Privacy Policy

Effective date: May 10, 2026 · Last updated: May 10, 2026

TellDone ("we," "our," "us") is a voice-first planning application operated by an individual developer based in Romania. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our mobile applications (iOS, iPadOS, watchOS, macOS, Android) and cloud services (collectively, the "Service").

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Service.

1. Data We Collect

1.1 Account data

Email address: for account creation, login, password recovery, and email reports. If you create an account using Sign in with Apple and choose Apple's "Hide My Email" option, we receive a private relay address (@privaterelay.appleid.com) instead of your real address; we treat that relay address as your account email and never attempt to derive, look up, or correlate it with your real email.
Display name: optional, for personalization. If you sign in with Apple or Google and consent to share your name, we store it; you can edit or remove it in Settings at any time.
Password: stored as a bcrypt hash; we never store or see your plaintext password. Not collected if you sign in only with Apple or Google.
Locale and timezone: for language preferences, report scheduling, and date interpretation.
Sign in with Apple identifier: a stable, opaque user ID issued by Apple ("sub" claim) used solely to recognize you on subsequent logins.
Sign in with Google identifier: the Google account "sub" claim, your name (if granted), and your email, used solely to recognize you on subsequent logins. We request the minimum OpenID Connect scopes (openid, email, profile) and no additional Google scopes for sign-in.

1.2 Audio recordings

Voice notes you record within the app. Audio is uploaded to our servers for transcription and AI analysis.
Audio is converted to OGG/Opus format (compressed) and stored in encrypted object storage.
Audio is retained for in-app playback and can be deleted by you at any time.

1.3 Generated content

Notes: transcripts, titles, summaries, tags, priorities, created by AI from your voice.
Tasks: action items with deadlines, tags, priorities, statuses.
Events: calendar events with times, locations, attendees, recurrence rules.
Reports: daily, weekly, monthly, and yearly AI-generated productivity summaries.
Tags: auto-detected and user-created labels for organizing content.

1.4 User profile data

If you enable profile features (on by default, opt-out available), we extract observations from your voice notes to build a personal profile:

Names, occupation, interests, people you mention, behavior patterns, communication style.
This data is used solely to personalize AI reports and note analysis for you.
You can view, edit, or delete your profile at any time via the app.

1.5 Device data

Device identifier (UUID): generated by the app for multi-device sync and per-device authentication.
Platform and app version: for compatibility and debugging.
Push notification token (if enabled): for sending notifications.

1.6 Usage and diagnostic data

API usage logs: which features you use, request counts, token consumption (for quota management).
Error logs: technical errors for debugging (no personal content included).
We do not use third-party analytics SDKs, advertising trackers, or fingerprinting inside the apps.

1.7 Integration data

If you connect a third-party productivity service (Todoist, Notion, Things, Google Tasks, Google Calendar, Apple Calendar, Apple Reminders), we store, encrypted at rest:

The OAuth access token, refresh token (where issued), and token expiry timestamps for that integration.
The minimum identifiers needed to keep your TellDone items in sync with the corresponding external item:

Todoist: user ID, project IDs, task IDs.
Notion: workspace ID, bot ID, database/page IDs you explicitly granted access to during the Notion OAuth flow.
Google Tasks / Google Calendar: task list ID, task ID, calendar ID, event ID.
Apple Calendar / Apple Reminders: local event/reminder identifiers stored on-device only.

The content we send to or receive from these services is strictly limited to the fields you create in TellDone (title, notes, due date, tags, completion status). We do not pull arbitrary content from your Notion workspace, Todoist account, or Google account beyond what is needed to keep the items you created in TellDone in sync.

You can disconnect any integration at any time in Settings → Integrations. On disconnect, we revoke the relevant OAuth token with the third party (where the third party exposes a revocation endpoint), delete the stored token from our database, and stop syncing. External items previously created from TellDone are not automatically deleted from the third-party service; you can delete them in that service if you wish.

2. How We Use Your Data

The legal bases below are stated for the GDPR/UK GDPR; equivalent analysis applies under California, Swiss, and other comparable regimes.

