Planomy Privacy Policy
Planomy is local-first: by default your plan lives in your browser and never touches our servers. This policy explains what stays on your device, what happens only if you opt into cloud sync, and how payments are handled.
What Planomy stores locally
Planomy is local-first. Planner data can remain on your device only. Local data, browser storage, and JSON exports are under your control and are not sent to our servers unless you choose to use cloud features.
Cloud account data
If you sign in, Supabase stores account information such as your user id, email address, profile fields, entitlement row, and encrypted planner blobs. Supabase may also store operational logs needed to provide and secure the service.
Planner encryption
Cloud planner contents are designed to be encrypted in the browser before upload when cloud encryption is enabled. Supabase receives the encrypted blob, not the plaintext plan. Your passphrase and recovery key are not sent to Supabase or Stripe by Planomy.
Payments
Stripe processes payments, subscriptions, invoices, taxes, and billing portal sessions. We store Stripe customer identifiers and subscription entitlement status so the app can decide which cloud features are available. Do not enter payment card details anywhere except Stripe-hosted pages.
Sharing and processors
We use service providers such as Supabase for hosted authentication and storage and Stripe for payments. We do not sell personal planner data.
Deletion
Deleting your account cancels any active Stripe subscription server-side and then removes your cloud data — collaborator rows, planner documents, profile, entitlement, and the auth user. If subscription cancellation fails, deletion stops and you are shown a support path instead of an orphaned subscription. Local data remains on your device until you remove it from the browser or delete exported files.
Contact
Privacy questions and deletion requests can be sent to support@example.com.