Privacy Policy - Planscope

1. Introduction

Planscope ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our planning application ("Service"), including the web application, Progressive Web App (PWA), and native iOS application.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service.

Data Controller: Everyday Arc Ltd, United Kingdom
Privacy Contact: support@planscope.app

2. Information We Collect

2.1 Information You Provide Directly

Account Registration:

Email address
Password (hashed and encrypted)
Account creation date

When You Use Our Service:

Brain dumps (text you enter for planning)
Plans generated by our system
Task lists and completion status
Constraints you select (time availability, energy level, focus area)
Any edits or modifications you make to tasks
Feedback or support requests

Plan Sharing (Pro Plus feature):

Email addresses of people you share plans with
Membership role (editor) for shared plans

Mood and Wellbeing Data:

Mood selections (e.g. rough, tired, ok, good, swamped) from periodic check-ins, stored locally on your device
Emotional context detected during plan generation (anxiety signals, burnout indicators, overwhelm level), stored alongside your plan data

Notifications:

Notification preferences and settings
Notifications are delivered locally on your device via the native app; we do not use cloud-based push notification services

Payment Information (if applicable):

Billing email and name
Payment method information (processed securely through Stripe for web purchases, or through Apple's App Store for iOS purchases; we do not store full credit card details)
Subscription plan details (Free, Pro, Pro Plus)
Billing frequency (monthly or yearly)
Subscription status and renewal dates
Stripe Customer ID or RevenueCat subscriber ID (used to link your account to your subscription)

2.2 Information Collected Automatically

Usage Data: IP address, browser type and version, operating system, pages or features you access, time and date of your visits, time spent on pages, and links you click.

Device Information: Device type, device identifiers, mobile network information, operating system version, and app installation source.

Cookies and Tracking Technologies: Session cookies, persistent cookies, and local storage for authentication tokens. We use cookies for authentication and remembering your preferences.

Analytics: We use Firebase Analytics (Google) to measure feature usage and understand how people interact with the Service. This collects anonymised event data such as page views and feature interactions. We do not use heatmaps, session recordings, or invasive tracking technologies.

2.3 Information from Third Parties

If you log in via OAuth (Google, Apple), we receive your email address and basic profile information. We also receive payment information from payment processors (Stripe) and aggregate usage data (never personally identifiable).

3. How We Use Your Information

We use the information we collect to:

Provide and Improve the Service: Create and maintain your account, deliver planning features, debug and fix technical issues, and monitor performance.
Generate AI Plans: Parse your brain dumps using Claude API, detect emotional context (such as anxiety or burnout signals) to tailor plan recommendations, score and select tasks based on your constraints, and generate human-friendly descriptions. Your data is sent to Anthropic's API for LLM processing (see section 6).
Plan Sharing (Pro Plus): Share plans with other Planscope users and manage membership.
Notifications: Deliver local notifications on your device for check-ins, celebrations, and reminders based on your preferences.
Customer Service: Respond to your enquiries and support requests, and send service-related announcements.
Legal and Safety: Comply with applicable laws, protect against fraud, enforce our Terms of Use, and process refund requests.
Aggregated Analytics: Measure feature usage, understand user behaviour patterns, and improve the product experience (non-personally identifiable).
Pattern Learning (opt-in): If you enable the "Learnings" setting, we collect anonymised pattern data when plans are archived (plan mode, energy level, mood, task counts, completion counts, and broad categories). This data contains no user ID, no task titles, and cannot be traced back to you. It is used to improve plan generation for all users over time.

We do not use your information for marketing, advertising, or third-party sales.

4. Data Security

4.1 Security Measures

Encryption in Transit: All data transmitted uses HTTPS (TLS 1.2+)
Encryption at Rest: Sensitive data is encrypted in our database
Password Security: Passwords are managed by Firebase Authentication using industry-standard hashing
Access Controls: Access to user data is restricted to authorised personnel on a need-to-know basis
Secure Infrastructure: Hosted on Vercel and Google Cloud with automatic backups and disaster recovery

4.2 Your Responsibility

Keep your password confidential, use a unique password, do not share your account credentials, and log out of your account on shared devices.

4.3 Data Breach Notification

In the event of a confirmed data breach affecting your personal information, we will notify you by email within 30 days, in compliance with UK GDPR and applicable laws.

5. Data Retention

5.1 How Long We Keep Your Data

Active Plans: Retained for the duration of your use of the Service
Completed/Archived Plans: Retained while your account is active
Account Data: Retained whilst your account is active
Deleted Account Data: Deleted immediately upon request (backups may persist for up to 90 days)
Payment/Billing Records: Retained for 7 years for tax and legal compliance

5.2 Automatic Deletion

We automatically delete session cookies upon browser close, authentication tokens upon logout, and temporary processing files used for LLM calls (within 24 hours).

