Privacy Policy
Last updated: March 2026
At Václav Mikeska ("we," "our," or "us"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Plaineo mobile application and related web services (collectively the "Service").
By using the Service you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.
1. Who We Are
Václav Mikeska Vídeňská 39, Brno, Czech Republic Company ID: 75755122 | VAT: CZ8307034549 Email: mikeska@gmail.com Website: plaineo.com
For all privacy-related enquiries, data access requests, or deletion requests, please use the email address above.
2. Data We Collect
2.1 Data You Provide Directly
| Data type | Purpose |
|---|---|
| Email address | Account creation, authentication, communications |
| Display name / username | User profile shown to collaborators |
| Calendar and task content | Core functionality — your tasks, events, reminders, notes, and subtasks |
| Attached files and images | Stored as task attachments |
| Voice recordings (microphone) | Transcribed locally or via AI API for voice commands; audio is not stored after transcription |
| Photos / images from camera or gallery | Processed by AI vision for task extraction; images are not permanently stored by AI providers |
| Location (optional) | Used for place-based tasks and suggestions; only collected with your explicit permission |
| Shared content | Tasks and files you share with other Plaineo users |
Prominent disclosure (Google Play policy requirement): Plaineo collects microphone audio to enable voice commands. Audio is transmitted to an AI transcription service (OpenAI Whisper or Google Gemini) for conversion to text and is not stored after transcription. Plaineo collects camera or gallery images when you choose to use the AI image-analysis feature. Images are transmitted to an AI vision service for task extraction and are not stored after processing. These features are always user-initiated — the microphone and camera are never accessed in the background.
2.2 Data Collected Automatically
- Device information: device type, operating system version, unique device identifiers (managed by Firebase)
- Usage data: features used, interaction patterns, session duration
- Log data: IP address, browser type, access timestamps, error logs
- Push notification tokens: Firebase Cloud Messaging (FCM) token for delivering push notifications
- Notification payload: Push notifications may contain task names, reminder text, and sharing-related messages (e.g. "User X shared a task with you"). This content is transmitted through Google's FCM infrastructure.
2.3 Data from Third-Party Sign-In
When you sign in with Google, we receive your email address, display name, and profile photo from Google. We do not receive or store your Google password. Authentication state is managed entirely by Firebase Authentication (see Section 3).
2.4 User-to-User Sharing
When you share a task, calendar item, or file with another Plaineo user, we store the recipient's user identifier (UID) and email address in association with the shared item in order to enforce access control. The recipient will be able to see the content you explicitly shared with them. You are responsible for only sharing content with users you intend to share with. You may revoke sharing at any time, after which the recipient will no longer have access to the shared content.
3. Authentication and Credentials
We do not store your passwords or authentication credentials. All authentication — including email/password login, Google Sign-In, and session tokens — is managed exclusively by Firebase Authentication (operated by Google LLC). Your credentials are transmitted directly to Google's authentication servers using HTTPS/TLS and are subject to Google's Privacy Policy.
We only receive a secure user identifier (UID) from Firebase after a successful login, which we use to associate your data with your account.
4. Local Data Caching and Offline Storage
To provide offline functionality, Plaineo stores a local copy of your data on your device:
- Android app (Capacitor / WebView): Your tasks, calendar data, and settings are cached
in an IndexedDB database stored inside the app's private WebView storage, scoped to your
user account (database name:
smart-calendar-<userID>). This data is accessible only by the Plaineo app and is not accessible to other apps or websites. - Web browser: When using Plaineo in a browser, data is similarly cached in the browser's
IndexedDB storage, scoped to the domain
plaineo.com. This local cache persists until you explicitly sign out, at which point it is cleared automatically. You can also clear it manually by clearing your browser's site data for plaineo.com. - The local cache includes tasks, calendar events, shared items, and related synchronisation metadata — enough to operate the app without a network connection.
- The local cache never contains your authentication credentials or raw passwords.
- Data is synchronised with our cloud backend (Firebase Firestore) whenever a network connection is available.
