Privacy Policy

1. Our Privacy Commitment

PTO Optimizer is built to respect your privacy:

• No tracking cookies - We don't use cookies for tracking or advertising
• No third-party trackers - No Google Analytics, Facebook Pixel, or similar services
• Minimal data collection - We only collect what's necessary for the service
• No data selling - We never sell your personal information
• EU-based infrastructure - Data is processed within the European Union

2. Data We Collect

2.1 For Free Users (No Account)

When using PTO Optimizer without an account:

• Optimization calculations - Performed entirely in your browser; no data sent to our servers
• Usage counter - Stored in your browser's local storage to track free tier limits
• Anonymous analytics - Page views only, no personal data (via Plausible Analytics)

2.2 For Registered Users

When you create an account, we collect:

• Email address - For account identification and important notifications
• Password - Stored securely using PBKDF2 with 600,000 iterations (OWASP recommended)
• Name (optional) - For personalization if you provide it

2.3 For Paying Subscribers

In addition to registered user data:

• Payment information - Processed by Stripe; we never see your full card number
• Subscription status - To provide Pro features
• Billing history - Managed by Stripe for your records

3. How We Use Your Data

We use your data only for:

• Providing the service - Account management, authentication, Pro features
• Processing payments - Subscription billing through Stripe
• Service communications - Password resets, important account notifications
• Improving the product - Anonymous, aggregated usage statistics

We do not use your data for advertising, profiling, or selling to third parties.

4. Data Storage & Security

• Hosting - Cloudflare Pages (global CDN with EU data processing)
• Database - Cloudflare D1 (SQLite, EU region)
• Payments - Stripe (PCI-DSS Level 1 certified)
• Encryption - All data transmitted over HTTPS/TLS 1.3
• Password security - PBKDF2-SHA256 with 600,000 iterations and unique salt

5. Third-Party Services

We use these carefully selected third-party services:

6. Your Rights (GDPR/CCPA)

You have the right to:

• Access - Request a copy of your personal data
• Rectification - Correct inaccurate personal data
• Erasure - Request deletion of your account and data
• Portability - Export your data in a machine-readable format
• Objection - Object to processing of your data
• Withdraw consent - Withdraw consent at any time

To exercise any of these rights, contact us at privacy@ptooptimizer.com

7. Data Retention

• Account data - Retained while your account is active
• Deleted accounts - Data erased within 30 days of account deletion
• Payment records - Retained as required by law (typically 7 years)
• Analytics data - Aggregated, anonymous, no personal data retained

8. Cookies

We use only essential cookies required for the service to function:

• Session cookie - Keeps you logged in (if you have an account)

We do not use cookies for tracking, advertising, or analytics.

9. Children's Privacy

PTO Optimizer is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email. Continued use of the service after changes constitutes acceptance of the updated policy.