Back to home

Privacy policy

Terms of service Privacy policy Legal notice
Last updated: Dec 27, 2025

1. Introduction

At Postgenda, we take the protection of your personal data very seriously. Your data belongs to you, not to Postgenda.

Postgenda is a time management and journaling SaaS for self-awareness and self-evolution. Our main activities are: enabling anyone to reach and exceed their goals, providing professional coaching tools and personal and professional development support, and creating digital systems for personal fulfillment. Since we work with your very personal data (your goals, activities, reflections), privacy is at the heart of our commitment.

This privacy policy explains how we collect, use, store and protect your personal information in compliance with GDPR and French law.

2. Data we collect

2.1 Account information

  • Email address (required to create account)
  • Password (hashed and secured)
  • Full name
  • Timezone (automatically detected)
  • Account creation date
  • Last Login
  • Email verification status

2.2 Third-party authentication data

If you sign in via Google or Apple:

  • Unique identifier from third-party service
  • Email address associated with third-party account
  • First and last name (if available)

2.3 Technical data

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited and session duration
  • Cookies and similar technologies

2.4 Usage data

  • Features used
  • User preferences
  • Performance and analytics data

2.5 Subscription and payment data

  • Subscription type (free trial, monthly, annual, lifetime)
  • Subscription start and end dates
  • Plan status (active, expired, canceled)
  • Billing information (if applicable)

2.6 Desktop and mobile app data

  • Data stored locally on your device (by default, no synchronization)
  • Optional: synchronization with our server for user data (Categories, Subcategories, Time Sessions, Decisions, Events...)
  • Authentication tokens for secure access
  • Securely encrypted data if end-to-end encryption is enabled. Otherwise simply encrypted on server side.
  • Synchronization logs and login events

2.7 Contenu utilisateur

  • Profiles : Your personal profiles with labels, colors and timer display preferences
  • Categories : The categories you create to organize your activities (e.g. "Tool Creation", "Opportunities")
  • Subcategories : The subcategories associated with your categories (e.g. "Freelance", "Video")
  • Sessions : Your recorded time sessions with descriptions, durations, associated categories and subcategories
  • Events : Your personal events to track important changes, with descriptions, directional impacts and intensity
  • Event options : Your decisions and configurations associated with your categories and events for personalized tracking

3. How we use your data

3.1 Processing purposes

We use your data for:

  • Providing service: Create and manage your account, authentication, storage and optional content synchronization
  • Subscription management: Process free trials, manage plans, renewals and payments via Stripe
  • Desktop/mobile applications: Optional data synchronization, authentication, JWT token management
  • Improving experience: Anonymized usage statistics, interface optimization (without profiling)
  • Communication: Critical notifications (subscription expiration, renewal), customer support
  • Security: Fraud prevention, unauthorized access detection, abuse prevention
  • Scientific research: Only with your explicit consent signed in the application and on this website
  • Legal obligations: Compliance with applicable regulations

3.2 Legal basis

Our processing is based on:

  • Contract: Execution of our services
  • Legitimate interest: Service improvement, security
  • Consent: Marketing communications (optional)

4. Data sharing

We never sell your personal data. We can only share your data in the following cases:

4.1 Service providers (under confidentiality agreements)

  • Hosting and cloud infrastructure: Railway (database) and Cloudflare (CDN)
  • Payment services: Stripe (for subscriptions and payments)
  • Authentication services: Google, Apple (if you use third-party authentication)
  • Domain registrar: OVH (postgenda.com domain management)
  • DNS services: Cloudflare
  • Monitoring services: For security and performance (anonymized data only)

Important: If you enable end-to-end encryption, synchronized data is encrypted before being sent to our servers, so no service provider (including us) can access it.

4.2 Legal obligations

If required by law or official request from a court or authority, we may be required to disclose information. If you have enabled end-to-end encryption, we cannot provide your personal data because it is undecryptable without your personal password.

5. Data security

We implement appropriate technical and organizational measures:

  • Encryption: HTTPS/TLS for all network communications
  • Secure hashing: Passwords hashed with modern algorithms (bcrypt, argon2)
  • Optional end-to-end encryption: Available in desktop/mobile applications with personal keys
  • Restricted access: Principle of least privilege for our teams
  • JWT authentication: Secure tokens for applications
  • Backups: Regular encrypted backups
  • Monitoring: Intrusion and anomaly detection

6. Data retention

We retain your data as long as necessary for:

  • While your account is active: All data necessary for service operation
  • After deletion: Data is deleted within 30 days (except legal obligations)
  • Compliance with legal obligations: Some data may be retained longer if legally required
  • Disputes: Payment/invoice data is retained according to tax obligations (6 years)

Inactive account: Accounts with no activity for more than 2 years may be deleted after email notification.

7. Your rights

Under GDPR, you have the following rights:

7.1 Right of access

Obtain a copy of all personal data we hold about you.

7.2 Right of correction

Correct inaccurate or incomplete data.

7.3 Right to be forgotten

Request deletion of your data in certain circumstances.

7.4 Right to data portability

Receive your data in a structured, machine-readable format.

7.5 Right of objection

Object to the processing of your data for legitimate reasons.

7.6 Right to restrict processing

Request restriction of processing of your data.

8. Cookies and similar technologies

We use cookies minimally:

  • Essential cookies: Authentication, secure sessions, CSRF protection (mandatory)
  • Functional cookies: Language preferences, "Remember me" (optional)
  • No advertising cookies: Postgenda does not use targeted advertising
  • No third-party tracking cookies: Except Google Analytics for anonymized statistics (optional)

You have the right to refuse non-essential cookies. These will be requested with your explicit consent.

9. International transfers

Your data may be transferred to countries outside the EU only if appropriate safeguards are in place (adequacy decision, standard contractual clauses, etc.).

10. Policy changes

We may modify this privacy policy. Significant changes will be notified to you by email or through our platform before taking effect.

11. Contact and complaints

To exercise your rights or for any questions:

You also have the right to lodge a complaint with the CNIL (French Data Protection Authority) if you believe your rights are not being respected.

This privacy policy complies with the General Data Protection Regulation (GDPR) and French Data Protection Act.