PuzzleBitz

Privacy Policy

Last updated: December 31, 2025

GDPR Compliance

PuzzleBitz is designed with privacy in mind. This policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR).

1. Data Controller

The data controller for your personal information is the administrator of this self-hosted PuzzleBitz instance.

2. What Data We Collect

Account Information

  • Email address (required for login)
  • Display name (optional)
  • Password (stored securely hashed)

Task Data

  • Task titles and descriptions
  • Due dates and schedules
  • Subtasks and notes
  • Category and priority information

Check-in Data

  • Daily mood and energy levels
  • Sleep quality ratings
  • Optional journal notes

Health Data (if connected)

  • Sleep duration and quality (from Home Assistant)
  • Step counts
  • Heart rate data

Technical Data

  • Login timestamps
  • IP addresses (for security)
  • Browser/device type

3. How We Use Your Data

Your data is used to:

  • Provide and improve the task management service
  • Personalize your experience (energy-aware task suggestions)
  • Secure your account
  • Send service-related communications (verification, approval)

We do NOT:

  • Sell your data to third parties
  • Share your data with advertisers
  • Use your data for purposes beyond providing the Service

4. Data Storage and Security

  • Self-hosted: All data is stored on the server where PuzzleBitz is installed
  • Encryption: Passwords are hashed; sensitive fields are encrypted
  • Access control: Only you and authorized administrators can access your data
  • No cloud dependencies: Data stays on your server by default

5. Third-Party Services

If you connect external services, data may be shared with:

  • CalDAV servers: Tasks and events you choose to sync
  • Google Calendar/Tasks: If you enable Google integration
  • Home Assistant: Health sensors you configure

You control which services are connected in your settings.

6. Your Rights (GDPR)

You have the right to:

Access

Request a copy of all personal data we hold about you.

Rectification

Correct any inaccurate personal data.

Erasure ("Right to be Forgotten")

Request deletion of your account and all associated data.

Portability

Export your data in a machine-readable format.

Restriction

Limit how we process your data.

Objection

Object to certain types of processing.

Withdraw Consent

Revoke any consent you've given at any time.

To exercise these rights, contact the administrator or use the account settings page.

7. Data Retention

  • Active accounts: Data is retained while your account is active
  • Deleted accounts: Data is permanently deleted within 30 days
  • Logs: Technical logs are retained for up to 90 days for security

8. Cookies

PuzzleBitz uses essential cookies only:

  • Session cookie: Keeps you logged in
  • CSRF token: Protects against cross-site attacks

We do NOT use tracking or advertising cookies.

9. Children's Privacy

PuzzleBitz is not intended for children under 13. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy. Significant changes will be communicated via email or in-app notification.

11. Contact

For privacy-related questions or to exercise your GDPR rights, contact the administrator of this PuzzleBitz instance.

Your privacy matters. PuzzleBitz is designed to respect it.

Create Account Login