Have a Plan OSHave a Plan OS
Sign in

Legal

Privacy Policy

Last updated: April 5, 2026

1. Who we are

This Privacy Policy explains how personal data is collected, used, and protected when you use the Have a Plan OS application.

Data controller

Anastasiia Zvenigorodskaia
Autónomo (self-employed)
Spain, Gijón

Email: support@haveaplan.today

2. What is Have a Plan OS

Have a Plan OS is a productivity and planning system designed to help users manage tasks, projects, goals, clients, habits, and daily activities in one place.

3. What personal data we collect

We collect the following information when you create and use an account:

Account information

  • Email address
  • Name
  • Profile photo (optional)
  • Role or title (optional)
  • Timezone

Usage data

We may collect information about how the service is used, including:

  • login activity
  • interactions with the application
  • device and browser information
  • IP address
  • system logs related to security and troubleshooting

This data is used to improve the performance, usability, and security of the service.

4. User content

Users may store personal and business information inside the application, including:

  • tasks
  • projects
  • notes
  • clients
  • deals
  • goals
  • habits
  • diary entries
  • time tracking data
  • planning information

You control the content you create and store in the system, including any personal data of third parties that you choose to add.

5. Payments

Payments are processed by:

LemonSqueezy

LemonSqueezy acts as the Merchant of Record and handles:

  • payment processing
  • billing
  • VAT and taxes
  • invoices
  • refunds

We do not store full payment card details.

Payment-related personal data is handled directly by LemonSqueezy under its own policies and legal obligations.

6. Legal basis for processing (GDPR)

We process personal data based on:

  • performance of a contract (providing the service)
  • legitimate interest (improving and securing the service)
  • user consent (analytics and cookies)
  • legal obligations

7. Third-party services we use

We use trusted service providers to operate the application.

Supabase

Used for:

  • database
  • authentication
  • backend infrastructure

Vercel

Used for:

  • hosting
  • application delivery

Cloudflare Turnstile

Used for:

  • bot protection
  • CAPTCHA verification
  • abuse prevention on authentication and public forms

LemonSqueezy

Used for:

  • payments
  • subscription management
  • billing

Google Analytics

Used for:

  • analytics
  • performance monitoring

Analytics is only activated after user consent via the cookie banner. Security protections such as Cloudflare Turnstile may run when you use authentication or other public forms.

8. Data storage and location

Your data is stored and processed using infrastructure provided by our service providers, including:

Supabase, Vercel, and related infrastructure providers

Depending on the service used and how requests are routed, personal data may be processed in the United Kingdom, the European Economic Area, and other countries where our providers operate, including the United States.

Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards under applicable law. We also take reasonable technical and organizational measures to protect personal data, but no method of storage or transmission can be guaranteed to be completely secure.

9. Cookies

We use cookies and similar technologies to operate, secure, and improve the service.

Examples include:

  • login and authentication
  • session management
  • security and bot protection
  • analytics
  • performance monitoring

You can manage cookie preferences using the cookie banner.

10. Data security

We take reasonable technical and organizational measures to protect your data, including:

  • encrypted connections (HTTPS)
  • secure authentication
  • bot and abuse protection, including CAPTCHA checks on public authentication forms
  • restricted access to data
  • database security controls
  • system logging for security and troubleshooting

Access to user data is limited to what is necessary to maintain, secure, and support the service.

11. Data retention

Your data is stored while your account is active.

If you delete your account:

Your data is deleted immediately and cannot be recovered.

We do not currently guarantee backup-based restoration of deleted account data.

12. Your rights under GDPR

You have the right to:

  • access your data
  • correct your data
  • delete your data
  • request data export
  • withdraw consent
  • restrict or object to certain processing where applicable
  • file a complaint with a data protection authority

To exercise these rights, contact:

support@haveaplan.today

13. Marketing communications

We may send:

  • service updates
  • product information
  • newsletters

You can unsubscribe at any time using the unsubscribe link in emails.

14. Children

The service is not intended for children under 16 years of age.

We do not knowingly collect personal data from children.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

The latest version will always be available on this page.

16. Contact

If you have questions about this Privacy Policy or your data:

Email: support@haveaplan.today