← Back

Privacy Policy

Last updated: May 25, 2026

Todoza ("we", "us", or "our") respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains what data we collect, how we use it, where it may be stored or processed, who we may share it with, and what rights you have when you use Todoza and related services.

1. Who we are

Todoza is a software service that helps users manage tasks, workflows, operations, and connected business data.

For privacy-related questions or requests, contact us at:

hello@todoza.io

2. What data we collect

Depending on how you use Todoza, we may collect and process the following categories of data.

Account and profile data

  • Name
  • Email address
  • Telegram ID and/or Telegram username
  • Username or account identifiers
  • Account preferences and settings
  • Profile image or avatar, if uploaded

Authentication and session data

  • Login and session identifiers
  • Security-related session metadata
  • Basic technical information needed to maintain secure authenticated sessions

Content and files you create or upload

  • Tasks
  • Notes
  • Digests
  • Uploaded files and attachments
  • Other content you create, edit, or store in the service

Team, company, and workspace data

  • Company-related identifiers
  • Workspace and team membership data
  • Roles, permissions, invitations, and collaboration records

Business and operational data connected to the service

Depending on enabled features and integrations, this may include:

  • Amazon Ads account identifiers
  • Campaigns, ad groups, search terms, targets, and related performance data
  • Warehouse and product-related data
  • WooCommerce-related product and order synchronization data
  • Import and export metadata

Communication and notification data

  • Messages or notification content sent inside the product
  • Telegram notification routing data, where enabled
  • Support communications you send to us

Technical and usage-related data

  • IP address
  • Browser or device information
  • Request, error, delivery, and security logs
  • Technical diagnostics needed to operate, secure, and troubleshoot the service

3. How we use your data

We use personal data where necessary to:

  • create and manage your account;
  • authenticate users and maintain secure sessions;
  • provide the core functionality of Todoza;
  • store and display content, files, and business data inside the service;
  • support team and company collaboration and access control;
  • send service-related messages and notifications;
  • process connected business workflows and enabled integrations;
  • troubleshoot issues, maintain security, and monitor service reliability;
  • respond to support and privacy requests;
  • comply with legal obligations where applicable.

4. Lawful bases for processing

Depending on the context, we rely on one or more of the following lawful bases.

Performance of a contract

We process data where necessary to provide the service you request, including account creation, login, workspace access, file handling, and product features.

Legitimate interests

We may process data where necessary for the legitimate interests of operating, securing, improving, and supporting Todoza, provided those interests are not overridden by your rights and interests.

Consent

Where a feature relies on your optional choice, such as certain notification channels, we may rely on your consent or your settings choice.

Legal obligation

We may process certain data where required to comply with applicable law, lawful requests, or regulatory obligations.

5. Cookies and similar technologies

Todoza currently uses limited first-party cookies and similar storage mechanisms necessary for core functionality and user preferences.

These may include:

  • session cookies required to keep users logged in securely;
  • functional cookies, such as remembering selected company or workspace context;
  • browser storage such as local storage for interface preferences and product usage settings.

At the time of this version of the Policy, Todoza does not describe any active third-party advertising or analytics tracker integration.

If we later introduce non-essential analytics, advertising, or similar tracking technologies, we may update this Privacy Policy and, where required, implement an appropriate cookie and consent mechanism.

6. When we share data

We do not sell your personal data.

We may share data only where necessary to operate the service, including with service providers and infrastructure partners that help us provide Todoza.

Based on the current service setup, these may include providers used for:

  • application hosting and runtime infrastructure;
  • database and file storage;
  • email delivery;
  • Telegram-based notifications;
  • Amazon SES-based report handling flows;
  • WooCommerce-related synchronization and API connectivity.

Examples of providers currently used in connection with the service may include:

  • Render
  • Supabase
  • Amazon SES
  • Zoho Mail
  • WooCommerce API

We may also share data:

  • where you direct us to do so through product features or integrations;
  • where necessary to protect rights, security, or the service;
  • where required by law, regulation, or lawful request.

7. International data transfers

Some of our service providers or infrastructure providers may process data in countries outside your own jurisdiction.

Where applicable, we take reasonable steps to ensure that personal data is handled with appropriate safeguards and protections when transferred internationally.

8. Data retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the service, maintain security, resolve disputes, and comply with legal obligations.

In practice, this generally means:

  • account and profile data may be retained while your account remains active;
  • files, tasks, notes, digests, and related service content may be retained while needed to provide the service, unless deleted earlier;
  • integration-related business data may be retained while needed to provide enabled features and connected workflows;
  • session data may expire automatically based on security and session rules;
  • logs may be retained for operational, security, and diagnostic purposes for a limited period depending on infrastructure and provider settings.

Some backup copies or infrastructure-level records may persist for a limited additional period where required for resilience, recovery, or provider-level operational reasons.

9. Security

We take reasonable technical and organizational steps to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Your rights

Depending on your location and applicable law, you may have the right to:

  • request access to your personal data;
  • request correction of inaccurate or incomplete personal data;
  • request deletion of your personal data;
  • request export or portability of certain personal data;
  • object to certain processing;
  • request restriction of certain processing;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with a relevant supervisory authority.

11. How to make a privacy request

If you would like to make a privacy-related request, including a request for:

  • deletion of your data;
  • export of your data;
  • access to your account or personal data;

please contact us at:

hello@todoza.io

We may ask you to verify your identity before completing certain requests.

12. Third-party services and integrations

Todoza may include or rely on third-party services and integrations. Where you choose to use such integrations, relevant data may be processed as necessary to support those features.

At the time of this draft, this may include integrations and provider relationships related to hosting, storage, email delivery, Amazon report handling, and WooCommerce synchronization.

If our integrations materially change, we may update this Privacy Policy accordingly.

13. Children

Todoza is not intended for children, and we do not knowingly collect personal data from children.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

When we do, we will post the updated version and revise the "Last updated" date above. Where appropriate, we may also provide additional notice inside the service.

15. Contact

If you have questions about this Privacy Policy or your personal data, contact:

hello@todoza.io

Mail us: hello@todoza.io · Terms of Service · Privacy Policy