Purpose	Data used	Legal basis
Provide the Service	Audio, account, content	Contract performance, Art. 6(1)(b)
Generate productivity reports	Notes, tasks, events, profile	Contract performance
Send email reports	Email, notes, tasks	Consent (opt-out via settings)
Multi-device sync	All content, device ID	Contract performance
Third-party integrations	Items you sync,	Consent (user-initiated
(Todoist, Notion, Google,	OAuth tokens	connection per integration)
Apple, Things)
Sign in with Apple / Google	Apple/Google sub claim, name, email	Contract performance (account creation and authentication)
Personalize AI with profile	Observations, profile	Consent (opt-out available)
Quota enforcement and billing	Usage counts	Contract performance
Security and fraud prevention	Login attempts, device data	Legitimate interest, Art. 6(1)(f)
Service improvement, debugging	Anonymized error logs	Legitimate interest

We do not:

Sell your personal data to third parties.
"Share" your personal data for cross-context behavioral advertising (as those terms are defined under the California CPRA).
Use your data for advertising or marketing purposes.
Use your audio, transcripts, or content to train AI models.
Use Sign in with Apple data or Google API user data for any purpose other than authenticating you and providing the features you explicitly use in TellDone.
Share your data with data brokers.

3. Third-Party Data Processors

We use the following third-party services to provide core functionality. Your data is processed under data processing agreements (DPAs) with each provider where the provider is acting as a processor on our behalf, and under the provider's own terms where the provider is an independent identity provider:

Service	Role	Purpose	Data shared	Location
Soniox	Processor	Speech-to-text transcription	Audio recordings	USA
OpenAI	Processor	AI analysis, note structuring, embeddings, profile synthesis	Transcripts, task context	USA
Anthropic	Processor	AI report generation (Pro/Ultra plans)	Report context (notes, tasks summaries)	USA
Resend	Processor	Transactional email delivery	Email address, report content	USA
Apple Inc.	Independent controller	Sign in with Apple identity provider; private email relay	Sign in with Apple identifier, name (if shared), relay email (if Hide My Email)	USA
Google LLC	Independent controller	Sign in with Google identity provider	Google sub claim, name, email	USA
Google LLC	Independent controller	Google Tasks / Google Calendar sync (when you connect them)	Task and event content you create in TellDone	USA
Notion	Independent	Notion sync (when you connect	Page/database content	USA
Labs, Inc.	controller	Notion via OAuth)	for items you sync
Doist S.L.	Independent	Todoist sync (when you	Task content for items	EU
(Todoist)	controller	connect Todoist via OAuth)	you sync
Cultured	Independent	Things sync (when you connect	Task content for items	DE
Code GmbH	controller	Things)	you sync
(Things)

All third-party processors are contractually bound to process your data only as instructed by us and to maintain appropriate security measures. None of these providers use your data to train their AI models. The Apple, Google, Notion, Doist, and Cultured Code services listed as "independent controllers" process your data under their own privacy policies once it is in their systems; we recommend you review:

Apple: https://www.apple.com/legal/privacy/data/en/sign-in-with-apple/
Google: https://policies.google.com/privacy
Notion: https://www.notion.com/privacy
Todoist (Doist): https://doist.com/privacy
Cultured Code (Things): https://culturedcode.com/things/privacy/

4. International Data Transfers

Our servers are located in Europe (Germany), within the European Economic Area. As the data controller is established in Romania (EU member state), transfers within the EEA do not require a separate transfer mechanism. Some third-party processors and identity providers (Section 3) are located in the United States. For these transfers, we rely on:

The EU-U.S. Data Privacy Framework (DPF), the UK Extension, and the Swiss-U.S. DPF, where the recipient is certified.
Standard Contractual Clauses (SCCs) approved by the European Commission, with the UK International Data Transfer Addendum where applicable.
The processors' own GDPR compliance commitments and their published transfer impact assessments.

5. Data Retention

Data type	Retention period
Account data	Until account deletion
Audio recordings	Until you delete them or your account
Notes, tasks, events	Until you delete them or your account
Soft-deleted items (trash)	Free: 7 days · Basic: 30 days · Pro: 90 days · Ultra: 365 days
Reports	Until account deletion
User profile and observations	Until you clear profile or delete account
OAuth integration tokens	Until you disconnect the integration
(Todoist, Notion, Google,	or delete your account; revoked with
Apple, Things)	the provider on disconnect where technically possible
Sign in with Apple/Google	Until account deletion; on deletion
identifiers	we additionally call Apple's REST revoke endpoint to invalidate the refresh token
API usage logs	12 months, then anonymized
Error logs	30 days
Backups (encrypted)	30 days, then deleted
Data exports (GDPR / CCPA)	48 hours after generation, then deleted

When you delete your account, all personal data is permanently removed within 24 hours, including: database records (cascade delete), audio files from object storage, OAuth tokens (revoked with the third party where possible), Apple refresh tokens (revoked via Apple's REST API), GDPR/CCPA exports, and Redis quota counters. Account deletion does not require human review on our side and is not gated on email verification beyond the in-app confirmation prompt.

