Privacy Policy for PlanCoo

1. Introduction

PlanCoo ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you use our service.

We strive to respect privacy laws relevant to our users, including principles from the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Data Controller

PlanCoo is the data controller for personal information processed through our service.

Email: [email protected]

3. Information We Collect

3.1 Information You Provide

Account Information: Name, email, company, job title, profile picture
Project Data: Tasks, timelines, comments, files you upload
Payment Information: Processed by LemonSqueezy (our payment processor)

3.2 Information Collected Automatically

Usage Data: How you interact with our service
Device Information: IP address, browser type, device type
Cookies & Similar Technologies: For authentication, preferences, and analytics

3.3 Information from Third Parties

Authentication data when you log in with Google (if you choose to use Google sign-in).
Integration data from connected services

4. Legal Basis for Processing

We process your data based on the following legal grounds:

Contract Performance: To provide our service to you
Legitimate Interests: To improve our service, for security, and business operations
Consent: For marketing communications (where applicable)
Legal Obligations: To comply with applicable laws

5. How We Use Your Information

To provide and maintain our service
To process payments and manage subscriptions
To improve and personalize the user experience
To communicate with you about service updates
To protect our service and prevent abuse
To analyze usage patterns and improve features

6. Data Sharing

6.1 Service Providers

We share data with trusted third parties who help us operate our service:

Microsoft Azure: For hosting and data storage
Firebase: For authentication and user management
LemonSqueezy: For payment processing
Analytics Services: For service improvement

6.2 Legal Requirements

We may disclose information when required by law or to protect rights and safety.

6.3 Business Transfers

If we're involved in a merger or acquisition, your data may be transferred.

7. International Data Transfers

PlanCoo uses EU/EEA-based storage for primary application data and also relies on certain global/US-based services (platform delivery, security/abuse prevention, payments). This may involve processing and transfers outside the EU/EEA.

Current overview (factual):

Primary application data and files (Microsoft Azure): West Europe (Netherlands) (Azure SQL Database and Azure Blob Storage).

Hosting/edge delivery (Azure Static Web Apps): Resource region: East US 2 (Azure resource location) with globally distributed edge/CDN delivery (Global).

Operational telemetry (Azure Application Insights / Log Analytics): Not enabled (no application telemetry ingestion is configured at this time).

Authentication and abuse prevention (Google: Firebase Authentication, reCAPTCHA): Global service (Google).

Payments/subscriptions (LemonSqueezy): US/global processing by the payment provider.

DNS/traffic security (Cloudflare): Global network processing.

Where relevant, international transfers are addressed through contractual safeguards (including the European Commission's Standard Contractual Clauses) and vendor documentation.

Microsoft Azure's compliance documentation is available at: https://docs.microsoft.com/en-us/compliance/regulatory/gdpr

8. Data Security

We implement reasonable security measures including:

Encryption in transit and at rest
Access controls and authentication
Regular security assessments
Employee training on data protection

9. Data Retention

We retain your personal data only as long as necessary to provide our service and fulfill the purposes outlined in this policy, unless longer retention is required by law.

10. Your Rights

Depending on your location, you may have the right to:

Access your personal data
Correct inaccurate data
Delete your data (with certain limitations)
Object to or restrict certain processing
Data portability
Withdraw consent
Lodge a complaint with a supervisory authority

To exercise any of these rights, including requesting a copy of your data (Data Portability), please contact us at [email protected]. We will process your request within 30 days.

10.1 California Residents

California residents have additional rights under the CCPA/CPRA. We do not sell personal information as defined by the CCPA.

11. Cookies and Tracking Technologies

We use cookies and local storage to ensure our website works correctly, analyze usage, and improve our marketing.

11.1 Types of Cookies We Use

Necessary (Always Active): Essential for the website to function (e.g., logging in, security, payment processing). These cannot be switched off.

- Examples: Firebase Auth tokens (localStorage), LemonSqueezy session.

Analytics: Help us understand how visitors interact with the website by collecting and reporting information anonymously.

- Examples: Google Analytics.

Marketing: Used to track visitors across websites to display relevant ads.

- Examples: Google Ads, Facebook Pixel.

11.2 Managing Consent

When you first visit our site, you will see a cookie banner allowing you to choose which categories of cookies you accept. You can update your preferences at any time by clearing your browser cookies for our domain.

11.3 Third-Party Processors

We use the following third-party services which may process your data:

Google (Firebase & Analytics): For authentication and usage analysis.
LemonSqueezy: For processing payments and managing subscriptions.
Microsoft Azure: For secure hosting and database services.

You can manage cookie preferences through your browser settings or our consent banner.

12. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect information from children.

13. Changes to This Policy

We may update this Privacy Policy. We'll notify you of significant changes through the service or via email.

14. Contact Us

For questions about this Privacy Policy or to exercise your rights:

Email: [email protected]

If you're unsatisfied with our response, you may contact the Norwegian Data Protection Authority (Datatilsynet).

Last updated: March 24, 2025