6. Third-Party Data Sharing

6.1 Anthropic (Claude API)

Your brain dumps and planning data are sent to Anthropic's Claude API for natural language parsing and plan text generation. Anthropic's Privacy Policy applies to this data.

We do not opt your data into Anthropic's training datasets. We only send data necessary for immediate plan generation. API calls are processed server-side.

6.2 Payment Processors

Web purchases: Payment information is processed by Stripe (PCI-compliant). We do not store full credit card information.

iOS purchases: In-app subscriptions are managed by RevenueCat and processed through the Apple App Store. Payment is charged to your Apple ID account. We receive subscription status and entitlement information from RevenueCat but do not have access to your Apple payment details. RevenueCat's Privacy Policy and Apple's Privacy Policy apply.

6.3 Notifications

Notifications are delivered locally on your device via the native mobile app. We do not use cloud-based push notification services (such as Firebase Cloud Messaging or Apple Push Notification service). Your notification preferences are stored in our database to sync across devices.

6.4 Analytics

We use Firebase Analytics (Google) to collect anonymised usage data such as page views and feature interactions. This helps us understand how people use the Service and improve the product. We do not use this data for advertising. Firebase Privacy Policy applies.

6.5 Cloud Infrastructure

Our Service is hosted on Vercel (frontend) and Google Cloud (backend), with security and privacy compliance from both providers.

6.6 No Third-Party Marketing or Sales

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes.

7. Your Privacy Rights

7.1 UK GDPR Rights (UK Users)

If you are located in the UK, you have the following rights:

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate data
Right to Erasure: Request deletion of your data
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a portable format
Right to Object: Object to processing of your data
Right to Withdraw Consent: Withdraw consent for data processing
Right to Lodge a Complaint: File a complaint with the ICO

To exercise these rights, email support@planscope.app. We will respond within 30 days.

7.2 CCPA Rights (California Users)

If you are a California resident, you have the right to know what personal information we collect, request deletion, opt out of sharing (we do not sell your data), and non-discrimination for exercising your rights.

To submit a request, email support@planscope.app. We will respond within 45 days.

7.3 Other Jurisdictions

Depending on your location, you may have additional rights. We are committed to complying with all applicable privacy laws globally.

8. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete that information and terminate the child's account immediately.

If you believe a child under 13 has provided information to us, please contact us at support@planscope.app.

9. International Data Transfers

Your data may be processed in countries other than where you reside. By using our Service, you consent to the transfer of your personal information to countries outside your country of residence. We implement appropriate safeguards, including Standard Contractual Clauses (SCCs), to protect your data during international transfers.

10. Cookies and Tracking Technologies

10.1 Cookies We Use

Cookie Name	Purpose	Duration	Type
`__session`	Authentication (session cookie)	5 days	Persistent (httpOnly, secure)

10.2 Local Storage

We also use your browser's local storage and session storage to store preferences (such as mood check-in data and display settings), temporary data during plan generation, and authentication state. This data remains on your device and is not transmitted to our servers unless required to provide the Service.

10.3 Your Cookie Choices

You can disable cookies in your browser settings (but this may affect Service functionality), and you can delete cookies at any time. We respect the "Do Not Track" (DNT) signal.

11. Updates to This Privacy Policy

We may update this Privacy Policy periodically. For material changes, we will notify you by email. Your continued use of the Service constitutes acceptance of the updated policy.

12. Data Deletion and Account Termination

12.1 Delete Your Account

You can request account deletion at any time by logging into your account and navigating to Settings → Delete Account, or by emailing support@planscope.app.

12.2 What Happens When You Delete Your Account

Your account is immediately deactivated
Your personal information is deleted immediately
Your plans and tasks are deleted immediately
We retain aggregated, non-identifiable data for analytics
Backups may persist for up to 90 days but will be overwritten

13. Contact Us

If you have questions about this Privacy Policy, your data, or our privacy practices, please contact:

Email: support@planscope.app

We will respond to all enquiries within 10 business days.

14. Additional Information for Specific Jurisdictions

UK (GDPR-equivalent): UK GDPR protections apply. You can also file a complaint with the Information Commissioner's Office (ICO).

Australia (Privacy Act): The Privacy Act 1988 applies. You can complain to the Office of the Australian Information Commissioner (OAIC).

Canada (PIPEDA): PIPEDA applies. You can lodge a complaint with the Privacy Commissioner of Canada.

15. Glossary

Personal Data: Any information relating to an identified or identifiable individual
Processing: Any operation performed on data (collection, use, storage, disclosure)
Consent: Explicit agreement to the processing of your data
Data Subject: The individual to whom personal data relates (you)
Data Controller: The entity that determines the purposes and means of data processing (Planscope)
Data Processor: An entity that processes data on behalf of the controller (e.g., Anthropic, Google Cloud)

By using Planscope, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.