PomoboxPomobox

Privacy Policy

Last updated: January 22, 2026

1. Introduction

Welcome to Pomobox. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our service.

2. Information We Collect

2.1 Account Information (Registered Users)

When you create an account, we collect:

  • Email address
  • Encrypted password (hashed, not stored in plain text)
  • Account creation date
  • Google OAuth information (if you sign in with Google): Provider ID, email address, and profile image

2.2 User Activity Data (Registered Users)

When you use Pomobox while logged in, we collect:

  • Focus session records (duration, completion time)
  • Daily statistics (date, session count, total focus minutes)
  • Attendance check-in records
  • Streak statistics (consecutive days)

2.3 Local Storage (All Users)

For users who are not logged in, we store data locally in your browser using localStorage. This data includes:

  • Timer settings and preferences
  • Session history
  • Daily statistics
  • Attendance records

This data never leaves your device and is not accessible to us. You can clear this data at any time through your browser settings.

2.4 Automatically Collected Information

When you use Pomobox, we may automatically collect:

  • Device information (browser type, operating system)
  • Usage data (pages visited, time spent)
  • IP address (anonymized)

2.5 Cookies and Similar Technologies

We use cookies and similar tracking technologies for authentication and to improve your experience. Essential cookies are required for the service to function properly.

3. Third-Party Services

3.1 Supabase

We use Supabase as our database and authentication provider. Supabase stores your account information and activity data on secure servers. Supabase Privacy Policy

3.2 Vercel

Our website is hosted on Vercel. Vercel may collect anonymous usage data and logs. Vercel Privacy Policy

3.3 Google AdSense

We use Google AdSense to display advertisements. Google may use cookies to serve ads based on your prior visits to this or other websites. You can opt out of personalized advertising by visiting Google Ads Settings

3.4 Resend

We use Resend as our email delivery service for sending authentication and notification emails (such as password reset links and account verification). Resend Privacy Policy

4. How We Use Your Information

We use the collected information to:

  • Provide and maintain our service
  • Authenticate your account and keep you signed in
  • Sync your focus data across devices (registered users)
  • Display your productivity statistics
  • Improve user experience
  • Display relevant advertisements
  • Analyze usage patterns

5. Data Storage and Retention

5.1 Registered Users

Your account and activity data is stored on Supabase servers. We retain your data for as long as your account is active. If you delete your account, your data will be permanently deleted immediately.

5.2 Non-Registered Users

If you use Pomobox without an account, all your data is stored locally in your browser (localStorage). This data is not transmitted to our servers and remains on your device until you clear your browser data.

6. Data Security

We implement appropriate security measures to protect your data:

  • All data is transmitted over HTTPS (encrypted connection)
  • Passwords are hashed using industry-standard algorithms
  • Database access is protected by Row Level Security (RLS) policies
  • We regularly review and update our security practices

7. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Object to data processing
  • Data portability
  • Withdraw consent at any time

8. Your Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information is collected
  • Know whether your personal information is sold or disclosed
  • Say no to the sale of personal information (we do not sell your data)
  • Request deletion of your personal information
  • Not be discriminated against for exercising your privacy rights

9. How to Delete Your Data

9.1 Registered Users

You can permanently delete your account and all associated data at any time through the 'Delete Account' option in your My Account page. The deletion is immediate and irreversible.

9.2 Non-Registered Users

To delete your local data:

  1. Open your browser settings
  2. Navigate to Privacy or Site Settings
  3. Find and clear site data for pomobox.app

Alternatively, you can clear all browsing data or use your browser's developer tools to clear localStorage.

10. Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

If you have questions about this privacy policy or want to exercise your data rights, please contact us at: pomoboxapp@gmail.com

Back to Pomobox