collected and processed by our third-party payment processor (Stripe). We store only your Stripe customer ID, subscription status, and billing period dates. We never have access to your full card number.
  • Usage data: We may collect basic server logs (IP addresses, request timestamps) for security and debugging purposes. We do not run advertising analytics or sell usage data.

All information you provide is submitted voluntarily. You are solely responsible for the accuracy of information you provide. todone.fyi makes no representation that information you submit is accurate, complete, or current.

3. How We Use Your Information

  • To authenticate you and maintain your session.
  • To store and display the tasks and data you create in the Service.
  • To facilitate the Google Calendar integration you have authorized.
  • To respond to support requests sent to hello@todone.fyi.

We do not sell, rent, or share your personal information with third parties for advertising, marketing, or any commercial purpose.

4. Google API Scopes

The Service's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

When you connect Google Calendar, the Service requests the following OAuth scope:

  • https://www.googleapis.com/auth/calendar — read and write access to your Google Calendar, used only to display and sync calendar events within ToDone.

You may revoke this access at any time via Google Account Permissions. Revoking access will disconnect the calendar integration but will not delete your ToDone account or tasks.

5. Third-Party Services

The Service relies on the following third-party infrastructure:

  • Google — OAuth sign-in and Calendar API.
  • GitHub — OAuth sign-in.
  • Stripe — Payment processing. Billing details are collected and processed by Stripe. We do not store your full credit card number or payment credentials.
  • Neon — PostgreSQL database hosting. Your task and account data is stored on Neon servers.
  • Vercel — Application hosting and deployment.

Each provider operates under its own privacy policy. todone.fyi is not responsible for the data practices of these third parties.

6. Data Retention

Your data is retained for as long as your account exists. You may request deletion of your account and all associated data by emailing hello@todone.fyi. We will process deletion requests within a reasonable time.

We make no guarantee of data preservation. You are responsible for maintaining your own backups of any data you consider important. todone.fyi shall not be liable for any loss of data arising from service interruptions, technical failures, or account deletion.

7. Security

We implement reasonable technical measures to protect your data. However, no method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security. You use the Service at your own risk.

8. Children's Privacy

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact us at hello@todone.fyi and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy at any time. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

10. Disclaimer of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, TODONE.FYI SHALL NOT BE LIABLE FOR ANY UNAUTHORIZED ACCESS TO, ALTERATION, THEFT, OR DESTRUCTION OF YOUR DATA, WHETHER THROUGH SECURITY BREACH, NEGLIGENCE, TECHNICAL FAILURE, OR ANY OTHER CAUSE.

You assume all risk associated with the storage of your data in the Service. todone.fyi makes no guarantee of data preservation or integrity and is not responsible for any consequences arising from data loss or unauthorized access.

11. Contact

Questions about this Privacy Policy may be directed to hello@todone.fyi.