Privacy Policy
Last updated: December 2025
1. Who We Are
todiia is a task management application operated by VangiSoft. We are committed to protecting your privacy and handling your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
Data Controller: VangiSoft
Contact Email: vanginjac@gmail.com
2. Data We Collect
We collect the following types of personal data:
Account Data
- Email address - Required for account creation and authentication. Without this, you cannot create an account or use the service.
- Name - Optional, used for personalization. If not provided, we will use a default display name.
- Authentication data - If you sign in via Google, Microsoft, or Apple, we receive basic profile information from those services (email and name only).
Usage Data
- Tasks and projects - The content you create within the application
- Application settings - Your preferences and configuration choices
Technical Data
- IP address - For security and fraud prevention
- Browser and device information - For compatibility and troubleshooting
- Access logs - Timestamps of when you access the service
3. How We Use Your Data
We use your personal data for the following purposes:
- Providing the service - To create and manage your account, store your tasks and projects
- Authentication - To verify your identity when you log in
- Service improvement - To understand how the application is used and make improvements
- Security - To detect and prevent fraud, abuse, and security incidents
- Communication - To send important service-related notifications (password resets, security alerts)
We do not sell your personal data to third parties. We do not use your task content for advertising purposes.
4. Legal Basis for Processing
Under GDPR, we process your data based on the following legal grounds:
- Contract - Processing necessary to provide you with the todiia service (Article 6(1)(b))
- Consent - For optional cookies and analytics, where you have given explicit consent (Article 6(1)(a))
- Legitimate interests - For security measures and fraud prevention (Article 6(1)(f))
5. Data Retention
We retain your personal data as follows:
- Account data - Retained until you delete your account
- Tasks and projects - Retained until you delete them or your account
- Technical logs - Retained for 90 days for security purposes
- Backup data - May be retained for up to 30 days after deletion for disaster recovery
When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are legally required to retain it.
6. Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of access - You can request a copy of all personal data we hold about you
- Right to rectification - You can ask us to correct inaccurate data
- Right to erasure - You can request deletion of your personal data ("right to be forgotten")
- Right to restrict processing - You can ask us to limit how we use your data
- Right to data portability - You can request your data in a machine-readable format
- Right to object - You can object to processing based on legitimate interests
- Right to withdraw consent - Where processing is based on consent, you can withdraw it at any time
To exercise any of these rights, please contact us at vanginjac@gmail.com. We will respond within 30 days.
You also have the right to lodge a complaint with a supervisory authority. In France, this is the CNIL (Commission Nationale de l'Informatique et des Libertés).
8. Third Parties
We work with the following third-party service providers:
Data Processors
- Hostinger International Ltd (Cyprus/EU) - Website and application hosting. Your data is stored on servers located within the European Union.
- Authentication providers - Google (USA), Microsoft (USA), and Apple (USA) for social sign-in, if you choose to use them. These providers are certified under the EU-US Data Privacy Framework.
- OpenAI (USA) - For the smart task splitting feature. Task content is sent to OpenAI's API for processing but is not stored or used for training purposes. OpenAI operates under Standard Contractual Clauses (SCCs) for EU data transfers.
International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA), primarily in the United States. When we transfer your data outside the EEA, we ensure appropriate safeguards are in place:
- EU-US Data Privacy Framework certification
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements with all processors
All third-party providers are bound by data processing agreements and are only permitted to use your data as necessary to provide their services to us.
9. Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption - All data is transmitted over HTTPS/TLS
- Access control - Strict access controls and authentication requirements
- Regular updates - We keep our systems and dependencies up to date
- Monitoring - We monitor for security incidents and unauthorized access
While we strive to protect your data, no method of transmission over the Internet is 100% secure. If you become aware of any security issues, please contact us immediately.
10. Policy Changes
We may update this privacy policy from time to time. When we make significant changes, we will notify you by:
- Posting the updated policy on this page with a new "Last updated" date
- Displaying a notice in the application
- Sending an email notification for material changes (if we have your email)
We encourage you to review this policy periodically. Your continued use of todiia after any changes indicates your acceptance of the updated policy.
11. Contact Us
If you have any questions about this privacy policy or how we handle your data, please contact us: