Thiskle
PrivacyCookiesTerms

Privacy Policy

Last updated: July 10, 2026

The short version. Thiskleis a personal life-organizer. Your planner data is yours. We don't sell it, we don't use advertising or tracking cookies, and we don't build a profile of you for anyone else. AI features run only when you switch them on with your own API key, and the email-capture tools never send an email to any AI or to us automatically. This page explains the details.

This Privacy Policy explains what personal data Thiskle(“we”, “us”) collects, why, who we share it with, and the rights you have over it. It covers the Thiskle web app and the optional Outlook add-in.

1. Who is responsible for your data

The data controller for the purposes of the EU/UK General Data Protection Regulation (GDPR) and the business responsible under the California Consumer Privacy Act (CCPA/CPRA) is [Operator legal name — replace before publishing]. For any privacy question or to exercise your rights, contact us at privacy@thiskle.com.

2. Information we collect

We only collect what the app needs to work for you:

a. Account & identity

  • Your email address (to sign in and to send the emails you enable).
  • Your name, if you provide one.
  • A one-way hash of your password (we never store the password itself), or, if you use the passwordless option, a short-lived hashed login code.

b. The content you create

Everything you put into your planner: tasks, events, goals, habits, notes, categories, checklists, focus sessions, reading lists, trips, meals, plants, bills and subscriptions, vehicles, documents you track (e.g. renewal dates), people and gift ideas, and — if you use shared spaces — your household membership and the email addresses you invite.

c. Sensitive information you choose to add

Some optional features let you record data that counts as special-category (sensitive) data under GDPR — for example a birth year and sex used to tailor preventive-care reminders, medications and health-screening logs, a mood and reflection journal, and pet-health logs. You are never required to enter any of this. If you do, our legal basis is your explicit consent (GDPR Art. 9(2)(a)), given by choosing to enter it, and we use it only to power the feature you entered it for. You can delete any of it at any time.

d. Location (only if you set it)

If you add a location for weather-aware chore timing, we store the place label and its coordinates and send those coordinates to our weather provider (see processors). We do not track your device location.

e. Email content you capture

The Capture feature and Outlook add-in turn an email into to-dos. Crucially, your email is not sent to any AI or to us automatically. You paste or open an email, the app builds a text prompt on your device, and you run it in whatever AI tool you choose. Only when you click to add the resulting tasks do we store the email's subject, sender, and body alongside the tasks it produced — so you can trace where a task came from. You can delete a capture at any time.

f. Technical & security data

  • IP address, used transiently as a rate-limiting key to protect sign-in and other endpoints from abuse. It is not attached to your account or written to application logs.
  • Diagnostic data from errors (e.g. an error message and technical context) via our error-monitoring provider, so we can fix crashes. This is only active in production.
  • Essential cookies and local storage needed to keep you signed in and remember your appearance preference — detailed in our Cookie Policy.

We do not use advertising cookies, third-party analytics, cross-site trackers, or any technology that builds an advertising or behavioural profile of you.

3. How we use your information, and our legal bases

Under GDPR we must have a lawful basis for each use of your data. Here is how they map:

What we doWhyLegal basis (GDPR)
Run your account and store your planner dataTo provide the service you asked forPerformance of a contract — Art. 6(1)(b)
Send login codes, password-reset and verification emailsTo let you access and secure your accountPerformance of a contract — Art. 6(1)(b)
Rate-limiting, abuse prevention, security loggingTo keep the service and your account safeLegitimate interests — Art. 6(1)(f)
Optional features: email digests, push notifications, weather, AI suggestionsBecause you switched them onConsent — Art. 6(1)(a); withdraw any time
Health, mood, and other sensitive entries you addTo power the feature you entered them forExplicit consent — Art. 9(2)(a)
Meeting legal obligationsWhen the law requires itLegal obligation — Art. 6(1)(c)

4. AI features

AI-assisted suggestions (such as gift ideas, goal breakdowns, and weekly-review notes) are off by default. They work only if you enable them and provide your own third-party AI API key, which we store encrypted and never expose back to the browser. When a feature runs, only the specific content it needs is sent to that AI provider under your own account with them — their terms and privacy policy then also apply. If you don't enable AI, no data is ever sent to an AI provider.

