PRIVACY POLICY
Last updated: February 17, 2026
This Privacy Policy describes how ErgoGecko ("we," "us," or "our") collects, uses, stores, and protects your personal data when you use the ErgoGecko desktop application and related services (collectively, the "Service"). We are committed to protecting your privacy and handling your data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of the Service.
1. DATA CONTROLLER
ErgoGecko is the data controller responsible for your personal data. If you have any questions or concerns about this Privacy Policy or our data practices, you may contact us at:
Email: ergogecko@protonmail.com
Website: https://ergogecko.com
2. PERSONAL DATA WE COLLECT
We collect and process the following categories of personal data:
2.1 Account Information
When you create an account, we collect your email address and password. Your password is securely hashed and stored; we do not have access to your plaintext password. A unique user identifier is generated for your account automatically.
2.2 User Preferences and Settings
We collect the preferences you configure within the application, including reminder intervals (eye break, stand, blink), auto-launch preferences, and other customisation options. These settings are stored to provide and personalise the Service across sessions and devices.
2.3 Usage Metrics
To improve the Service and provide you with usage insights (such as dashboard statistics), we collect aggregated usage data including the number of reminders triggered, your interactions with reminders (e.g., completed or dismissed), and cumulative session duration. This data is associated with your account.
2.4 Feedback and Support Data
When you submit feedback through the application, we collect the content of your feedback, your email address, your operating system and version, and the application version. This information helps us address your concerns and improve the Service.
2.5 Subscription and Payment Information
When you purchase a subscription, your payment is processed by our third-party payment processor, Stripe. We store a reference to your Stripe customer and subscription identifiers, your subscription status, and plan type. We do not store or have access to your full credit card number or financial account details. Payment processing is handled entirely by Stripe and is subject to Stripe's Privacy Policy.
2.6 Device and Local Data
The application stores certain data locally on your device, including session state, cached authentication tokens, and reminder timers. This data remains on your device and is not transmitted to our servers unless explicitly described in this Policy.
3. HOW WE USE YOUR DATA
We process your personal data for the following purposes and on the following legal bases:
| Purpose | Legal Basis (GDPR) |
|---|---|
| To create and manage your account | Performance of a contract (Art. 6(1)(b)) |
| To provide and personalise the Service (reminders, settings sync, metrics) | Performance of a contract (Art. 6(1)(b)) |
| To process payments and manage subscriptions | Performance of a contract (Art. 6(1)(b)) |
| To respond to your feedback and support requests | Legitimate interest (Art. 6(1)(f)) |
| To send you transactional communications (e.g., account confirmations, subscription updates) | Performance of a contract (Art. 6(1)(b)) |
| To send you promotional and marketing communications about our products and services | Consent (Art. 6(1)(a)) |
| To analyse usage patterns and improve the Service | Legitimate interest (Art. 6(1)(f)) |
| To detect, prevent, and address technical issues or abuse | Legitimate interest (Art. 6(1)(f)) |
4. EMAIL COMMUNICATIONS
By creating an account and providing your email address, you may receive the following types of communications from us:
Transactional emails: Account-related notifications such as registration confirmations, password resets, subscription updates, and trial expiration notices. These are necessary for the operation of the Service.
Marketing and promotional emails: Product updates, feature announcements, tips for improving your ergonomic habits, special offers, and other promotional content.
You may opt out of marketing emails at any time by clicking the "unsubscribe" link included in every marketing email or by contacting us directly. Please note that opting out of marketing emails does not affect transactional communications necessary for the operation of your account.
5. WEBSITE ANALYTICS AND TRACKING
When you visit our website (https://ergogecko.com), we use third-party analytics services to collect anonymised and aggregated information about how visitors interact with our site. This may include data such as pages visited, time spent on pages, referring URLs, approximate geographic location (based on IP address), browser type, device type, and operating system.
This data is collected through cookies and similar technologies and is used solely to understand how our website is used, measure the effectiveness of our content, and improve the user experience. The information collected is processed in an aggregated and anonymised form and cannot be used to identify individual users.
You can control or disable cookies through your browser settings. For more information on how to manage cookies, please refer to your browser's help documentation.
6. DATA STORAGE AND THIRD-PARTY PROCESSORS
Your personal data is stored and processed using the following third-party service providers, each acting as a data processor on our behalf:
Supabase (Supabase, Inc.): We use Supabase for user authentication, database hosting, and data storage. Your account information, settings, usage metrics, subscription data, and feedback are stored on Supabase's infrastructure. Supabase employs industry-standard security measures including encryption in transit (TLS) and Row Level Security to ensure that users can only access their own data. For more information, see Supabase's Privacy Policy.
Stripe (Stripe, Inc.): We use Stripe to process payments. Payment data is handled directly by Stripe and is subject to Stripe's Privacy Policy. We do not store your full payment card details on our systems.
We ensure that all third-party processors provide sufficient guarantees to implement appropriate technical and organisational measures in compliance with the GDPR.
7. DATA RETENTION
We retain your personal data for as long as your account is active or as needed to provide you the Service. Specifically:
- Account data: Retained for the duration of your account. Upon account deletion, your personal data will be deleted or anonymised within 30 days, except where retention is required by law.
- Usage metrics: Retained for the duration of your account to provide you with historical usage insights.
- Feedback data: Retained for as long as necessary to address your feedback and improve the Service.
- Subscription data: Retained for the duration of your account and for such additional period as required for financial record-keeping obligations.
If you wish to have your data deleted, please contact us at the email address provided in Section 1.
8. YOUR RIGHTS UNDER THE GDPR
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights regarding your personal data:
- Right of access: You have the right to request a copy of the personal data we hold about you.
- Right to rectification: You have the right to request correction of inaccurate or incomplete personal data.
- Right to erasure ("Right to be forgotten"): You have the right to request deletion of your personal data, subject to certain legal exceptions.
- Right to restriction of processing: You have the right to request that we restrict the processing of your personal data under certain circumstances.
- Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
- Right to object: You have the right to object to the processing of your personal data based on legitimate interests, including direct marketing.
- Right to withdraw consent: Where processing is based on your consent (e.g., marketing emails), you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
To exercise any of these rights, please contact us at the email address provided in Section 1. We will respond to your request within 30 days. You also have the right to lodge a complaint with a supervisory authority in your jurisdiction.
9. DATA SECURITY
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit using TLS/SSL
- Secure password hashing
- Row-level security ensuring users can access only their own data
- Rate-limited data synchronisation to prevent abuse
- Secure session management with token-based authentication
While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.
10. INTERNATIONAL DATA TRANSFERS
Your personal data may be transferred to and processed in countries outside your country of residence, including countries outside the EEA. Where such transfers occur, we ensure that appropriate safeguards are in place in accordance with the GDPR, such as standard contractual clauses or adequacy decisions.
11. CHILDREN'S PRIVACY
The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such data promptly. If you believe we may have collected data from a child, please contact us.
12. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by posting the updated Privacy Policy on our website and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.
13. CONTACT US
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: ergogecko@protonmail.com
Website: https://ergogecko.com