Privacy Policy
Last updated: March 8, 2026
1. Information We Collect
When you use KleanWork, we collect the following information:
- Account information: Name, email address, and profile image (if you sign in with Google).
- Content you create: Tasks, projects, notes, daily log entries, comments, and task requests.
- Vault data: Password vault entries are encrypted with AES-256-GCM using a key derived from your vault password. We never have access to your vault password or decrypted vault data.
- Usage data: Activity logs (task creation, updates, deletions) for workspace audit purposes.
- Technical data: IP address, browser type, and timestamp for security and rate-limiting purposes. We do not use tracking cookies or third-party analytics.
2. How We Use Your Information
- To provide and maintain the KleanWork service.
- To authenticate your identity and manage your account.
- To send transactional emails (verification, password reset, workspace invitations).
- To generate AI-powered weekly reports (task data is sent to Anthropic for processing; no personal identifying information beyond task content is included).
- To prevent abuse and enforce rate limits.
3. Data Storage & Security
Your data is stored in a PostgreSQL database hosted by Neon (EU region). The application is hosted on Vercel. All data is transmitted over HTTPS. Passwords are hashed with bcrypt (12 rounds). Vault entries use client-side AES-256-GCM encryption — the server never sees your vault password.
4. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Vercel | Hosting & CDN | All application data (encrypted in transit) |
| Neon | Database hosting | All application data (encrypted at rest) |
| Resend | Transactional email | Email addresses, workspace names |
| Anthropic | AI weekly summaries | Aggregated task data (titles, stats, no emails/passwords) |
| OAuth sign-in (optional) | Email, name, profile image |
5. Your Rights (GDPR)
You have the right to:
- Access: View all data we hold about you.
- Export: Download your data in JSON format from your Profile page.
- Deletion: Permanently delete your account and all associated data from your Profile page.
- Rectification: Update your personal information from your Profile page.
6. Data Retention
We retain your data for as long as your account is active. When you delete your account, all associated data is permanently deleted immediately. Workspace data shared with other members (e.g., tasks you created) may be retained for the workspace but de-associated from your account.
7. Cookies
KleanWork uses only essential cookies required for the application to function:
- Session cookie (authjs.session-token): Maintains your login session. Expires after 7 days.
- Workspace cookie (cleanup-active-workspace): Remembers your active workspace. Session-based.
We do not use advertising, analytics, or third-party tracking cookies.
8. Contact
For any privacy-related questions, please contact us at privacy@cleanup.app.