P
Privacy Policy
PlanPilot · Effective May 24, 2026 · Last updated May 24, 2026
PlanPilot is a personal productivity app. We store only what is necessary to make the app work, encrypt all personal data at rest, and never sell your information to third parties.
1. Information We Collect
When you create an account and use PlanPilot, we collect:
- Account information — your email address and a hashed password (we never store your password in plain text).
- App content — tasks, habits, goals, objectives, schedule blocks, and analytics you create inside the app. All content is encrypted at rest using AES-256-GCM.
- Public profile — an optional username and bio if you choose to create a public profile. Only this information is visible to others.
- Integration credentials — if you connect Canvas LMS, we store your access token encrypted. If you connect Google Calendar, we store OAuth tokens encrypted. These are used solely to sync your data into PlanPilot.
- AI API key — if you supply your own Gemini API key, it is stored encrypted and used only to power AI features on your behalf.
- Push notification subscription — if you enable notifications, we store the push endpoint and keys required to deliver them. No notification content is stored after delivery.
2. How We Use Your Information
- To provide, operate, and sync the app across your devices.
- To send push notifications you have opted into (task reminders, habit nudges).
- To power AI features (task planning, weekly retrospectives) using the Gemini API.
- To sync assignments from Canvas LMS or events from Google Calendar into your task list.
- To generate anonymous, aggregated analytics within your own account (no data is shared externally for analytics purposes).
We do not use your data for advertising, profiling, or any purpose beyond operating the app for you.
3. Third-Party Services
PlanPilot integrates with the following third-party services:
- Google Calendar — if connected, calendar events are fetched using your OAuth token and converted to schedule blocks. Governed by Google's Privacy Policy.
- Canvas LMS (Instructure) — if connected, upcoming assignments are fetched using your access token. Governed by your institution's Canvas data agreement.
- Google Gemini AI — AI chat and retrospective features send your messages and task context to the Gemini API. No data is retained by us beyond your session. Governed by Google's Generative AI Terms.
- Brave Search — the AI assistant can perform web searches using the Brave Search API. Queries are not linked to your account.
- Vercel — hosts the frontend application. Governed by Vercel's Privacy Policy.
- Render — hosts the backend server and encrypted database. Governed by Render's Privacy Policy.
4. Data Security
All personal data — including your tasks, habits, goals, integration tokens, and AI key — is encrypted at rest using AES-256-GCM before being written to the database. Passwords are hashed with bcrypt and never stored in plain text. All traffic between your device and our servers is encrypted in transit via HTTPS/TLS.
5. Data Retention
Your data is retained for as long as your account is active. You may delete your account at any time from the Profile screen inside the app, which permanently and irreversibly deletes all data associated with your account from our servers.
6. Children's Privacy
PlanPilot is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.
7. Your Rights
You have the right to:
- Access the data stored in your account (visible inside the app).
- Delete your account and all associated data from the Profile screen.
- Disconnect third-party integrations (Canvas, Google Calendar) at any time from the Integrations panel, which removes your stored credentials.
- Opt out of push notifications at any time via your device settings.
8. Changes to This Policy
We may update this policy from time to time. When we do, we will update the "Last updated" date at the top. Continued use of PlanPilot after changes constitutes acceptance of the updated policy.
Contact
If you have questions about this privacy policy or how your data is handled, please contact us at:
ayushms@hs.uci.edu