Privacy Policy

WhenSpace ("we", "our", or "us") is committed to keeping your information private. This policy explains what data WhenSpace collects, how it is used, and the choices you have. By using the WhenSpace application, you agree to the practices described here.

1. Data stored on your device

WhenSpace is a local-first application. By default, all your tasks, events, habits, and settings are stored exclusively on your device using the device's local database. No account or sign-in is required to use WhenSpace in this mode.

If you choose to create an account and purchase a subscription, WhenSpace can sync your data across your devices. In that case your data is transmitted to and stored on our servers — however, it is end-to-end encrypted before it ever leaves your device. We are technically unable to read your content. See Section 3 for full details.

2. Account information

Creating an account is optional. If you register, we collect and store:

• Email address — used for account identity, authentication, and transactional messages (one-time passcodes, password resets).
• First name and last name — used for account personalisation.
• Password — stored as a secure one-way hash. Your plaintext password is never stored or logged by us.

You can permanently delete your account and all associated data at any time from within the app. Deletion is immediate and irreversible.

3. Encrypted cloud sync (subscription feature)

Cloud sync is available to users with an active WhenSpace subscription. All synced data is end-to-end encrypted (E2EE) — meaning only your devices can decrypt it.

Your data is encrypted on your device before it is ever sent to our servers. The encryption keys are generated on your device and protected by your password — they never reach our servers in a readable form. We store only the encrypted result and are technically unable to read your content.

We track the total size of your encrypted data to enforce storage quotas, but we do not inspect the content.

For sync coordination we also store the following device metadata per signed-in device:

• Device ID (a UUID generated on your device)
• Device name (optional, user-supplied label)
• Last seen timestamp

Up to 5 devices can be linked to your account at one time. When a new device logs in and this limit is exceeded, the oldest device record is removed automatically.

4. Subscription information

If you subscribe via Apple App Store or Google Play, we receive and store the following from the respective store:

• Platform identifier (apple or google)
• Product ID (e.g. premium_monthly)
• Store transaction ID (Apple originalTransactionId or Google purchaseToken)
• Subscription status and expiry date

We do not receive or store payment card details, billing addresses, or any other payment information. All payment processing is handled entirely by Apple or Google.

5. Data we do not collect

We do not collect, store, or process:

• The plaintext content of your tasks, events, habits, or any other data you create in the app (all synced content is end-to-end encrypted; we hold ciphertext only).
• Payment card numbers, billing addresses, or bank details.
• Location data.
• Device contacts, calendar, or other sensitive device data.
• Analytics, usage tracking, or behavioural profiling data.
• Advertising identifiers.

6. Crash reporting and diagnostics

WhenSpace may collect anonymised crash reports to help us diagnose bugs and improve stability. These reports contain technical information about the device state at the time of a crash (e.g. OS version, device model, stack trace) and do not include any personal data or app content. Crash reporting may be handled by a third-party SDK (such as Firebase Crashlytics). You will be informed in-app if this is enabled and given the option to opt out.

7. Local notifications

WhenSpace uses local on-device notifications to remind you about tasks, events, and habits. These notifications are scheduled and delivered entirely on your device — no remote push notification service is used, and no notification content is sent to our servers.

8. Website analytics

This website uses Simple Analytics to understand how visitors find and use our website. Simple Analytics is a privacy-friendly analytics service that does not use cookies and does not collect personal data. No personally identifiable information is tracked. This applies to the website only — the WhenSpace app does not use Simple Analytics.

9. Third-party services

WhenSpace does not integrate with third-party advertising networks, data brokers, or social media platforms. We do not sell, rent, or share your data with third parties, except as required to deliver the service (Apple/Google subscription webhooks and a transactional email provider for OTPs and password resets).

10. Children's privacy

WhenSpace is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided personal information through our app, please contact us and we will take steps to delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. Continued use of WhenSpace after changes are posted constitutes your acceptance of the revised policy.

12. Contact us

If you have any questions about this Privacy Policy, please reach us at our contact page.

13. Data controller & ownership

To identify the entity or individual responsible for the operation of WhenSpace, please refer to our about page.