Privacy Policy
Last updated: March 2026
Your privacy matters to us. This policy explains what data we collect, why we collect it, how we store it, and what rights you have.
1. Who We Are
tingdo is a personal, non-commercial project developed and maintained by:
Simon Wismeth Rothschildallee 18 60389 Frankfurt am Main, Germany
(“I”, “me”, “my” throughout this policy). I am the data controller for the personal data processed through this service.
For privacy-related inquiries, contact me at: tingdo (at) wismeth.com
2. What Data We Collect
Account data
When you create an account, we collect your name, email address, and an encrypted password. Authentication is handled by Firebase Authentication — we never store your plain-text password.
Content data
The core of the service is the data you create: tasks, projects, notes, contexts, and related metadata (such as deadlines, status, and timestamps). This data is yours and is created entirely by you.
Technical data
When you use the service, we automatically collect limited technical data: device type, browser type, and basic usage events (e.g. app opens, feature usage). This helps us understand how the service is used and where to improve it.
3. How We Use Your Data
We process your data for the following purposes:
- Providing the service — storing and syncing your tasks, projects, and notes across your devices. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
- Account management — authentication, session management, and account recovery. Legal basis: performance of a contract.
- Service improvement — understanding usage patterns to improve features and fix issues. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
- Deadline notifications — sending push notifications for tasks with deadlines, if you have enabled notifications. Legal basis: consent (Art. 6(1)(a) GDPR).
We do not use your data for advertising. We do not sell your data to third parties. We do not profile you for marketing purposes.
4. Where Your Data Is Stored
Your data is stored on Google Cloud infrastructure through Firebase (Firestore, Firebase Authentication, Cloud Functions). Google Cloud operates data centres in the EU and globally, and processing may occur outside the EU under Google’s standard contractual clauses and data processing terms.
Offline storage
The app keeps a local copy of your data on your device to enable offline access. This data remains on your device and is not transmitted to any third party.
5. Sub-processors
We rely on the following third-party services to operate tingdo:
| Service | Purpose | Provider |
|---|---|---|
| Firebase Authentication | Account creation and login | Google LLC |
| Cloud Firestore | Database for tasks, projects, notes | Google LLC |
| Firebase Cloud Messaging | Push notifications (deadlines only) | Google LLC |
| Firebase Hosting | Hosting the web application | Google LLC |
If we introduce additional sub-processors (for example, for AI-powered features), we will update this policy before doing so.
6. Data Retention
- Active accounts: Your data is retained for as long as your account exists.
- Deleted content: When you delete a task, project, or note, it is permanently removed from our database. There is no soft-delete or trash period.
- Account deletion: When you delete your account, all associated data (tasks, projects, notes, account information) is permanently deleted. This process may take up to 30 days to propagate through all backup systems.
7. Your Rights
Under the GDPR, you have the following rights:
- Access — request a copy of the personal data we hold about you.
- Rectification — correct inaccurate data in your account.
- Erasure — request deletion of your account and all associated data.
- Data portability — export your data in a machine-readable format. The app provides a built-in export feature for this purpose.
- Restriction — request that we limit processing of your data in certain circumstances.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — where processing is based on consent (e.g. push notifications), you can withdraw it at any time.
To exercise any of these rights, contact me at: tingdo (at) wismeth.com
You also have the right to lodge a complaint with a supervisory authority. In Germany, the competent authority is the Hessische Beauftragte für Datenschutz und Informationsfreiheit (HBDI).
8. Cookies
We use essential cookies only to maintain your login session. We do not use third-party advertising or tracking cookies.
If we introduce analytics in the future, we will update this policy and request your consent before activating any non-essential cookies.
9. Children
tingdo is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has created an account, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this policy from time to time. When we make significant changes, we will notify you through the app or by email. The “last updated” date at the top of this page indicates the most recent revision.