Privacy Policy
Privacy policy of Planpilot - Information about the processing of your personal data
1. Overview
The protection of your personal data is important to us. This privacy policy informs you about what data we collect, how we process it, and what rights you have.
We process personal data in accordance with the General Data Protection Regulation (GDPR), the revised Swiss Data Protection Act (nDSG), and other applicable data protection regulations.
2. Responsible Party
Responsible for data processing within the meaning of data protection laws is:
3. Data Collection
In the course of using our service, we collect various categories of personal data:
3.1 Account Data
When registering and using your account, we collect:
- Email address: Required for registration, authentication, and communication
- Name: Optional, for personalizing your profile
- Profile picture: Optional, for display in the application
- Preferred language: For displaying the user interface
- Timezone: For correct display of times
3.2 Usage Data
When using the service, we store the content you enter:
- Todos and tasks (title, description, status)
- Subtodos
- Daily goals
- Daily plans and time blocks
- Daily notes
- Settings and preferences
3.3 Technical Data
Each time you access our website, the following technical data is automatically collected:
- IP address (anonymized)
- Date and time of access
- Browser type and version
- Operating system
- Referrer URL (previously visited page)
- Pages accessed and actions taken
4. Purpose of Data Processing
We process your personal data for the following purposes:
- Service provision: Storage and synchronization of your todos, plans, and notes
- Account management: Registration, authentication, and management of your user account
- Communication: Responding to your inquiries, important notices about the service
- Billing: Processing payments for paid subscriptions
- Improvement: Analysis to optimize our service
- Security: Protection against misuse and unauthorized access
- Legal obligations: Fulfillment of legal retention requirements
5. Legal Basis
The processing of your data is based on the following legal grounds under the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nDSG/FADP):
- Contract performance (Art. 6 Para. 1 lit. b GDPR / Art. 31 Para. 2 lit. a nDSG): Processing to provide our services
- Consent (Art. 6 Para. 1 lit. a GDPR / Art. 6 Para. 6 nDSG): For analytics cookies and marketing communication
- Legitimate interests (Art. 6 Para. 1 lit. f GDPR / Art. 31 Para. 1 nDSG): To improve our services and ensure security
- Legal obligation (Art. 6 Para. 1 lit. c GDPR / Art. 31 Para. 2 lit. b nDSG): To fulfill legal retention requirements
In accordance with Art. 6 nDSG, we process personal data based on the principles of lawfulness, proportionality, and purpose limitation. Your rights to access (Art. 25 nDSG), data portability (Art. 28 nDSG), and deletion are described in the "Your Rights" section.
7. Third Parties
We work with the following third-party providers:
Paddle
Payment processing
Paddle processes your payment information for paid subscriptions. We do not store complete payment data ourselves.
Privacy policy: paddle.com/legal/privacy
Hetzner Online GmbH
Hosting & server infrastructure
Our application and data are hosted on servers by Hetzner Online GmbH in Germany (EU).
Privacy policy: hetzner.com/legal/privacy-policy
Anthropic (Claude)
AI-powered features
We use Anthropic Claude for AI features such as task suggestions and daily planning. Only data necessary for the respective function is transmitted.
Privacy policy: anthropic.com/privacy
Google Calendar API
Calendar integration (optional)
When Google Calendar integration is enabled, calendar data is synchronized between Planpilot and your Google account. This integration is optional and requires your explicit consent.
Privacy policy: policies.google.com/privacy
Microsoft Graph API (Outlook)
Calendar integration (optional)
When Outlook Calendar integration is enabled, calendar data is synchronized between Planpilot and your Microsoft account. This integration is optional and requires your explicit consent.
Privacy policy: privacy.microsoft.com/privacystatement
8. Data Transfer
Your data is generally processed within Switzerland and the European Union.
For certain features, we use service providers that may process data outside Switzerland/EU:
- Anthropic (Claude AI), USA: AI-powered features such as task suggestions, schedule optimization, and note summaries. The usage data relevant to each feature is processed (e.g., task titles, note contents).
- Paddle, UK/USA: Payment processing for premium subscriptions. Billing data is processed.
- Google / Microsoft (optional): Calendar synchronization, only when you actively connect this feature. Calendar entries are processed.
- Google reCAPTCHA v3, USA: Protection of the contact form and waitlist against abuse. Your IP address and browser information may be transmitted to Google.
We ensure through appropriate safeguards that your data is adequately protected during third-country transfers (Art. 16-17 nDSG):
- EU Standard Contractual Clauses
- Adequacy decisions by the EU Commission or the Swiss Federal Council
- Contractual data protection guarantees with providers
9. Retention Period
We store your personal data only for as long as necessary for the respective purposes:
- Account data: For the duration of your membership and until complete deletion of the account
- Usage data (todos, notes): For the duration of your membership
- Billing data: 10 years after the end of the contractual relationship (statutory retention period)
- Server logs: 30 days
After termination of your account, your data will be deleted within 90 days, unless statutory retention obligations apply.
10. Your Rights
You have the following rights regarding your personal data:
- Right to information: You can request information about the data we store at any time
- Right to rectification: You can request the correction of inaccurate data
- Right to deletion: You can request the deletion of your data, unless retention obligations apply
- Restriction of processing: You can request the restriction of data processing under certain conditions
- Data portability: You can receive your data in a structured, machine-readable format
- Right to object: You can object to the processing of your data for reasons arising from your particular situation
- Withdrawal of consent: You can withdraw given consents at any time with effect for the future
To exercise your rights, please contact us at: contact@planpilot.day
You also have the right to lodge a complaint with the competent data protection supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC): www.edoeb.admin.ch
11. Data Security
We employ technical and organizational security measures to protect your data from unauthorized access, loss, or misuse:
- Encryption: TLS/SSL encryption for all data transmissions
- Access controls: Strict access permissions for employees
- Secure servers: Hosting in certified data centers
- Regular backups: Automatic backup of your data
- Monitoring: Continuous monitoring for security incidents
12. Minors
Our service is aimed at persons who are at least 16 years old. We do not knowingly collect personal data from children under 16 years of age without the consent of a legal guardian.
If you learn that a child under 16 has provided us with personal data without consent, please contact us so that we can take the necessary measures.
13. Changes
We may update this privacy policy from time to time to reflect changes in our privacy practices or for legal reasons.
We will notify you of significant changes by email or through a prominently visible notice on our website. We recommend that you review this privacy policy regularly.
14. Contact
For questions about data protection or to exercise your rights, you can reach us at:
Data Protection Inquiries
Email: contact@planpilot.day
We strive to respond to your request within 30 days.
Last updated: February 2026