Privacy Policy

1. Introduction

Welcome to KarmaKanban ("we," "our," or "us"). We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our productivity platform and services (collectively, the "Service").

By using KarmaKanban, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, password (encrypted), and profile information
• Goals and Tasks: Goal descriptions, task details, timelines, and related content you create
• Karma Ledger Data: Your behavioral patterns, completion history, procrastination triggers, productivity insights, and personal reflections
• User-Generated Content: Any text, notes, or content you input into the platform
• Communications: Messages, feedback, and support requests you send to us

2.2 Automatically Collected Information

• Usage Data: Features used, time spent, task completion patterns, interaction frequency
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Access times, pages viewed, navigation paths, errors, and performance metrics
• Cookies and Tracking: We use cookies and similar technologies to maintain sessions and analyze usage

2.3 AI and Machine Learning Data

As an AI-powered platform, we process your goals, tasks, and behavioral data through machine learning algorithms to provide personalized recommendations, predictive planning, and adaptive learning features. This processing includes analyzing patterns in your completion rates, time management, and productivity cycles.

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide, maintain, and improve KarmaKanban's features and functionality
• Personalization: To deliver AI-powered recommendations, task decomposition, and personalized insights based on your Karma Ledger
• Analytics: To analyze behavioral patterns and provide productivity insights tailored to you
• Account Management: To manage your account, authenticate access, and provide customer support
• Communications: To send service-related notifications, updates, and respond to inquiries
• Security: To detect, prevent, and address fraud, security issues, and technical problems
• Legal Compliance: To comply with legal obligations and protect our rights
• Product Development: To develop new features and improve existing ones (using aggregated, anonymized data)

4. Third-Party Services and Data Sharing

4.1 Service Providers

We use trusted third-party service providers to support our operations:

• Supabase: Database hosting and authentication services
• OpenAI: AI-powered goal decomposition and task generation (your data is processed according to OpenAI's data usage policies)
• Hosting Providers: Cloud infrastructure for application hosting
• Analytics Tools: Usage analytics and performance monitoring

4.2 Data Sharing Limitations

We do NOT sell your personal data. We only share information in the following circumstances:

• With service providers who assist in operating our platform (under strict confidentiality agreements)
• When required by law, legal process, or government request
• To protect our rights, property, or safety, or that of our users or the public
• In connection with a business transaction (merger, acquisition, sale of assets) with advance notice to you
• With your explicit consent for a specific purpose

5. AI Processing and OpenAI

KarmaKanban uses OpenAI's API to power certain AI features, including goal decomposition and task generation. When you use these features:

• Your goal descriptions and related content are sent to OpenAI's servers for processing
• OpenAI processes this data according to their API Data Usage Policies
• As of our last update, OpenAI does not use API data to train their models
• We recommend reviewing OpenAI's privacy policy at https://openai.com/privacy

Your Karma Ledger and behavioral analytics are processed on our own servers and are not shared with OpenAI unless specifically required for a feature you actively use.

6. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption of data in transit using HTTPS/TLS
• Encryption of sensitive data at rest
• Secure password hashing using industry-standard algorithms
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Regular backups and disaster recovery procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. If you request account deletion, we will delete or anonymize your data within 30 days, except where we are legally required to retain certain information. Backups may retain data for up to 90 days.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (right to be forgotten)
• Portability: Request transfer of your data in a machine-readable format
• Object: Object to processing of your personal data for certain purposes
• Restrict: Request restriction of processing under certain circumstances
• Withdraw Consent: Withdraw consent for data processing where consent is the legal basis

To exercise these rights, please contact us at the email provided in the Contact section below. We will respond to your request within 30 days.

9. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by us
• Right to opt-out of the sale of personal information (Note: We do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights

To exercise these rights, please contact us using the information in the Contact section.

10. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR). Our legal basis for processing your data includes:

• Contract Performance: Processing necessary to provide our services to you
• Legitimate Interests: Processing for our legitimate business interests (e.g., improving services)
• Consent: Where you have given explicit consent
• Legal Obligations: Where required by law

You have the right to lodge a complaint with a supervisory authority if you believe we have violated your rights.

11. Children's Privacy

KarmaKanban is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by relevant authorities.

13. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your session and keep you logged in
• Remember your preferences and settings
• Analyze usage patterns and improve our Service
• Provide security and fraud prevention

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of certain features.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes, we may provide additional notice (such as email notification). Your continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: