Home / Docs / Privacy & Security

Privacy & Security

Your data belongs to you. Learn how HyperPlanner protects your privacy and keeps your information secure.

1. Privacy First Philosophy

At HyperPlanner, we believe that your productivity data is deeply personal. Your tasks, goals, and schedules reveal how you think and work. That information should remain yours and yours alone.

Our Core Promise

HyperPlanner is built offline-first. Your data lives on your device by default. We cannot see, access, or monetize your tasks, notes, or personal information. Period.

What "Offline-First" Means

Unlike cloud-dependent productivity apps, HyperPlanner works entirely without an internet connection. When you open the app:

  • No server calls required: All features work instantly, even in airplane mode
  • No account needed: Use Demo Mode indefinitely without ever sharing personal information
  • No tracking pixels: We don't embed analytics that follow you across the web
  • No data harvesting: Your task data is never collected, analyzed, or sold

Your Data Stays Yours

We designed HyperPlanner with a simple principle: if we never have your data, we can never misuse it. This architecture means:

  • Government requests cannot reveal data we don't possess
  • Data breaches cannot expose information stored only on your device
  • Company acquisitions cannot transfer data we never collected
  • Policy changes cannot retroactively affect data we don't have
🔒

Local by Default

All data stored in your browser's local storage. Never uploaded without explicit consent.

🚫

No Tracking

Zero third-party analytics. No cookies for advertising. No behavioral profiling.

Full Control

Export everything anytime. Delete everything instantly. Your data, your rules.

🛡

Transparent Code

Our privacy practices are auditable. No hidden data collection endpoints.

2. Data Storage

Understanding where your data lives and how it's protected is essential for trusting any productivity tool. Here's exactly how HyperPlanner handles your information.

Local Storage in Browser

By default, all HyperPlanner data is stored locally using your browser's built-in storage APIs. This includes:

Data Type Storage Location Encryption
Tasks & Events IndexedDB (local) Optional AES-256
Layout Preferences LocalStorage Not encrypted
Theme Settings LocalStorage Not encrypted
Automation Rules IndexedDB (local) Optional AES-256
Attachments IndexedDB (local) Optional AES-256

Storage Limits

Browser local storage typically allows 50MB-unlimited depending on your browser settings. For heavy users with thousands of tasks and attachments, we recommend enabling sync which provides additional cloud backup with full encryption.

End-to-End Encryption for Sync

When you enable optional sync to use HyperPlanner across multiple devices, all data is protected with end-to-end encryption (E2EE). This means:

  • Encryption happens on your device
    Before any data leaves your browser, it's encrypted using AES-256-GCM with a key derived from your password
  • We never see your data
    Our servers only store encrypted blobs. Without your encryption key, the data is unreadable
  • Decryption happens on your device
    When syncing to another device, the encrypted data is downloaded and decrypted locally
  • Keys never leave your control
    Your encryption key is derived from your password and never transmitted to our servers
# Encryption Process (simplified) 1. User data + Password -> PBKDF2 -> Encryption Key 2. Encryption Key + Data -> AES-256-GCM -> Encrypted Blob 3. Encrypted Blob -> Sync to server 4. Server stores only: Encrypted Blob + Metadata (timestamps, not content) # We NEVER have access to: - Your raw task data - Your encryption key - Your password (only salted hash for authentication)

Important: Password Recovery

Because we use true end-to-end encryption, we cannot recover your data if you forget your password. Your encryption key is derived from your password. No password = no key = no data recovery. We strongly recommend setting up a recovery key during account creation.

Data Export Options

You can export all your data at any time in multiple formats:

  • JSON: Complete data export including all metadata
  • ICS: Calendar events compatible with any calendar app
  • CSV: Task lists for spreadsheet analysis
  • Markdown: Human-readable notes and task descriptions

3. Account Security

If you choose to create an account for sync and additional features, we implement industry-leading security practices to protect your credentials and sessions.

Password Requirements

Strong passwords are your first line of defense. HyperPlanner enforces the following requirements:

Password Standards

Minimum 12 characters with at least: one uppercase letter, one lowercase letter, one number, and one special character. We check against databases of known compromised passwords and reject commonly used combinations.

