Back

Privacy Policy

Last updated: February 2026

At PomodoroMethod, we take the protection of your personal data very seriously. This policy explains what data we collect, why we collect it, and how you can control it. We comply with the GDPR (General Data Protection Regulation).

1. Data we collect

Account data

  • Email address (via Google Auth)
  • Display name and username
  • Profile photo (optional)
  • School/university (detected via email domain)

Usage data

  • Pomodoro sessions (duration, date, time)
  • Productivity statistics
  • Badges and levels unlocked

2. How we use your data

We use your data to:

  • Provide and improve the PomodoroMethod service
  • Display your statistics and progress
  • Allow you to interact with other users
  • Send you important notifications (streak at risk, etc.)
  • Send marketing emails only with your explicit consent

3. Email communications

Transactional emails (always sent)

  • Account creation confirmation
  • Password reset
  • Security alerts

Marketing emails (with your consent)

  • Newsletter and productivity tips
  • New features and updates
  • Re-engagement reminders

You can unsubscribe at any time via the link at the bottom of each email or in your account settings.

4. Your rights (GDPR)

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify your data if inaccurate
  • Delete your account and all your data
  • Export your data in a portable format
  • Withdraw consent to marketing emails
  • Object to the processing of your data

To exercise these rights, contact us at pomodoromethod.build@gmail.com

5. Data retention

  • Your data is retained as long as your account is active
  • After account deletion, your data is erased within 30 days
  • Anonymized logs may be retained for statistical purposes

6. Security

We use industry-standard security measures:

  • SSL/TLS encryption for all communications
  • Secure authentication via Google OAuth
  • Database hosted on Supabase (SOC 2 certified)
  • No plain-text password storage
  • Strict Content-Security-Policy (CSP) server-side
  • Security headers: HSTS, X-Frame-Options, Referrer-Policy

7. Optional third-party integrations

Some optional features let you connect PomodoroMethod to third-party services. These integrations are entirely optional and only activated if you set them up yourself in your settings. They trigger data sharing with the relevant third party, governed by their own privacy policy.

Discord & Slack (webhooks)

If you configure a webhook, we send your session notifications (username, session type, duration, XP) to the Discord/Slack server of your choice. You can remove the webhook at any time.

Google Calendar

If you connect Google Calendar, we create an event for each completed session (title, duration, XP). Access uses OAuth and can be revoked from your Google settings.

Notion & Obsidian

Synchronization of your sessions to your Notion database or Obsidian vault, only if you provide the corresponding integration token.

Spotify (embed)

The Spotify player is an iframe embed hosted by Spotify. It may set third-party cookies (see Spotify's privacy policy). You can disable the module in your settings.

8. Minors

PomodoroMethod is primarily intended for high school students, university students and adults. In accordance with GDPR article 8and the age of digital consent set in most EU countries (13–16 years old):

  • If you are 15 years old or above (or the applicable age of digital consent in your country), you can register and consent to data processing on your own.
  • If you are under 15 years old, you must obtain prior consent from your parents or legal guardian.
  • We do not knowingly collect data from children under 13. If a parent discovers that a child under 13 has created an account, they may contact us to have it deleted immediately.
  • Data from minors benefits from reinforced protection: no advertising profiling, no resale, simple and adapted communication.

9. Right to lodge a complaint

If you believe the processing of your personal data does not comply with the GDPR, you have the right to lodge a complaint with a supervisory authority:

Questions?

If you have any questions about this privacy policy or your personal data, please contact us at pomodoromethod.build@gmail.com