Legal

Privacy Policy

Last updated: July 16, 2026

This Privacy Policy explains how CoPomo ("we", "us") handles information when you use our website and services. By using CoPomo, you agree to this policy.

1. Information we collect

  • Account data — if you sign in: email, username, and authentication identifiers provided by our auth provider (Supabase).
  • Usage & focus data — tasks, categories, completed sessions, streak stats, and room activity you create while using the app.
  • Anonymous session data — guest usernames and temporary room presence stored locally or in realtime channels while you are in a room.
  • Third-party connections — if you connect Spotify, we process OAuth tokens needed to control playback in your browser. We do not store your Spotify password.

2. Cookies and similar technologies

We use cookies and local/session storage for essential site functions. This disclosure is especially important if advertising or measurement partners are added later.

  • Essential cookies — authentication/session cookies (for example via Supabase) so signed-in users stay logged in securely.
  • Preference storage — browser localStorage / sessionStorage for timer settings, bell volume, auto-start preferences, Spotify tokens (client-side), and anonymous room ownership hints.
  • OAuth cookies — short-lived cookies used during Spotify login (PKCE verifier) on the OAuth redirect host.
  • Advertising / analytics cookies — if we join an ad network or use analytics, those partners may set cookies to measure traffic, personalize ads, or limit how often you see an ad. We will update this policy and, where required, request consent before non-essential advertising cookies are used.

You can clear cookies and site data in your browser settings. Doing so may sign you out or reset local preferences.

3. How we use information

  • Operate timers, rooms, streaks, and account features
  • Sync co-op sessions and presence in realtime
  • Improve reliability and fix bugs
  • Communicate about the service when you contact us
  • Comply with legal obligations

4. Sharing

We use infrastructure providers such as Supabase (database, auth, realtime) and may use hosting providers to serve the site. Spotify receives only what is required for OAuth and playback when you connect your account. We do not sell personal information. Room members can see the public profile information you share in a room (username, public tasks, focus status).

5. Data retention

Account and history data is kept while your account remains active. You may request deletion by contacting us. Local/guest data remains on your device until you clear it.

6. Your choices

You can use CoPomo as a guest without creating an account, disconnect Spotify at any time, and control browser cookie settings. For access, correction, or deletion requests related to an account, see Contact Us.

7. Children

CoPomo is not directed at children under 13. You must be at least 13 years old to create an account or use the service.

8. Changes

We may update this policy from time to time. The "Last updated" date at the top will change when we do. Continued use after updates means you accept the revised policy.

9. Contact

Privacy questions: use the Contact Us page.