Requirement Details
Minimum Length 12 characters (16+ recommended)
Character Types Must include uppercase, lowercase, number, and symbol
Breach Check Compared against HaveIBeenPwned database (k-anonymity)
Common Patterns Rejects "password123", keyboard walks, etc.
Password Storage Argon2id hashing with unique salt per user

Two-Factor Authentication (2FA)

Add an extra layer of security by enabling two-factor authentication. Even if someone obtains your password, they cannot access your account without the second factor.

📱

Authenticator Apps

Use Google Authenticator, Authy, 1Password, or any TOTP-compatible app.

🔑

Hardware Keys

YubiKey, Titan, and other WebAuthn/FIDO2 security keys supported.

📧

Email Codes

Backup option for one-time codes sent to your verified email.

💾

Recovery Codes

10 single-use backup codes generated when you enable 2FA.

Store Recovery Codes Safely

When you enable 2FA, save your recovery codes in a secure location (password manager, safe deposit box). If you lose access to your authenticator and don't have recovery codes, account recovery is extremely limited to protect against social engineering attacks.

Session Management

HyperPlanner gives you full visibility and control over your active sessions:

  • View all sessions: See every device and browser where you're logged in
  • Session details: IP address, device type, browser, location, and last activity
  • Remote logout: End any session instantly from any device
  • Logout all: Sign out of all devices with one click
  • Session timeouts: Configure automatic logout after inactivity (default: 30 days)
# Session Security Features - Sessions expire after 30 days of inactivity (configurable) - Sensitive actions require re-authentication - IP change detection triggers security notification - Concurrent session limit: 10 devices (configurable) - Session tokens use secure, httpOnly cookies

Login Notifications

Receive alerts when your account is accessed:

  • Email notification for new device logins
  • Alerts for logins from new locations
  • Notifications for failed login attempts
  • Weekly security summary (optional)

4. AI Privacy

HyperPlanner offers optional AI-powered features to help with task organization and smart suggestions. We designed these features with privacy at their core.

AI is Off By Default

All AI features are disabled by default. You must explicitly opt-in to use them. HyperPlanner is fully functional without any AI assistance.

How AI Features Work

When you choose to enable AI features, here's exactly what happens with your data:

AI Feature Data Used Processing
Smart Suggestions Current task text only On-device model (no server)
Natural Language Parsing Input text On-device model (no server)
Task Prioritization Task metadata (anonymized) Optional cloud processing
Schedule Optimization Time patterns (anonymized) Optional cloud processing

We Never Train On Your Data

This is non-negotiable. Your personal task data, notes, and schedules are never used to train AI models. Here's our commitment:

🚫

No Training Data

Your tasks, notes, and schedules are never used to train or improve AI models.

🔒

No Data Retention

Cloud AI requests are processed and immediately discarded. No logs kept.

🌐

On-Device First

Most AI features run entirely on your device using lightweight models.

👁

Full Transparency

Clear indicators show when any data is processed off-device.

AI Data Controls

You have complete control over AI features:

  • Global toggle: Turn all AI features on/off with one switch
  • Per-feature control: Enable only the specific AI features you want
  • On-device only mode: Restrict AI to local processing only
  • Data review: See exactly what data is sent for cloud processing
  • Instant deletion: Remove any AI-related data from our systems

Third-Party AI Providers

When cloud AI features are enabled, processing is handled by vetted providers under strict data processing agreements. We only work with providers who commit to not training on customer data and who meet our security standards.

5. Third-Party Data Sharing

Let's be direct: we do not sell your data. Not to advertisers, data brokers, or anyone else. Your information is not our product.

Our Business Model

HyperPlanner makes money through optional premium subscriptions, not by selling user data. Your productivity information has no place in advertising or data markets.

What We Never Share

  • Your task content, notes, or descriptions
  • Your schedule or calendar events
  • Your personal information (email, name, etc.)
  • Your usage patterns or behavioral data
  • Any data that could identify you personally

Limited Sharing Circumstances

The only circumstances where any information might be shared:

Circumstance What's Shared Why
Payment Processing Billing info to Stripe Required for subscriptions
Email Delivery Email address to provider Send notifications you requested
Legal Requirements Minimal data if legally compelled Court orders with valid jurisdiction
Your Consent Whatever you explicitly approve Integrations you enable

Integration Privacy

When you connect HyperPlanner to third-party services (calendar sync, etc.), data sharing is governed by those services' privacy policies. We provide:

  • Clear disclosure of what data each integration accesses
  • Granular permissions - share only what's needed
  • Easy disconnection that revokes all access
  • No data retained after integration is removed

Review Third-Party Policies

Before enabling integrations, review the privacy policies of connected services. While we protect your data within HyperPlanner, third-party services operate under their own policies.

