Privacy

Privacy Policy

This policy explains what data All Do collects when you use it, why we collect it, where it's stored, and the choices you have. We aim to collect as little as possible.

Last updated: May 27, 2026  ·  Effective date: May 27, 2026

1. Who we are

All Do is operated by Aetix LLC ("Aetix", "we", "our", "us"). You can reach the team at hello@aetixlab.com or via aetixlab.com. Aetix is the data controller for the information described below.

2. Information we collect

• Account information from your Google sign-in: email address, display name, profile picture URL, and a Google account identifier.
• Content you create in the app: board names, tasks, people/profiles, PTO entries, tabs, and any text/links you add. This content is stored under your account in our database.
• Sharing data: when you invite collaborators, we store the invited email address and role on the board.
• Usage events: a lightweight log of actions taken in the app (sign‑in, board create/delete, task create/update/delete, PTO add/remove, sharing changes, sync errors, session start). Each event records a timestamp, your account id, the event type, and minimal non‑sensitive context (e.g. block type, error code). The request's IP address, user‑agent string, and language preference are captured for sign‑in/session events for security and analytics.
• Technical data: information your browser and device automatically provide when you load the site (IP address, user‑agent, referrer, language).
• Browser storage: we use localStorage and sessionStorage on your device to remember your view preferences (zoom level, swimlane heights, last opened board), an offline snapshot, and a per‑tab session marker. This data lives on your device.

We do not intentionally collect special categories of data (e.g. health, political views, biometrics).

3. How we use information

• To provide and operate the service: authenticate you, store your boards, sync changes across your devices and collaborators.
• To keep the service secure and debug problems (e.g. identifying sync errors).
• To understand product usage in aggregate (e.g. how many users opened the app this week).
• To communicate with you, only if you opt in (e.g. by subscribing on the landing page).

4. How we share information

We do not sell your data. We share data only with the service providers that make All Do work, each acting as a processor on our behalf:

• Google — sign‑in (OAuth). Google receives the fact that you signed in; we receive your basic profile.
• Supabase (Supabase Inc.) — authentication, database hosting (Postgres) and realtime sync. Boards and events are stored in a project hosted in the Oregon (US) region.
• Vercel (Vercel Inc.) — hosting and serving of the static site.
• Email service — if you subscribe to updates, your email is stored to send you those updates.

We may disclose information when required by law or to protect the rights, safety, or property of Aetix, our users, or others.

5. Data storage and security

Data is stored in Supabase's managed Postgres in the US (Oregon). Access to the production database is restricted to authorised Aetix personnel. Database access is enforced by Row‑Level Security so a user can only read or write their own boards (and boards explicitly shared with them). Connections to the service use HTTPS/TLS.

6. Cookies and similar technologies

All Do does not use marketing or tracking cookies. The site uses localStorage and sessionStorage on your device for the technical purposes described in section 2. Our auth provider (Supabase) sets a session cookie/token used to keep you signed in; clearing site data removes it.

7. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can:

• Update your profile/boards directly in the app.
• Delete a board you own from the share/settings dialog.
• Request full account and data deletion by emailing hello@aetixlab.com. We will action verified requests within 30 days.

If you are in the EEA/UK, you also have the right to lodge a complaint with your local data‑protection authority.

8. Data retention

We retain account and content data for as long as your account is active. Usage events are retained for up to 24 months, after which they are deleted or aggregated. When you delete your account, we delete or irreversibly anonymise associated personal data within 30 days, except where retention is required by law (e.g. tax/accounting records).

9. International users

If you access All Do from outside the United States, you understand that your information will be transferred to and processed in the United States by our hosting providers. We rely on Standard Contractual Clauses or equivalent safeguards where required by law.

10. Children's privacy

All Do is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page will change accordingly. Material changes will be communicated through the app or by email if you've subscribed.

12. Contact

Questions, requests, or complaints? Email hello@aetixlab.com.