Privacy Policy
Last updated: May 2026
At Václav Mikeska ("we," "our," or "us"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Plaineo mobile application and related web services (collectively the "Service").
By using the Service you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.
1. Who We Are
Václav Mikeska Vídeňská 39, Brno, Czech Republic Company ID: 75755122 | VAT: CZ8307034549 Email: mikeska@gmail.com Website: plaineo.com
For all privacy-related enquiries, data access requests, or deletion requests, please use the email address above.
2. Data We Collect
2.1 Data You Provide Directly
| Data type | Purpose |
|---|---|
| Email address | Account creation, authentication, communications |
| Display name / username | User profile shown to collaborators |
| Calendar and task content | Core functionality — your tasks, events, reminders, notes, and subtasks |
| Attached files and images | Stored as task attachments |
| Voice recordings (microphone) | Transcribed locally or via AI API for voice commands; audio is not stored after transcription |
| Photos / images from camera or gallery | Processed by AI vision for task extraction; images are not permanently stored by AI providers |
| Location (optional) | Used for place-based tasks and suggestions; only collected with your explicit permission |
| Shared content | Tasks and files you share with other Plaineo users |
Prominent disclosure (app store policy requirement): Plaineo uses third-party AI services to power voice commands, image analysis, and text-based task assistance. Before these features are enabled, the app requests your explicit in-app consent and explains what is shared. The data that may be transmitted to AI providers includes: microphone audio (converted to text via ElevenLabs — audio is not retained after transcription), camera or gallery images (analysed for task extraction — images are not retained after processing), task text and notes (sent as prompts for AI suggestions), and your approximate location (included only when extracting tasks from images, to enrich place-based task details). This data is sent to one or more of the following third-party AI providers depending on your settings: ElevenLabs (voice transcription is always via ElevenLabs), OpenAI (GPT models are the default for text and image AI features), Google Gemini, or Anthropic Claude (selectable in AI & Voice settings). These features are always user-initiated — the microphone and camera are never accessed in the background.
2.2 Data Collected Automatically
- Device information: device type, operating system version, unique device identifiers (managed by Firebase)
- Usage data: features used, interaction patterns, session duration
- Log data: IP address, browser type, access timestamps, error logs
- Push notification tokens: Firebase Cloud Messaging (FCM) token for delivering push notifications
- Notification payload: Push notifications may contain task names, reminder text, and sharing-related messages (e.g. "User X shared a task with you"). This content is transmitted through Google's FCM infrastructure.
2.3 Data from Third-Party Sign-In
Google Sign-In: When you sign in with Google, we receive your email address, display name, and profile photo from Google. We do not receive or store your Google password. Authentication state is managed entirely by Firebase Authentication (see Section 3).
Sign in with Apple: When you sign in with Apple, we receive a unique Apple user identifier and, where you choose to share it, your email address (Apple may provide a private relay email address instead of your real address). We do not receive your Apple ID password. If you use Apple's "Hide My Email" feature, we store only the private relay address Apple provides, and all communications are routed through Apple's relay service. Authentication state is managed entirely by Firebase Authentication (see Section 3).
2.4 User-to-User Sharing
When you share a task, calendar item, or file with another Plaineo user, we store the recipient's user identifier (UID) and email address in association with the shared item in order to enforce access control. The recipient will be able to see the content you explicitly shared with them. You are responsible for only sharing content with users you intend to share with. You may revoke sharing at any time, after which the recipient will no longer have access to the shared content.
3. Authentication and Credentials
We do not store your passwords or authentication credentials. All authentication — including email/password login, Google Sign-In, Sign in with Apple, and session tokens — is managed exclusively by Firebase Authentication (operated by Google LLC). Your credentials are transmitted directly to the respective authentication server (Google or Apple) using HTTPS/TLS and are subject to their respective privacy policies (Google's Privacy Policy, Apple's Privacy Policy).
We only receive a secure user identifier (UID) from Firebase after a successful login, which we use to associate your data with your account.
4. Local Data Caching and Offline Storage
To provide offline functionality, Plaineo stores a local copy of your data on your device:
- Android app (Capacitor / WebView): Your tasks, calendar data, and settings are cached
in an IndexedDB database stored inside the app's private WebView storage, scoped to your
user account (database name:
smart-calendar-<userID>). This data is accessible only by the Plaineo app and is not accessible to other apps or websites. - Web browser: When using Plaineo in a browser, data is similarly cached in the browser's
IndexedDB storage, scoped to the domain
plaineo.com. This local cache persists until you explicitly sign out, at which point it is cleared automatically. You can also clear it manually by clearing your browser's site data for plaineo.com. - The local cache includes tasks, calendar events, shared items, and related synchronisation metadata — enough to operate the app without a network connection.
- The local cache never contains your authentication credentials or raw passwords.
- Data is synchronised with our cloud backend (Firebase Firestore) whenever a network connection is available.
4.2 Cookies and Session Storage
The Plaineo web application uses the following browser storage technologies:
| Technology | Purpose | Persistence |
|---|---|---|
| Cookies (set by Firebase Authentication) | Maintain your login session across page reloads | Session / until sign-out |
| localStorage | Store user preferences and app settings | Until cleared manually or on sign-out |
| IndexedDB | Offline data cache (see Section 4.1 above) | Until sign-out or manual clear |
These are strictly necessary for the Service to function. We do not use advertising cookies, tracking pixels, or any third-party analytics cookies. Firebase Authentication may set its own cookies; see Google's Privacy Policy for details.
You may disable cookies in your browser settings, but this will prevent you from signing in to the web version of the Service.
5. Third-Party Services and SDKs
We use the following third-party services. Each processes your data under its own privacy policy. We share only the minimum data necessary for each service to function.
| Service | Purpose | Data shared | Privacy Policy |
|---|---|---|---|
| Firebase Authentication (Google LLC) | User login and session management | Email, display name, UID | firebase.google.com/support/privacy |
| Sign in with Apple (Apple Inc.) | Apple ID-based authentication; "Hide My Email" relay address where selected by user | Apple user identifier, optional email or Apple private relay email | apple.com/legal/privacy |
| Firebase Firestore (Google LLC) | Cloud database for all tasks and calendar data | All user-created content | firebase.google.com/support/privacy |
| Firebase Storage (Google LLC) | Stores file and image attachments | Uploaded files | firebase.google.com/support/privacy |
| Firebase Cloud Messaging (FCM) (Google LLC) | Push notifications | Device FCM token, notification payload | firebase.google.com/support/privacy |
| Firebase Hosting (Google LLC) | Serves the web application | Request IP, browser info | firebase.google.com/support/privacy |
| Google Calendar API | Two-way synchronisation of calendar events only (read + write access to events; no access to contacts, Drive, or other Google data) | Calendar event titles, dates, times, descriptions — only with your explicit OAuth consent | policies.google.com/privacy |
| Firebase Analytics (Google LLC) | Anonymous, aggregated usage statistics to help improve the Service — no personally identifiable data is collected or linked to individuals | Anonymised app usage events, device type, OS version | firebase.google.com/support/privacy |
| Google Maps Platform / Places API | Location search and place autocomplete | Search queries, location (only when feature is used) | policies.google.com/privacy |
| OpenAI API | AI text generation and image analysis (default selectable AI provider) | Text prompts, images, location (when extracting tasks from images) | openai.com/policies/privacy-policy |
| ElevenLabs API | Voice transcription — speech-to-text for all voice commands (always used for audio) | Audio recordings (not retained after transcription) | elevenlabs.io/privacy |
| Google Gemini API | AI text generation and image analysis (selectable provider) | Text prompts, images, location (when extracting tasks from images) | policies.google.com/privacy |
| Anthropic API | AI text generation and image analysis (selectable provider) | Text prompts, images, location (when extracting tasks from images) | anthropic.com/privacy |
| Google Play Store (Google LLC) | Android app distribution | App install / update metadata | policies.google.com/privacy |
| Apple App Store (Apple Inc.) | iOS app distribution | App install / update metadata | apple.com/legal/privacy |
| Capacitor (Ionic / Appflow) | Android/iOS WebView runtime — no telemetry sent to Ionic | None | ionicframework.com/privacy |
Google API Services User Data Policy: Our use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements. We use Google Calendar data solely to provide the calendar sync feature and for no other purpose.
AI service providers: Before any personal data is sent to an AI provider, the app presents an in-app disclosure and requests your explicit consent. The consent screen identifies what data is sent (voice audio, images, task text, and location when applicable), names the specific AI providers involved, and requires you to actively agree before AI features are activated. You may withdraw consent at any time in the AI & Voice settings, which will disable AI features.
Data sent for AI processing includes: voice audio (transcribed via ElevenLabs), images (analysed for task extraction), task text and prompts, and location (included with image-to-task requests only). This data is sent to ElevenLabs (always used for voice transcription), OpenAI (default AI provider for text and image analysis), Google Gemini, or Anthropic Claude depending on your provider setting. Under their respective API terms of service, none of these providers use API-submitted data to train their models. We do not store raw audio files after transcription has completed, and images are not retained by AI providers after processing.
No sale of data: We do not sell your personal information to any third party, ever.
Google Play Data Safety: In addition to this Privacy Policy, a summary of our data collection and sharing practices is published in the Data Safety section of Plaineo's Google Play Store listing. The Data Safety section and this Privacy Policy are intended to be consistent; if there is any conflict, this Privacy Policy governs.
Apple App Store Privacy Nutrition Labels: A summary of our data collection practices is also published in the App Privacy section of Plaineo's Apple App Store listing, in the form of Apple's Privacy Nutrition Labels. Those labels and this Privacy Policy are intended to be consistent; if there is any conflict, this Privacy Policy governs.
6. How We Use Your Data
We use your data exclusively for the following purposes:
- Providing, operating, and improving the Service
- Authenticating your identity and managing your account
- Syncing your data across your devices
- Delivering push notifications and reminders
- Enabling AI-powered features (voice commands, text commands, image analysis) — only after obtaining your explicit in-app consent
- Enabling Google Calendar synchronisation
- Enabling task and calendar sharing with users you explicitly choose to share with
- Responding to your support requests
- Detecting and preventing fraud, abuse, and technical issues
- Analysing anonymous, aggregated usage statistics to understand feature adoption and improve the Service
- Complying with applicable laws and legal obligations
Analytics: Firebase Analytics collects anonymous, aggregated data only (e.g. which features are used, crash rates, session counts). This data cannot be used to identify you personally and is never linked to your account or content.
AI-Generated Content
AI-powered features (voice transcription, task extraction from images, text-based AI suggestions) produce output that may contain errors, omissions, or inaccuracies. AI output is provided as a convenience and you are solely responsible for reviewing and verifying any AI-generated content before relying on it. We are not liable for decisions made based on AI-generated output.
7. Data Storage and Security
- Cloud storage: All cloud data is stored in Firebase Firestore and Firebase Storage, operated by Google LLC on Google Cloud Platform. Google applies industry-standard security including encryption at rest and in transit.
- In transit: All communications between your device and our servers use HTTPS/TLS.
- Access control: Firebase Security Rules ensure each user can only access their own data or data explicitly shared with them. Our backend (Firebase Functions) accesses data only to service authenticated, authorised requests.
- We cannot guarantee absolute security. No method of Internet transmission or electronic storage is 100% secure. In the event of a data breach that affects your rights and freedoms, we will notify the relevant authorities and affected users as required by applicable law (e.g. GDPR Article 33/34).
