Privacy Policy

Last updated: March 31, 2026

Todai ("we", "our", or "the app") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your choices.

1. Data We Collect

Data you create in Todai

Todos, subtasks, and notes — text you enter to organize your tasks.
Bills and financial entries — bill names, amounts, and due dates you add for tracking.
Workout and running data — exercises, sets, reps, distances, and routes you log.
Habit routines — routine names, frequencies, and completion counts.

Data from third-party services (with your permission)

Apple Calendar events — event titles, times, and locations from your device calendar. Accessed via EventKit with your explicit permission.
Google Calendar events — event titles, times, and locations from your Google Calendar. Accessed via the Google Calendar API (read-only) after you sign in with your Google account.
Apple Reminders — reminder titles, due dates, and recurrence rules. Accessed via EventKit when you choose to import reminders.
HealthKit data — step count, heart rate, and workout metrics. Only accessed if you grant Health permissions.
Location data — GPS coordinates during running sessions only. Not collected at any other time.
Financial transactions — transaction data from linked bank accounts via Plaid. Only accessed if you choose to link an account.

2. How We Use Your Data

To provide the app's features — displaying your todos, tracking habits, showing calendar events, and recording workouts.
To sync across devices — your data is synced via Apple iCloud (CloudKit) so it's available on all your Apple devices.
Calendar data is read-only — we only read your calendar events to display them. We never create, modify, or delete events in your Apple or Google calendars.

3. Data Storage and Security

All app data is stored on your device and in your personal iCloud account via CloudKit.
We do not operate our own servers that store your personal data.
Google Calendar data is fetched in real-time and is not permanently stored — it is only held in memory while the app is open.
Financial data from Plaid is stored locally on your device and synced via your iCloud account.

4. Data Sharing

We do not sell, share, or transfer your personal data to third parties. Your data stays between your device, your iCloud account, and the third-party services you explicitly connect (Google, Plaid).

5. Third-Party Services

Apple iCloud (CloudKit) — for syncing data across your devices. Governed by Apple's Privacy Policy.
Google Sign-In & Calendar API — for accessing your Google Calendar events (read-only). Governed by Google's Privacy Policy.
Plaid — for linking bank accounts and fetching transactions. Governed by Plaid's Privacy Policy.

6. Google API Services Usage Disclosure

Todai's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

We only request read-only access to your Google Calendar (calendar.readonly scope).
Calendar data is used solely to display your events within the app.
We do not use Google Calendar data for advertising, market research, or any purpose unrelated to providing the app's calendar feature.
We do not transfer Google Calendar data to third parties.

7. Your Choices

You can revoke calendar access at any time in iOS Settings or by signing out of Google within the app.
You can revoke Health access in iOS Settings > Health > Data Access.
You can unlink bank accounts in the app's Settings.
You can delete all your data using the "Delete All Data" option in Settings.

8. Children's Privacy

Todai is not directed at children under 13. We do not knowingly collect data from children under 13.

9. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date.

10. Contact Us

If you have questions about this Privacy Policy, contact us at support@todai.club.