4.2 Cookies and Session Storage
The Plaineo web application uses the following browser storage technologies:
| Technology | Purpose | Persistence |
|---|---|---|
| Cookies (set by Firebase Authentication) | Maintain your login session across page reloads | Session / until sign-out |
| localStorage | Store user preferences and app settings | Until cleared manually or on sign-out |
| IndexedDB | Offline data cache (see Section 4.1 above) | Until sign-out or manual clear |
These are strictly necessary for the Service to function. We do not use advertising cookies, tracking pixels, or any third-party analytics cookies. Firebase Authentication may set its own cookies; see Google's Privacy Policy for details.
You may disable cookies in your browser settings, but this will prevent you from signing in to the web version of the Service.
5. Third-Party Services and SDKs
We use the following third-party services. Each processes your data under its own privacy policy. We share only the minimum data necessary for each service to function.
| Service | Purpose | Data shared | Privacy Policy |
|---|---|---|---|
| Firebase Authentication (Google LLC) | User login and session management | Email, display name, UID | firebase.google.com/support/privacy |
| Firebase Firestore (Google LLC) | Cloud database for all tasks and calendar data | All user-created content | firebase.google.com/support/privacy |
| Firebase Storage (Google LLC) | Stores file and image attachments | Uploaded files | firebase.google.com/support/privacy |
| Firebase Cloud Messaging (FCM) (Google LLC) | Push notifications | Device FCM token, notification payload | firebase.google.com/support/privacy |
| Firebase Hosting (Google LLC) | Serves the web application | Request IP, browser info | firebase.google.com/support/privacy |
| Google Calendar API | Two-way synchronisation of calendar events only (read + write access to events; no access to contacts, Drive, or other Google data) | Calendar event titles, dates, times, descriptions — only with your explicit OAuth consent | policies.google.com/privacy |
| Firebase Analytics (Google LLC) | Anonymous, aggregated usage statistics to help improve the Service — no personally identifiable data is collected or linked to individuals | Anonymised app usage events, device type, OS version | firebase.google.com/support/privacy |
| Google Maps Platform / Places API | Location search and place autocomplete | Search queries, location (only when feature is used) | policies.google.com/privacy |
| OpenAI API | AI text generation, voice transcription (Whisper), image analysis | Text prompts, audio clips, images | openai.com/policies/privacy-policy |
| Google Gemini API | AI text generation and image analysis | Text prompts, images | policies.google.com/privacy |
| Google Play Store (Google LLC) | Android app distribution | App install / update metadata | policies.google.com/privacy |
| Capacitor (Ionic / Appflow) | Android/iOS WebView runtime — no telemetry sent to Ionic | None | ionicframework.com/privacy |
Google API Services User Data Policy: Our use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements. We use Google Calendar data solely to provide the calendar sync feature and for no other purpose.
AI service providers: Audio recordings submitted for voice transcription and images submitted for analysis are sent to the respective AI API for processing. Under their API terms of service, neither OpenAI nor Google uses this data to train their models. We do not store raw audio files after transcription has completed.
No sale of data: We do not sell your personal information to any third party, ever.
Google Play Data Safety: In addition to this Privacy Policy, a summary of our data collection and sharing practices is published in the Data Safety section of Plaineo's Google Play Store listing. The Data Safety section and this Privacy Policy are intended to be consistent; if there is any conflict, this Privacy Policy governs.
6. How We Use Your Data
We use your data exclusively for the following purposes:
- Providing, operating, and improving the Service
- Authenticating your identity and managing your account
- Syncing your data across your devices
- Delivering push notifications and reminders
- Enabling AI-powered features (voice commands, text commands, image analysis)
- Enabling Google Calendar synchronisation
- Enabling task and calendar sharing with users you explicitly choose to share with
- Responding to your support requests
- Detecting and preventing fraud, abuse, and technical issues
- Analysing anonymous, aggregated usage statistics to understand feature adoption and improve the Service
- Complying with applicable laws and legal obligations
Analytics: Firebase Analytics collects anonymous, aggregated data only (e.g. which features are used, crash rates, session counts). This data cannot be used to identify you personally and is never linked to your account or content.
AI-Generated Content
AI-powered features (voice transcription, task extraction from images, text-based AI suggestions) produce output that may contain errors, omissions, or inaccuracies. AI output is provided as a convenience and you are solely responsible for reviewing and verifying any AI-generated content before relying on it. We are not liable for decisions made based on AI-generated output.
7. Data Storage and Security
- Cloud storage: All cloud data is stored in Firebase Firestore and Firebase Storage, operated by Google LLC on Google Cloud Platform. Google applies industry-standard security including encryption at rest and in transit.
- In transit: All communications between your device and our servers use HTTPS/TLS.
- Access control: Firebase Security Rules ensure each user can only access their own data or data explicitly shared with them. Our backend (Firebase Functions) accesses data only to service authenticated, authorised requests.
- We cannot guarantee absolute security. No method of Internet transmission or electronic storage is 100% secure. In the event of a data breach that affects your rights and freedoms, we will notify the relevant authorities and affected users as required by applicable law (e.g. GDPR Article 33/34).
8. Data Retention and Account Deletion
We retain your data for as long as your account is active or as needed to provide the Service.
Soft-deleted items are retained briefly to support sync and conflict resolution, then permanently purged.
Account deletion: You can request full account and data deletion at any time by:
- Using the in-app account deletion option in the app settings, or
- Visiting plaineo.com/delete-account and following the instructions, or
- Sending a deletion request to mikeska@gmail.com from your registered email address.
Upon deletion, all personal data stored in Firebase Firestore and Firebase Storage will be permanently removed. This process may take up to 30 days. Local IndexedDB data is cleared automatically on sign-out.
We may retain limited data beyond deletion if required by law (e.g. tax records), fraud prevention, or security purposes. We will inform you of any such retention in our response.
9. Your Rights
You have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data (see Section 8)
- Data portability: Request your data in a portable, machine-readable format
- Restriction: Request that we restrict processing of your data
- Objection: Object to certain types of processing based on legitimate interests
- Withdrawal of consent: Where processing is based on consent (e.g. Google Calendar sync, location access), you may withdraw it at any time without affecting prior processing
To exercise any of these rights, contact us at mikeska@gmail.com. We will respond within 30 days (or within any shorter period required by applicable law).
10. Android App Permissions
The Plaineo Android app may request the following device permissions:
| Permission | Purpose |
|---|---|
| Internet | Required for all network operations |
RECORD_AUDIO / Microphone |
Voice command feature — audio is transcribed and not retained |
READ_MEDIA_IMAGES / Storage |
Selecting images to attach to tasks |
CAMERA |
Capturing photos to attach to tasks or for AI image analysis |
POST_NOTIFICATIONS |
Displaying task reminders and push notifications |
RECEIVE_BOOT_COMPLETED |
Re-scheduling local reminders after device restart |
All permissions that require user consent are requested at runtime with a clear explanation of their purpose before first use. You may revoke any permission at any time in your device settings; revoking a permission will disable the feature that depends on it.
11. Children's Privacy
The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe your child has provided us with personal information, please contact us immediately at mikeska@gmail.com and we will delete it.
12. International Data Transfers
Your data is stored and processed on Google Cloud Platform infrastructure, which may be located in the United States or other countries. When data is transferred from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on:
- Google's Standard Contractual Clauses and Data Processing Agreements for Firebase services
- The Google API Services User Data Policy for Google API integrations
13. GDPR Rights (EEA and UK Users)
If you are in the EEA or UK, you have rights under the GDPR / UK GDPR and may lodge a complaint with your local supervisory authority. Our legal bases for processing are:
- Contract performance – processing necessary to deliver the Service you registered for
- Legitimate interests – security, fraud prevention, service improvement
- Consent – for optional features such as Google Calendar sync and location access
14. California Privacy Rights (CCPA)
If you are a California resident, you have the right to know what personal information we collect and how it is used, request deletion, and opt out of sale (we do not sell personal information). You will not be discriminated against for exercising these rights.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and notify you via the app or email. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.
16. Contact Us
For privacy questions, data requests, or concerns:
Václav Mikeska Vídeňská 39, Brno, Czech Republic Email: mikeska@gmail.com Website: plaineo.com