Privacy Policy
Effective: June 25, 2026
This Privacy Policy explains how POLENEST ("we", "us", "our") collects, uses, and protects information when you use our services, including websites at polenest.com and our mobile applications (collectively, the "Service"). Polenest is designed as a local-first planner: schedules, memos, tasks, workspace items, settings, attachments, and generated share images are stored on your device by default unless you choose to use an account, group, cloud backup, calendar sync, purchase verification, or support feature that requires network processing.
1. Information We Collect
- Account information: email address, display name, and authentication identifiers when you sign in (e.g., Google, Apple).
- Local app content: schedules, memos, tasks, workspace pack records, preferences, attachments, and exported/shared images you create in the mobile app. This content remains on your device by default and is not uploaded to our servers unless you explicitly use a connected feature.
- Optional group and shared workspace data: when you create or join a group, we may process group names, descriptions, colors, owner and member identifiers, member roles, invite codes and expiry times, group schedules, labels, patterns, handovers, and created/updated metadata needed to operate the group.
- Optional calendar integration data: if you connect a system calendar or Google Calendar, the app may read, create, or update calendar events according to the sync options you enable. Google Calendar connection data is handled through Google Sign-In and the Google Calendar API.
- Purchase and entitlement data: product ID, platform, purchase status, expiry date, cancellation or refund status, transaction identifiers, hashed purchase or receipt token, and related entitlement records. We do not receive or store full card numbers or payment account credentials.
- Usage, analytics, and diagnostic data: app events, feature usage, crash logs, device type, operating system version, IP address, and diagnostic data used to maintain and improve the Service. We do not use this data for cross-app tracking.
- Device permissions (mobile app): the app requests permissions only when needed for specific features. None of this data leaves your device unless you explicitly initiate the related feature.
- Camera: used solely to scan QR codes (e.g., importing a shared schedule). Images are processed on-device and are not uploaded or stored.
- Calendar (read/write): optional. Used only to sync events you choose to share with the system calendar.
- Notifications: to deliver reminders and alarms you set.
- Biometric (fingerprint/face): optional, used locally for app lock; biometric data never leaves the device.
- Exact alarm / boot completed / wake lock: to deliver scheduled reminders reliably across reboots.
2. How We Use Information
- To provide, maintain, and improve the Service.
- To authenticate you and protect your account.
- To operate optional group, sync, cloud backup, purchase verification, notification, and support features that you choose to use.
- To verify purchases, restore access, and reflect refunds, cancellations, or entitlement changes.
- To respond to support inquiries.
- To comply with legal obligations.
3. Data Retention
Local app content remains on your device until you delete it, uninstall the app, or remove the local app data from your device. Account, group, purchase, notification, support, and diagnostic records stored on our servers or by our service providers are retained while needed to provide the selected feature, resolve disputes, comply with law, or protect the Service. You may request deletion at any time (Section 7).
4. Sharing
We do not sell your personal information. We may share information with:
- Service providers who process data on our behalf, such as authentication, database, hosting, analytics, crash reporting, push notification, calendar sync, purchase verification, and entitlement infrastructure providers.
- App stores and payment processors when needed to process in-app purchases, subscriptions, refunds, cancellations, and purchase restoration.
- Other group members when you create, edit, or share information inside a group or shared workspace feature.
- Legal authorities when required by law or to protect rights and safety.
5. Data Processors
- Google LLC / Firebase (Authentication, Cloud Firestore, Cloud Functions, Hosting, FCM, Crashlytics, Analytics)
- Google LLC / Google Play, Google Sign-In, Google Calendar API, and Google Mobile Ads on Android where enabled
- Apple Inc. (Sign in with Apple, App Store in-app purchases, and device calendar services where used)
- Cloudflare, Inc. (purchase entitlement verification and related server infrastructure where used)
6. International Transfers
Our service providers may store and process data outside of your country, including in the United States. We rely on appropriate safeguards (e.g., standard contractual clauses) where required.
7. Your Rights — Account & Data Deletion
Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal information, or object to certain processing.
How to delete your account:
- By email: Send a message to [email protected] from the email address linked to your account, with subject "Account deletion request". We process the request within 7 business days.
- In-app (if available in your app version): Settings → Account → Delete account → Confirm.
Partial data deletion (without deleting your account): individual schedules, plans, and memos can be deleted directly within the app. For other scopes, email [email protected].
Data that will be deleted: account information (email, display name, authentication identifiers); server-side user profile, point, purchase entitlement, notification, and account-linked diagnostic records where applicable.
Shared group data: if you joined or created a group, account deletion removes or disconnects your member identifier from group records where technically possible. Group content that is visible to other members may remain as shared group data unless the group owner or an authorized member deletes the group or the specific content.
Data that may be retained: backup/recovery data is removed within 90 days of the deletion request. Records required by applicable law (e.g., transaction logs, communication records) are retained for the legally mandated period. Anonymized analytics data with no personally identifiable information may be retained indefinitely in non-identifying form.
8. Children
The Service is not directed to children under 13 (or under 14 where applicable in Korea). We do not knowingly collect personal information from children.
9. Cookies and Similar Technologies
Our website uses essential technologies for site functionality and Google Analytics to understand aggregated website traffic. We do not use advertising cookies on polenest.com. The Android app may show non-personalized Google Mobile Ads in free areas where ads are enabled. The iOS app does not use advertising tracking or App Tracking Transparency tracking.
10. Security
We use commercially reasonable measures to protect your information, but no method of transmission or storage is 100% secure.
11. Changes to This Policy
We may update this policy from time to time. The "Effective" date above will be updated when changes are made.
12. Contact
Note: This policy is written for the current Polenest mobile app pages, support pages, and browser game pages. Product-specific privacy pages may provide narrower details for each app. Korean-language version available at /ko/privacy.