Privacy Policy

Last updated: 24 March 2026

Who we are

CalmerFlow is operated by Novansa OÜ, a company registered in Estonia. We are the data controller for personal data collected through CalmerFlow.

Contact: privacy@novansa.com

1. Our approach to privacy

CalmerFlow is a productivity app, and we understand that your task and project data can be personal. We collect only what we need to deliver the service, we store it securely, and we do not sell it.

2. Legal basis for processing (GDPR)

Novansa OÜ is subject to the General Data Protection Regulation (GDPR). We process your data on the following legal bases:

  • Operating your account and delivering the service: Performance of contract (Article 6(1)(b))
  • Payment processing: Performance of contract (Article 6(1)(b))
  • Analytics to improve the app: Legitimate interests (Article 6(1)(f))
  • Service communications: Performance of contract (Article 6(1)(b))
  • Marketing communications (opted-in): Consent (Article 6(1)(a))
  • Legal compliance: Legal obligation (Article 6(1)(c))

3. What data we collect

Account data: Email address, display name (required, but does not need to be your real name), and hashed password. You may optionally add a profile picture or avatar (which does not need to be a photograph of you).

App usage data: Records of features you use, session activity, and any preferences or settings you configure.

Task and board data: We store the tasks, boards, and other content you create in CalmerFlow to provide the service.

Device and technical data: Device type, operating system, app version, and IP address.

Location and locale data: Country (inferred or provided by you), time zone, and language or locale preferences. This data is used to deliver a localised experience and is not used to track your precise location.

Payment data: Subscription and billing status, received from Paddle. We do not store full payment card details.

4. How we use your data

We use your data to:

  • create and manage your account
  • deliver CalmerFlow’s features
  • personalise content recommendations (including via AI where applicable)
  • process payments and manage your subscription
  • respond to support requests
  • send service notifications
  • improve the app through aggregated analytics
  • meet legal obligations

We do not use your data to train AI models.

5. Third-party services

We use the following third-party services:

Supabase: Database and authentication — Account data, task and board data.

Paddle: Payment processing — Payment and billing information.

OneSignal: Push notifications — Device identifiers, notification preferences.

Analytics provider (e.g. PostHog or Mixpanel): App usage analytics — Pseudonymised usage data.

AI provider (e.g. Anthropic or OpenAI): AI-powered features (where present) — Limited task data to process AI requests.

We have Data Processing Agreements with these providers where required by GDPR.

6. Data transfers outside the EEA

Where personal data is transferred outside the EEA, we use appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission.

7. How long we keep your data

Account data: Until deletion, plus 30 days.

Task and board data: Until deletion, plus 30 days.

Usage analytics: 24 months (aggregated/anonymised).

Payment records: 7 years (legal/tax compliance).

Backup copies: Up to 90 days after primary deletion.

8. Your rights

Under GDPR, you have the right to:

  • Access — request a copy of your data
  • Correction — fix inaccurate data
  • Deletion — request deletion of your data
  • Portability — receive your data in a machine-readable format
  • Restriction — limit how we use your data
  • Objection — object to legitimate-interest processing
  • Withdraw consent — where processing is consent-based

Contact us at privacy@novansa.com. We will respond within 30 days.

You may also complain to the Estonian Data Protection Inspectorate (aki.ee) or your local data protection authority.

9. Data security

We protect your data through:

  • TLS encryption in transit and encryption at rest
  • access controls on personal data
  • secure, hardened server infrastructure
  • regular security reviews

To report a security concern: security@novansa.com

10. Cookies and tracking

CalmerFlow may use cookies or similar technologies for session management and analytics. You can manage these through your device or browser settings.

11. Children’s data

CalmerFlow is for users 18 and over. We do not knowingly collect data from minors and will delete any such data if discovered.

12. Changes to this policy

We will notify you of material changes by email or in-app notification before they take effect.

13. Contact us

Novansa OÜ

Sepapaja tn 6, 15551 Tallinn, Harju Maakond, Estonia

Email: privacy@novansa.com