Privacy Policy

• Account data: email, optional name, and (for password sign-up) a bcrypt hash of your password. We never see the plaintext.
• Project data: the tasks, dates, comments, attachments, and other content you create.
• Logs: request metadata (IP address, user agent, timestamps) for security and debugging.

To operate the service: render your charts, send notifications you opt into, and protect Madi from abuse. We do not sell or rent your data.

• Cloudflare - application hosting, edge network, R2 (file storage), Hyperdrive (database connection pooling).
• Neon - Postgres database.
• Resend - transactional email (password resets, notifications).
• Google - "Sign in with Google" when you choose it.
• Sentry - error tracking.

• Active accounts: kept while your account is active.
• Deleted accounts: data is removed within 30 days.
• Demo accounts: automatically pruned after 24 hours.
• Logs: 90 days, then auto-deleted.

You can:

• Export your project data at any time - CSV / ZIP from each project's menu.
• Download your account data as a JSON file from your account settings.
• Delete your account from your account settings. Owned workspaces and their content are removed within 30 days.

For other GDPR / CCPA requests (rectification, restriction, objection), email support@madiplan.app.

We use a single first-party session cookie for authentication. No third-party tracking cookies, no advertising trackers.

We'll announce material changes via email or in-product notice at least 14 days before they take effect.

Privacy questions? support@madiplan.app