Privacy Policy
Who we are
Cindra ("we", "us", "our") is the controller for the Cindra personal dashboard service. Contact us at privacy@cindra.app for privacy questions or data-rights requests. This policy explains how we collect, use, share, retain, and protect information when you use Cindra on the web.
Data we collect
Account data (Google and Apple OAuth)
When you sign in with Google or Apple, we receive the account details the provider shares with us, such as your name, email address, provider account ID, and profile picture when available. We also store authentication sessions, mobile session tokens, device labels, IP address, user agent, locale, theme, and app-use counters needed to operate your account.
Board data (user-generated)
The content you add to your board, including agenda events, tasks, habits, objectives, finance entries, learning items, notes, links, mood entries, Cindra collection progress, and uploaded avatar images, is stored so the app can display and sync your dashboard. You own this content.
Payment data (Stripe)
If you subscribe to Premium, payment is processed by Stripe. We store Stripe customer IDs, subscription IDs, product IDs, status, renewal period, cancellation metadata, and related webhook events. We do not see or store full card numbers.
Support and email data
If you contact support or submit a help form, we collect the contact details and message content you provide. Resend may process outbound support or account-related email delivery metadata.
Analytics and storage metadata
If you accept optional analytics cookies, Cloudflare Web Analytics processes limited traffic and device metadata for aggregate measurement. Cloudflare R2 stores avatar image objects and related object keys.
Data sent to third-party AI
When you use brain dump, finance parsing, learning parsing, or Ember chat AI features, the text you submit and relevant context for that request are sent to Ollama Cloud for natural language processing. Do not submit sensitive information you do not want processed by an AI provider.
How we use your data
We process personal data to provide and secure Cindra, authenticate users, sync dashboard content, process AI requests you initiate, manage subscriptions and trials, answer support requests, prevent abuse, satisfy legal and tax obligations, and improve reliability.
Our processing purposes and legal bases include performing our agreement with you, complying with legal obligations, protecting legitimate interests such as security and fraud prevention, and consent where required, such as optional Cloudflare analytics.
We do not sell personal data, rent personal data, or share it with third parties for cross-context behavioral advertising.
Data retention
Account and dashboard content are kept while your account is active. When you delete your account in settings, app account data, board data, sessions, mobile tokens, avatar object references, mood, Cindra collection data, and similar app records are deleted immediately from the live app database, except limited records we must retain.
We may retain limited billing, tax, fraud-prevention, security, webhook, and legal records for as long as needed to meet legal obligations, resolve disputes, enforce terms, and maintain audit trails. Stripe, Cloudflare, Resend, and Ollama retain data under their own policies.
Backups and logs are overwritten on their normal cycles. If you have an active renewing subscription, account deletion is blocked until you cancel or schedule cancellation so you are not charged again.
Cookies
We use essential cookies to keep you signed in and remember locale or consent choices. Cloudflare Web Analytics loads only after cookie_consent=accepted. You can revisit your choice through Cookie settings in the footer. We do not use advertising cookies.
Security
We use HTTPS, HTTP-only session cookies, secure native storage for mobile bearer tokens, access controls, webhook authentication, rate limits, and provider-side payment processing. No online service can guarantee perfect security, but we use reasonable safeguards for the data we process.
International transfers
Cindra may process and store data in the United States, Brazil, and other countries where we or our processors operate. For Brazil users, we use processor contracts and appropriate safeguards intended to preserve LGPD rights when data is transferred internationally.
Children
Cindra is not directed to children under 13. You may use Cindra only if you are at least 13. If we learn that a child under 13 provided personal data, we will delete the account and associated app data.
Your rights
- Request access to your personal data
- Request correction of inaccurate data
- Request deletion of your account and all data
- Object to the processing of your data
- Request portability or a copy of data you provided, where applicable
- Withdraw consent where processing is based on consent
To exercise any of these rights, contact us at privacy@cindra.app.
Third-party processors
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Authentication | policies.google.com/privacy | |
| Apple | Authentication | apple.com/legal/privacy |
| Ollama | AI text processing | ollama.com/privacy |
| Stripe | Payment processing | stripe.com/privacy |
| Cloudflare | Cloudflare Web Analytics and Cloudflare R2 avatar storage | cloudflare.com/privacypolicy |
| Resend | Support email and account-related email delivery | resend.com/legal/privacy-policy |
Contact
If you have any questions about this Privacy Policy, contact us at privacy@cindra.app.
Last updated: May 14, 2026