Frogcake

DRAFT DOCUMENT — FOR ATTORNEY REVIEW

This document is a template and should be reviewed by a licensed attorney before use. Remove this banner after legal review is complete.

Privacy Policy

Last Updated: [DATE]

Frogcake ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our task management application and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use the Service.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when using the Service:

  • Account Information: Name, email address, and password when you create an account
  • Profile Information: Display name and any other profile details you choose to provide
  • Task Data: Tasks, categories, notes, time estimates, and other content you create within the Service
  • Team Information: If you create or join a team, we collect team names, member relationships, and role assignments
  • Communications: Information you provide when contacting us for support or feedback

1.2 Information Collected Automatically

When you access the Service, we may automatically collect:

  • Usage Data: Pages visited, features used, actions taken, time spent, and interaction patterns
  • Device Information: Browser type, operating system, device type, and screen resolution
  • Log Data: IP address, access times, referring URLs, and error logs
  • Cookies: We use essential cookies to maintain your session and preferences. See Section 6 for more details.

1.3 Payment Information

Payment processing is handled by Stripe. We do not directly collect or store your credit card numbers or bank account details. Stripe may share limited information with us, such as the last four digits of your card, card type, and billing address, for record-keeping and fraud prevention. Please review Stripe's Privacy Policy for more information.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process transactions and manage your subscription
  • Send you transactional emails (password resets, team invitations, billing notifications)
  • Respond to your comments, questions, and support requests
  • Analyze usage patterns to improve the Service
  • Detect, prevent, and address technical issues and security threats
  • Enforce our Terms of Service and other policies
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not use your task data or content for advertising purposes.

3. Information Sharing

We may share your information in the following circumstances:

3.1 Service Providers

We use third-party service providers to help operate our Service:

  • Supabase: Database hosting and authentication services
  • Stripe: Payment processing
  • Resend: Transactional email delivery
  • Vercel: Web hosting and content delivery
  • Railway: Backend application hosting

These providers have access to your information only to perform specific tasks on our behalf and are obligated to protect your information.

3.2 Team Members

If you join a team, certain information (such as your display name, email, and tasks within that team) may be visible to other team members based on the team's settings and your role.

3.3 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4. Data Security

We implement reasonable technical and organizational measures to protect your information, including:

  • Encryption of data in transit using TLS/SSL
  • Encryption of sensitive data at rest
  • Secure password hashing using industry-standard algorithms
  • Regular security assessments and updates
  • Access controls limiting employee access to user data

Important: While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. After account deletion:

  • Your personal data will be deleted within 30 days
  • Backup copies may persist for up to 90 days before being purged
  • Anonymized or aggregated data may be retained for analytics purposes
  • We may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention, legal compliance)

6. Cookies and Tracking

We use cookies and similar technologies to:

  • Essential Cookies: Maintain your login session and remember your preferences
  • Analytics: Understand how users interact with the Service to improve functionality

You can control cookie settings through your browser. Disabling essential cookies may affect the functionality of the Service.

7. Your Rights

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information (subject to certain exceptions)
  • Portability: Request an export of your data in a machine-readable format
  • Opt-Out: Opt out of certain data processing activities

To exercise these rights, please contact us at privacy@frogcake.com. We will respond to your request within 30 days.

8. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect and how it is used
  • The right to request deletion of your personal information
  • The right to opt-out of the sale of personal information (we do not sell your data)
  • The right to non-discrimination for exercising your privacy rights

To make a request, contact us at privacy@frogcake.com.

9. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected personal information from a child under 13, we will promptly delete that information. If you believe we have collected information from a child under 13, please contact us immediately at privacy@frogcake.com.

10. International Users

The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we may also send you an email notification. Your continued use of the Service after any changes indicates your acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at: