Privacy Policy

1. Introduction

Pomozen ("we," "us," or "our") operates the website at pomozen.io. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

2. Information We Collect

Account information: When you create an account, we collect your email address and password (stored securely with industry-standard hashing).

Journal entries: If you use the journal feature, we store your mood selections, reflection text, and entry dates.

Usage data: Timer settings, theme preferences, and task data are stored locally in your browser (localStorage) and are not transmitted to our servers.

Payment information: When you subscribe to Pomozen Premium, payment is processed by Stripe. We never see or store your full card number. We store your Stripe customer ID and subscription ID to manage your subscription.

3. Payment Processing & Stripe

We use Stripe as our payment processor. When you make a purchase, Stripe collects and processes your payment information directly. This includes your card number, expiration date, CVC, billing address, and email.

Stripe may also collect your IP address, browser type, device information, and behavioral data (such as typing patterns on the payment form) for fraud prevention via Stripe Radar.

Stripe acts as a data processor on our behalf. For details on how Stripe handles your data, please see Stripe's Privacy Policy.

4. How We Use Your Information

• To provide and maintain the Pomozen service
• To process payments and manage subscriptions
• To store your journal entries and sync them across devices
• To send transactional emails (account confirmation, password reset, subscription receipts)
• To detect and prevent fraud

5. Data Sharing

We do not sell your personal information. We share data only with:

• Stripe — for payment processing
• Secure cloud infrastructure providers — for authentication and database hosting
• Google Analytics — for anonymous usage analytics (no personal data)

6. Data Security

All data is transmitted over HTTPS. Payment card data is handled exclusively by Stripe and never touches our servers (PCI-DSS compliant). Passwords are securely hashed using industry-standard algorithms. Database access is protected by row-level security — users can only access their own data.

7. Data Retention

Your account data and journal entries are retained for as long as your account is active. You can delete your journal entries at any time.

Transaction records are retained for up to 7 years to comply with tax and accounting obligations. Stripe retains payment data according to their own retention policy.

8. International Data Transfers

Your data may be processed in the United States by our service providers. These transfers are conducted in compliance with applicable data protection laws, including the EU-US Data Privacy Framework and Standard Contractual Clauses where applicable.

9. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and associated data
• Export your data
• Withdraw consent for data processing

To exercise these rights, contact us at support@pomozen.io.

10. Cookies

We use essential cookies for authentication (session cookies). We use Google Analytics which sets its own cookies for anonymous usage tracking. We do not use advertising or tracking cookies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by posting a notice on our website. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy, contact us at support@pomozen.io.