Privacy Policy

Introduction

Welcome to Monotask ("we", "our", or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our time tracking and productivity application.

As we are based in the United Kingdom, this policy is designed to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using our service, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Information You Provide to Us

Account Information: When you register, we collect your email address, username, first name, and last name.
Profile Information: You may choose to provide additional information such as a profile picture or bio.
Activity Data: Information about your activities, habits, routines, and time tracking data that you input into the application.
Social Features: When you use our social features, we collect information about your shared habits, progress updates, and interactions with other users.
Privacy Settings: Your preferences regarding which habits are public or private.
Communications: When you contact us or participate in our community features, we collect the content of your messages.

Information Collected Automatically

Usage Data: We collect information about how you interact with our application, including features used, actions taken, and time spent.
Device Information: Browser type, operating system, device type, and unique device identifiers.
Log Data: IP address, access times, pages viewed, and referring URLs.
Analytics Data: We use PostHog analytics to understand how users interact with our application. This includes page views, button clicks, and feature usage patterns.

How We Use Your Information

We use the information we collect for the following purposes:

Service Provision: To create and manage your account, provide time tracking functionality, and deliver the features you request.
Social Features: To enable you to share your habits with the community, follow other users, and participate in social features.
Search and Discovery: To make your public profile and habits discoverable to other users through search.
Personalisation: To customise your experience and provide relevant content and features.
Communication: To send you updates, security alerts, and support messages.
Improvement: To understand usage patterns, fix bugs, and develop new features.
Security: To detect and prevent fraud, abuse, and other harmful activities.
Legal Compliance: To comply with legal obligations and enforce our terms of service.

Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

Contract: Processing necessary to provide our services to you under our terms of service.
Legitimate Interests: Processing necessary for our legitimate interests, such as improving our services and ensuring security.
Consent: Where you have given us explicit consent, particularly for analytics and marketing communications.
Legal Obligation: Where we need to comply with a legal requirement.

Data Retention

We retain your personal information for as long as necessary to provide our services and fulfil the purposes described in this policy. When determining retention periods, we consider:

The length of time you have an account with us
Legal, regulatory, or contractual obligations
The need to retain data for security or fraud prevention

When you delete your account, we will delete or anonymise your personal information within 30 days, except where we need to retain it for legal reasons.

Privacy Controls

We provide you with granular control over your privacy:

Habit Privacy: You can set each habit as public or private. Private habits are never visible to other users and are excluded from all social features.
Profile Visibility: You can control what information appears on your public profile.
Search Visibility: While your username is searchable by default, you can limit what information other users can see.
Social Features: You can opt out of social features entirely while still using the core time tracking functionality.

Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete data.
Erasure: Request deletion of your personal data ("right to be forgotten").
Restriction: Request that we limit the processing of your data.
Portability: Receive your data in a structured, machine-readable format.
Object: Object to processing based on legitimate interests or for direct marketing.
Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

How to Exercise Your Rights

To exercise any of these rights, please contact us using our contact form and select "Privacy & Data Protection" as your inquiry type. In your message, please specify which right you would like to exercise and provide any relevant details.

Account Deletion: If you wish to delete your account and all associated data, please contact us directly. We will permanently delete your account and all personal data within 30 days of your request.

Data Export: If you would like to receive a copy of all your personal data in a portable format, please contact us and we will provide you with a complete export of your information within 30 days.

We will respond to all data rights requests within one month and verify your identity before processing any requests.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Cookies and Tracking

We use cookies and similar tracking technologies to improve your experience and analyse usage patterns. Types of cookies we use:

Essential Cookies: Required for the application to function properly, including authentication and security.
Analytics Cookies: Used by PostHog to understand how users interact with our application.
Preference Cookies: Remember your settings and preferences.

You can control cookies through your browser settings. Note that disabling certain cookies may limit functionality.

Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit using HTTPS
Secure password storage using industry-standard hashing
Regular security assessments and updates
Access controls and authentication mechanisms

While we strive to protect your personal information, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Children's Privacy

Our service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

International Data Transfers

Your information may be transferred to and processed in countries other than the UK. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

Standard contractual clauses approved by the UK government
Adequacy decisions recognising equivalent data protection standards
Your explicit consent where required

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email or through the application.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Contact: Use our contact form

Address: United Kingdom

We aim to respond to all privacy-related inquiries within 30 days.