The Capture feature and Outlook add-in are a separate, deliberately manual flow: the prompt is generated on your device and you run it in your chosen AI. Thiskle itself does not call any AI on your behalf for capture.

5. Who we share data with

We do not sell your personal information and we do not share it for advertising. We use a small number of service providers (“processors”) to run the app. Each receives only what it needs, and only for optional features you turn on:

ProviderWhat it processesWhen
Hosting & database provider (e.g. Vercel, and a managed PostgreSQL host)Serves the app and stores your account and contentAlways (core infrastructure)
Email provider (e.g. Resend)Your email address and the message content of emails we send you (login codes, and the morning digest — which includes your own task/event titles)When email is configured and you receive an email
Error monitoring (e.g. Sentry)Technical diagnostic data from errors, which may incidentally include personal data present in an errorProduction only, when an error occurs
Weather & geocoding (Open-Meteo)Your coordinates, or a place name you search — sent without an account or identifierOnly if you set a location
AI provider (e.g. Anthropic / Claude)Only the specific content for the AI feature you invoked, under your own API keyOnly if you enable AI with your own key
Push-delivery services (Google, Apple, Mozilla, Microsoft)An encrypted notification payload delivered to your deviceOnly if you enable push notifications
Microsoft (Outlook add-in)The add-in loads Office.js from Microsoft and runs inside Outlook; your email is read on your deviceOnly if you install the Outlook add-in
Calendar providers you connectIf you import a calendar, we fetch it from the provider whose link you gave. If you enable the outgoing calendar feed, anyone you give that secret link to can read the events it containsOnly for calendars you connect or share

We may also disclose data if required by law, or to protect the rights, safety, and security of our users and the service.

6. How long we keep your data

We keep your account data for as long as your account exists. You can delete individual items whenever you like, and they are removed from our active database. Security artefacts are short-lived by design (login codes expire in minutes, reset links in an hour). If you delete your account, all of your associated data is deleted along with it (see below). Backups are retained for a limited period and then cycle out.

7. Your rights

Depending on where you live, you have some or all of the following rights over your personal data. We honour these rights for everyone, regardless of location.

  • Access — get a copy of the data we hold about you.
  • Portability — export your data in a machine-readable format.
  • Rectification / correction — fix data that is wrong.
  • Erasure / deletion — delete your data or your whole account.
  • Restriction & objection — limit or object to certain uses.
  • Withdraw consent — turn off any optional feature at any time.
  • Non-discrimination(CCPA) — we won't treat you differently for exercising your rights.

You can act on most of these yourself: edit or delete any item in the app, and use Settings → Your data to export everything or permanently delete your account. For anything else, or to make a formal request, email us at privacy@thiskle.com and we will respond within the timeframe the law requires (usually within one month). EU/UK users also have the right to complain to their local data-protection authority.

California “Do Not Sell or Share”: we do not sell or share personal information as those terms are defined under the CCPA/CPRA, and we do not engage in cross-context behavioural advertising, so no opt-out is necessary.

8. How we protect your data

  • All traffic is encrypted in transit over HTTPS (with HSTS).
  • Passwords are hashed with bcrypt; we never store them in plain text.
  • Secrets you entrust to us — such as your AI API key and connected-calendar links — are encrypted at rest with AES-256-GCM.
  • Single-use tokens and login codes are stored only as keyed (HMAC) hashes.
  • A strict Content-Security-Policy, anti-abuse rate limiting, and server-side protection against malicious URLs are in place.

No system is perfectly secure, but we take reasonable measures to protect your data.

9. International data transfers

Our providers may process data in the United States and other countries. Where data is transferred out of the EEA or UK, we rely on the safeguards those providers offer (such as Standard Contractual Clauses). By using the service you understand your data may be processed in these locations.

10. Children

Thiskle is not directed to children. It is intended for users aged 16 and over (or the age of digital consent in your country). We do not knowingly collect data from children; if you believe a child has provided us data, contact us and we will delete it.

11. Changes to this policy

We may update this policy as the service evolves. We'll change the “last updated” date above and, for material changes, give you notice in the app or by email.

12. Contact

Questions, requests, or complaints: privacy@thiskle.com. See also our Cookie Policy and Terms of Service. This Privacy Policy is governed by the laws of [Your jurisdiction — e.g. England & Wales].

© 2026 ThiskleBack to home