6. Data Security

Encryption in transit: All connections use TLS 1.2/1.3 (HTTPS).
Encryption at rest: Audio files stored in encrypted object storage (MinIO). Backups encrypted with AES-256-CBC. OAuth tokens encrypted at the database column level with envelope encryption.
Password security: Passwords hashed with bcrypt (never stored in plaintext).
Authentication: JWT-based with per-device refresh tokens. Tokens are revocable.
Infrastructure: Database, cache, and storage services are not exposed to the public internet.
Access control: Services run under a dedicated system user with minimal privileges.
Monitoring: SSH brute-force protection via fail2ban; intrusion detection on the application layer.
Human access to your content: We do not allow humans to read your audio, transcripts, or third-party-API-derived data except where (a) you have given affirmative consent (for example, when you contact support and authorize us to view specific items), (b) it is necessary for security purposes (for example, investigating abuse), (c) it is necessary to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.

7. Your Rights

7.1 Under GDPR / UK GDPR (European Users)

If you are in the European Economic Area, United Kingdom, or Switzerland, you have the following rights:

Access (Art. 15): Request a copy of all your personal data. Available via the in-app data export feature.
Rectification (Art. 16): Correct inaccurate data via your account settings.
Erasure (Art. 17): Delete your account and all associated data. Available via the in-app account deletion feature.
Data portability (Art. 20): Export your data in machinereadable JSON format. Available in the app.
Restriction of processing (Art. 18): Request that we limit processing of your data.
Object to processing (Art. 21): Object to processing based on legitimate interest.
Withdraw consent: Where processing is based on consent (email reports, profile, third-party integrations), you can withdraw at any time via app settings without affecting the lawfulness of processing carried out before withdrawal.
Lodge a complaint with your local supervisory authority.

7.2 Under CCPA / CPRA (California Residents)

If you are a California resident, you have the right to:

Know what personal information we collect, the sources, the purposes, and the categories of recipients.
Delete your personal information, subject to exceptions permitted by law.
Correct inaccurate personal information.
Opt-out of "sale" of personal information: We do not sell your personal information. We never have and never will.
Opt-out of "sharing" of personal information for cross-context behavioral advertising: We do not share your personal information for these purposes.
Limit use of sensitive personal information (audio recordings): we use sensitive personal information only as reasonably necessary to provide the Service you requested.
Non-discrimination: We will not discriminate against you for exercising your rights.

Categories of personal information collected (per CCPA/CPRA): identifiers (email, Apple/Google sub claim, device UUID); audio and electronic information (voice recordings); internet activity (usage logs); inferences (AI-generated profile observations); sensitive personal information (audio recordings, where they may contain sensitive content the user chooses to record).

7.3 How to exercise your rights

In-app: Data export and account deletion are available directly in the app settings.
Email: Contact us at privacy@telldone.app for any privacy-related request.
We will respond to verified requests within the timelines required by applicable law (typically one month under GDPR, extendable by two months for complex requests; 45 days under CCPA, extendable by 45 days where reasonably necessary).

8. Cookies And Tracking

Our website (telldone.app) uses Plausible Analytics (privacy- friendly, cookieless) and Google Analytics 4 for basic visit statistics on the landing page. We do not use advertising cookies, tracking pixels, or cross-site trackers on the website. Our mobile apps do not contain advertising SDKs, third-party analytics SDKs, or tracking SDKs (no ATT prompt is shown because we do not track users in the App Tracking Transparency sense).

9. Children'S Privacy

The Service is not directed to children under the age of 16, and we do not knowingly collect personal information from anyone under 16. In the United States, the Service is not directed to children under 13 within the meaning of the Children's Online Privacy Protection Act ("COPPA"), and we do not knowingly collect personal information from children under 13. If we discover that we have collected data from a child under the applicable minimum age, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@telldone.app and we will act without undue delay.

10. Changes To This Policy

We may update this Privacy Policy from time to time. When we make material changes (changes that materially affect the way we collect or use your data, including any change in how we use Google API user data or Sign in with Apple data), we will:

Update the "Last updated" date at the top of this page.
Notify you via email and in-app notification at least 30 days before the changes take effect.
Where required by law (or by Google's API Services User Data Policy when the change concerns Google user data), prompt you to renew consent before the new processing begins, and not apply the new processing to data we already hold until you consent.

