Back to TamaTimo

Privacy Policy

Last updated: March 14, 2026 ยท Effective immediately

1. Who we are

TamaTimo ("we", "our", "us") is a productivity application operated by PragmaGeeks. For GDPR purposes, PragmaGeeks is the data controller. Contact: privacy@tamatimo.app

2. What data we collect
  • Account data: name and email address provided at registration.
  • Usage data: tasks, Pomodoro sessions, settings and productivity stats you create within the app.
  • Technical data: IP address, browser type, device info โ€” collected for security and performance only.
  • Cookies: session cookies (essential) and optional analytics cookies (only with your consent).
3. Why we collect it (legal basis)
  • Contract performance (Art. 6(1)(b) GDPR): to provide the TamaTimo service.
  • Legitimate interests (Art. 6(1)(f) GDPR): security, fraud prevention, service improvement.
  • Consent (Art. 6(1)(a) GDPR): analytics cookies โ€” only if you accept.
4. How long we keep it

Account data is retained for the duration of your account + 30 days after deletion. You can request deletion at any time (see Section 7).

5. Who we share it with

We do not sell your data. We may share data with:

  • Hosting providers (infrastructure only, under DPA)
  • Email delivery services (transactional emails only)
  • Analytics providers (only if you consent to non-essential cookies)

All sub-processors are GDPR-compliant and bound by Data Processing Agreements.

6. International transfers

Your data is stored within the EU. Any transfer outside the EU is protected by Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Your rights (GDPR)

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict or object to processing
  • Data portability (export your data in machine-readable format)
  • Withdraw consent at any time (for consent-based processing)

To exercise any right: privacy@tamatimo.app. We respond within 30 days. You may also lodge a complaint with your national supervisory authority.

8. Security

All data is encrypted in transit (TLS 1.3) and at rest. Passwords are hashed using bcrypt. We follow OWASP security guidelines and conduct regular security reviews.

9. Changes to this policy

We'll notify you by email of material changes at least 30 days before they take effect.