01 / 06
What we collect
Only what's needed to run the service: your email, your hashed password, the tasks you create, and your sync and notification preferences. We don't collect contacts, location, or browsing history.
Privacy Policy
Your data, on your terms
A good product doesn't need your privacy as currency.
Last updated: May 9, 2026
π
Encrypted by default
Sensitive fields are encrypted at rest.
ποΈβπ¨οΈ
No ad tracking
We don't sell or trade your data.
π§Ή
Hard delete
Delete means gone, no shadow copy.
02 / 06
How we use it
To sign you in, sync your tasks, deliver reminders you've opted into, and improve the product. We don't use your data for ad targeting, and we don't train general-purpose models on it.
03 / 06
Third parties
We work with a small set of providers required to run the service: cloud hosting, transactional email, push delivery. Each is under a data-processing agreement with minimized fields.
04 / 06
Security and encryption
TLS 1.3 in transit, field-level encryption at rest for sensitive values. Passwords are hashed with Argon2. Push credentials like Bark keys are only visible inside your account.
05 / 06
Your rights
Export your data, delete your account, or revoke any consent at any time. Deletion is a hard delete; we do not keep shadow copies.
06 / 06
Contact us
Reach us via the contact page with any privacy questions. We aim to reply within 7 business days.
π
Privacy is a posture, not a policy
We built Todo Flow so the product works without knowing more about you than it needs. That's the whole idea.