If you disagree with the changes you may close your account before the effective date and we will not enforce the changed policy against you.

11. Google API Services (Limited Use)

TellDone's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

https://developers.google.com/terms/api-services-user-data-policy

What this means in practice:

When you use Sign in with Google, we request the minimum OpenID Connect scopes (openid, email, profile). We use the data we receive solely to create and authenticate your TellDone account.
When you connect Google Tasks or Google Calendar, we request only the scopes needed to read and write the items you create in TellDone (typically https://www.googleapis.com/auth/tasks and/or https://www.googleapis.com/auth/calendar.events). We request these scopes incrementally, in context, only when you enable that integration.
We use Google user data only to provide and improve the user-facing features that are visible and prominent in TellDone (sign-in, two-way sync of tasks/events).
We do not transfer Google user data to third parties except (a) as needed to provide those user-facing features and only with your consent (for example, our infrastructure providers acting as data processors), (b) for security purposes, (c) to comply with applicable law, or (d) as part of a merger, acquisition, or sale of assets after obtaining your explicit prior consent.
We do not allow humans to read Google user data except where (a) you have given affirmative consent to view specific items, (b) it is necessary for security (for example, investigating abuse), (c) it is necessary to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.
We do not use Google user data to develop, improve, or train generalized or non-personalized AI/ML models. We do not sell Google user data, use it for advertising (including retargeting or interest-based advertising), or use it to determine credit-worthiness or for lending purposes.

You can revoke our access to your Google account at any time at https://myaccount.google.com/permissions, in addition to disconnecting in TellDone Settings → Integrations.

12. Sign In With Apple

When you use Sign in with Apple, we receive only the data Apple provides:

A stable, opaque user identifier (the "sub" claim).
Your name, only if you choose to share it on first sign-in.
Your email address, or — if you choose Hide My Email — a private relay address at @privaterelay.appleid.com.

We use this data only to create and authenticate your TellDone account and (for the email address) to send you transactional emails such as report digests, password resets, and security notices. We do not attempt to deanonymize the relay address, do not send marketing email to relay addresses, and respect your choice to disable email forwarding from your Apple ID settings.

When you delete your TellDone account, we call Apple's Sign in with Apple REST revocation endpoint to invalidate the refresh token issued to us, in addition to deleting your account data on our side. You can also revoke Apple's authorization at any time in iOS Settings → [your name] → Sign in with Apple, or at https://appleid.apple.com.

13. Notion And Todoist Integrations

When you connect Notion via OAuth, you are taken to Notion's authorization screen where you select which workspace and which specific pages or databases TellDone may access. We can only see the resources you grant; we cannot read other content in your workspace. We use this access only to create, read, update, and delete items that correspond to your TellDone notes, tasks, or events. We never use your Notion content to train any AI model and never share it with any party other than the data processors listed in Section 3 strictly to provide the sync feature.

When you connect Todoist via OAuth, we request only the scopes needed for two-way task sync (typically data:read_write, and data:delete if you enable two-way deletion). We use this access solely to create, read, update, complete, and (if you opt in) delete tasks that correspond to your TellDone tasks. We do not use your Todoist content to train any AI model and do not share it beyond the data processors in Section 3.

You can disconnect either integration at any time in TellDone Settings → Integrations; we will revoke the OAuth token with the provider on disconnect. You can also revoke the integration directly:

Notion: Settings → My connections in your Notion workspace.
Todoist: Settings → Integrations → Connected apps in Todoist.

14. Data Controller And Contact

The data controller for personal data processed under this Privacy Policy is the operator of TellDone, contactable at:

Email (privacy): privacy@telldone.app Email (general): support@telldone.app Website: https://telldone.app

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority. The competent supervisory authority for the data controller is the Romanian National Supervisory Authority for Personal Data Processing (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal, ANSPDCP), at https://www.dataprotection.ro. Users in other EEA member states may also lodge a complaint with their local supervisory authority.

This Privacy Policy applies to the TellDone mobile applications (iOS, iPadOS, watchOS, macOS, Android) and the cloud service at api.telldone.app. It does not apply to third-party services linked from our app (Notion, Todoist, Things, Google, Apple, etc.), which have their own privacy policies.