8. Data Retention and Account Deletion
We retain your data for as long as your account is active or as needed to provide the Service.
Soft-deleted items are retained briefly to support sync and conflict resolution, then permanently purged.
Account deletion: You can request full account and data deletion at any time by:
- Using the in-app account deletion option in the app settings, or
- Visiting plaineo.com/delete-account and following the instructions, or
- Sending a deletion request to mikeska@gmail.com from your registered email address.
Upon deletion, all personal data stored in Firebase Firestore and Firebase Storage will be permanently removed. This process may take up to 30 days. Local IndexedDB data is cleared automatically on sign-out.
We may retain limited data beyond deletion if required by law (e.g. tax records), fraud prevention, or security purposes. We will inform you of any such retention in our response.
9. Your Rights
You have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data (see Section 8)
- Data portability: Request your data in a portable, machine-readable format
- Restriction: Request that we restrict processing of your data
- Objection: Object to certain types of processing based on legitimate interests
- Withdrawal of consent: Where processing is based on consent (e.g. Google Calendar sync, location access), you may withdraw it at any time without affecting prior processing
To exercise any of these rights, contact us at mikeska@gmail.com. We will respond within 30 days (or within any shorter period required by applicable law).
10. App Permissions
10.1 Android App Permissions
The Plaineo Android app may request the following device permissions:
| Permission | Purpose |
|---|---|
| Internet | Required for all network operations |
RECORD_AUDIO / Microphone |
Voice command feature — audio is transcribed and not retained |
READ_MEDIA_IMAGES / Storage |
Selecting images to attach to tasks |
CAMERA |
Capturing photos to attach to tasks or for AI image analysis |
POST_NOTIFICATIONS |
Displaying task reminders and push notifications |
RECEIVE_BOOT_COMPLETED |
Re-scheduling local reminders after device restart |
All permissions that require user consent are requested at runtime with a clear explanation of their purpose before first use. You may revoke any permission at any time in your device settings; revoking a permission will disable the feature that depends on it.
10.2 iOS App Permissions
The Plaineo iOS app may request the following device permissions:
| Permission (Usage Description Key) | Purpose |
|---|---|
Microphone (NSMicrophoneUsageDescription) |
Voice command feature — audio is transcribed and not retained |
Camera (NSCameraUsageDescription) |
Capturing photos to attach to tasks or for AI image analysis |
Photo Library (NSPhotoLibraryUsageDescription) |
Selecting images from your photo library to attach to tasks |
All permissions are requested at runtime with a system-provided prompt that shows the purpose string. You may revoke any permission at any time in Settings → Privacy & Security on your device; revoking a permission will disable the feature that depends on it.
11. Children's Privacy
The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe your child has provided us with personal information, please contact us immediately at mikeska@gmail.com and we will delete it.
12. International Data Transfers
Your data is stored and processed on Google Cloud Platform infrastructure, which may be located in the United States or other countries. When data is transferred from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on:
- Google's Standard Contractual Clauses and Data Processing Agreements for Firebase services
- The Google API Services User Data Policy for Google API integrations
13. GDPR Rights (EEA and UK Users)
If you are in the EEA or UK, you have rights under the GDPR / UK GDPR and may lodge a complaint with your local supervisory authority. Our legal bases for processing are:
- Contract performance – processing necessary to deliver the Service you registered for
- Legitimate interests – security, fraud prevention, service improvement
- Consent – for optional features such as Google Calendar sync and location access
14. California Privacy Rights (CCPA)
If you are a California resident, you have the right to know what personal information we collect and how it is used, request deletion, and opt out of sale (we do not sell personal information). You will not be discriminated against for exercising these rights.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and notify you via the app or email. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.
16. Contact Us
For privacy questions, data requests, or concerns:
Václav Mikeska Vídeňská 39, Brno, Czech Republic Email: mikeska@gmail.com Website: plaineo.com