6. GDPR/CCPA Compliance

HyperPlanner is designed to comply with major privacy regulations including the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

Your Rights Under GDPR

If you're in the European Economic Area, you have the following rights:

🔍

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Correct any inaccurate personal data we have.

🗑

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Restrict

Limit how we process your personal data.

📦

Right to Portability

Receive your data in a machine-readable format.

Right to Object

Object to processing of your personal data.

Your Rights Under CCPA

If you're a California resident, you have the right to:

  • Know: What personal information we collect and how it's used
  • Delete: Request deletion of your personal information
  • Opt-out: Opt-out of the sale of personal information (we don't sell, but you can still opt-out)
  • Non-discrimination: Equal service regardless of privacy choices

Exercising Your Rights

To exercise any of these rights, go to Settings > Privacy > Data Rights, or email privacy@hyperplanner.app. We respond to all requests within 30 days.

Data Processing Basis

We process your data under the following legal bases:

Data Processing Legal Basis
Account creation & management Contract performance
Optional sync features Consent (opt-in)
AI features Consent (opt-in)
Security & fraud prevention Legitimate interest
Legal compliance Legal obligation

Data Retention

We retain your data only as long as necessary:

  • Local data: Stored indefinitely on your device until you delete it
  • Synced data: Retained while your account is active, deleted within 30 days of account closure
  • Account data: Deleted within 30 days of account deletion request
  • Backup retention: Encrypted backups purged within 90 days of deletion

7. Security Best Practices

While HyperPlanner implements strong security measures, your personal practices are equally important. Follow these recommendations to maximize your security.

Password Security

Use a Password Manager

Password managers like 1Password, Bitwarden, or Dashlane generate and store strong, unique passwords for every service. This is the single best thing you can do for your online security.

  • Never reuse passwords: Use a unique password for HyperPlanner
  • Make it long: 16+ characters is significantly stronger than 12
  • Use passphrases: "correct-horse-battery-staple" is stronger and easier to remember than "Tr0ub4dor!"
  • Enable 2FA: Add a second layer of protection to your account

Device Security

  • Lock your devices: Use strong PINs, passwords, or biometrics
  • Keep software updated: Install browser and OS updates promptly
  • Use secure connections: Avoid accessing HyperPlanner on public WiFi without a VPN
  • Log out on shared devices: Never stay logged in on computers others can access

Browser Security

# Recommended Browser Settings - Enable HTTPS-only mode - Block third-party cookies - Use a reputable ad blocker - Keep browser updated - Review extension permissions regularly # HyperPlanner Works Best On: - Chrome/Edge 90+ (recommended) - Firefox 88+ - Safari 14+

Recognizing Threats

Be aware of common attack vectors:

📧

Phishing Emails

We never ask for your password via email. Check sender addresses carefully.

🌐

Fake Websites

Always verify you're on hyperplanner.app. Check for HTTPS lock icon.

💻

Malware

Only install HyperPlanner from official sources. Keep antivirus updated.

👤

Social Engineering

Support will never ask for your password. Verify requests through official channels.

Report Security Issues

Found a security vulnerability? Please report it responsibly to security@hyperplanner.app. We have a bug bounty program and appreciate security researchers who help keep our users safe.

Regular Security Checkup

Perform these checks periodically:

  • Review active sessions
    Go to Settings > Security > Sessions and remove any you don't recognize
  • Update your password
    Change your password every 6-12 months, especially if you've used it elsewhere
  • Verify 2FA is enabled
    Confirm your two-factor authentication is active and recovery codes are saved
  • Check connected apps
    Review integrations and remove any you no longer use
  • Export your data
    Keep regular backups of your data in case you need to recover it

Questions or Concerns?

We take privacy and security seriously. If you have any questions about this document, your data, or our practices, please reach out:

  • Privacy questions: privacy@hyperplanner.app
  • Security reports: security@hyperplanner.app
  • Data rights requests: Settings > Privacy > Data Rights
  • General support: support@hyperplanner.app

Policy Updates

We may update this document as our practices evolve or regulations change. Significant changes will be communicated via email and in-app notifications. Last updated: November 2025.

← Getting Started Back to Docs →